Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner (https://www.trojaner-board.de/120139-2-fach-fund-pup-offerbundler-st-malwarebyte-meinem-rechner.html)

Knobelhannes 22.07.2012 19:02
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner
 
Hallo Community.

Erstmal ein Hallo, da ich neu hier bin. (2.Thema da ich das 1 wohl falsch gepostet hatte, daher auch das möglicherweise irritierende Datum)

Nach Datensicherung eines alten Laptops von einem Comp-Spezi und dessen Hinweis auf evtl. Viren bzw. deren Namen bin ich über Google zu Euch gestoßen. Nach Durchlesen mehrere Threads habe ich Sicherheitshalber Malwarebyte installiert und einen Fund.

Das Logfile liest sich so:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

14.07.2012 09:49:32
mbam-log-2012-07-14 (09-49-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231739
Laufzeit: 1 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_winsetupfromusb.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Problem hab ich m.E. nach nur eins, manchmal habe ich beim Kaltstart einen Grafikbug, der aber mit meiner GraKa und deren Treiber + Win7 zusammenhängen kann. Habe ich zumindest gelesen. Jedenfalls muß sich Win7 dann neu starten und scheint einwandfrei zu funktionieren.

Ich mach auch noch einen vollständigen Scan. und poste diesen hier in diesem Thema. Vielen Dank für Hiilfen und Beistand im voraus.

Internet Explorer nutze ich nicht, mir zu unsicher.
Ich nutze Firefox 13.0.1 mit folgenden Addons:
Adblockplus 2.1.1
Browserprotect 1.1.3
Cookie-Killer 1.0.12
Dr. Web Anti -Virus Link Checker 2.7.0


Avira Vollscan und Malwarebyte Fullscan haben nach Einstellen der Quarantäne keine weiteren Befunde ergeben.


Der OTL-Scan ergab folgendes:
Zitat:
OTL.txt:OTL logfile created on: 22.07.2012 19:43:50 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Wir Zuhause\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,31% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 239,06 Gb Free Space | 79,71% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,78 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
Drive F: | 236,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.22 19:13:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Downloads\OTL.exe
PRC - [2012.06.27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.06.17 10:14:46 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.20 12:04:47 | 001,412,096 | ---- | M] (Mirko Böer Softwareentwicklungen) -- C:\Program Files (x86)\MT\MT.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.17 10:14:46 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.12 00:24:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.06.17 10:14:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ABDADF06-9C5F-4467-ADBD-A50FFE434085}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: browserprotect@browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledItems: cookiekiller@joseph.moran:1.0.11
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 11:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]

[2011.01.13 00:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.05.11 11:35:54 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\browserprotect@browserprotect.com
[2011.01.15 10:21:24 | 000,000,000 | ---D | M] (external IP) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\externalip@erik.morlin
[2012.04.23 12:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.26 23:33:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.03 09:11:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.07.03 09:11:29 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2012.07.08 21:39:29 | 000,164,885 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
[2011.09.16 22:46:13 | 000,057,127 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\COOKIEKILLER@JOSEPH.MORAN.XPI
[2012.06.17 10:14:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:21:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.23 12:02:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.23 12:02:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.23 12:02:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.23 12:02:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.23 12:02:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.23 12:02:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013C6BA5-3355-4F15-BB34-6AAF6CD4B685}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.27 08:01:20 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{95549dd1-2402-11e0-afd2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95549dd1-2402-11e0-afd2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Menu.exe -- [2009.02.27 08:01:20 | 000,367,104 | R--- | M] ()
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\kerstin
[2012.07.14 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2012.07.14 09:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\Hearts of Iron 2
[2012.07.05 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2012.07.05 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.05 13:58:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.05 13:58:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.05 13:58:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.03 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.03 19:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.03 19:29:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.07.03 19:29:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.07.03 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.07.03 09:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.07.03 09:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.07.03 09:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.06.27 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\Programs
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\ArcSoft
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012.06.27 14:43:03 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012.06.27 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.06.27 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft

========== Files - Modified Within 30 Days ==========

[2012.07.22 19:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 19:16:02 | 000,000,000 | ---- | M] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.22 19:06:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 17:06:45 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 17:06:45 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 17:04:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 17:04:17 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 17:04:17 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 17:04:17 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 17:04:17 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 16:59:35 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 16:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 16:59:17 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 16:04:07 | 248,897,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.18 11:12:33 | 010,836,596 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.18 11:11:56 | 008,126,925 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:07 | 010,512,919 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.17 22:02:59 | 029,431,903 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.11 21:50:50 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 14:17:31 | 000,015,322 | ---- | M] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 14:42:59 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk

========== Files Created - No Company Name ==========

[2012.07.22 19:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.20 16:04:07 | 248,897,299 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.18 11:11:51 | 008,126,925 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:00 | 010,512,919 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.18 10:32:43 | 010,836,596 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.17 21:59:40 | 029,431,903 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.10 14:17:30 | 000,015,322 | ---- | C] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 19:29:15 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.07.03 19:28:10 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.06.27 14:42:59 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.21 13:38:51 | 000,100,159 | ---- | C] () -- C:\ProgramData\1329824262.bdinstall.bin
[2012.01.21 13:55:01 | 000,314,077 | ---- | C] () -- C:\ProgramData\1327146115.bdinstall.bin
[2012.01.21 13:39:35 | 000,102,491 | ---- | C] () -- C:\ProgramData\1327145953.bdinstall.bin
[2012.01.11 11:26:26 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{770631B1-B43D-456E-8BAD-2F0B02957066}
[2011.11.08 08:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{9A89FF69-F7B9-4CD0-9B02-6728492FFC6D}
[2011.10.27 16:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{4C9748DF-FB2F-4E70-8833-66719F23A638}
[2011.10.24 10:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{A6413DDB-12ED-4DD5-95B7-AF51B2D42B56}
[2011.07.12 06:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{B4D045BD-854D-48C9-8D3E-E4A940095CA7}
[2011.06.28 21:23:07 | 000,007,611 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\Resmon.ResmonCfg
[2011.04.28 09:49:18 | 000,012,288 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 21:03:36 | 000,000,053 | ---- | C] () -- C:\Windows\COLONIZ.INI
[2011.03.15 22:03:53 | 000,590,145 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.01.30 15:39:09 | 000,000,161 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Roaming\default.rss

========== LOP Check ==========

[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.11.29 11:59:22 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.20 00:54:52 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.12 19:32:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
und die extras.txt:
Zitat:
TL Extras logfile created on: 22.07.2012 19:43:50 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Wir Zuhause\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,31% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 239,06 Gb Free Space | 79,71% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,78 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
Drive F: | 236,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0E6AA1-8D90-46B5-8DAE-B9CC7C22A523}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{17B7A50B-398B-4B76-8FB4-0DC46B322875}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D283BB9-2DF8-415E-94A6-28562D91B487}" = rport=138 | protocol=17 | dir=out | app=system |
"{251A092F-E1ED-4532-ADF6-82505242F1DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BE25BA8-8680-41FF-8164-EB5691348C57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{34D245F1-947B-4445-B960-0421D00AD27C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F4347D7-AE9C-4642-9534-56468D503B13}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B3AFCEC-2003-4243-8063-7746B1914648}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BC9E324-75F1-4949-B51A-5BCBBCCE74D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DF0D0A1-E8BE-4644-A56B-5CA42FBA636F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E3A874F-FE16-4811-993E-7A88437C739B}" = rport=137 | protocol=17 | dir=out | app=system |
"{65D788B4-A4BD-4BF0-AF2B-45A8B8F88177}" = lport=137 | protocol=17 | dir=in | app=system |
"{69C21503-B436-439F-AEFA-AA02F918EEF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77E508E3-C4E9-4890-804C-0681B3014DA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87CE8D16-E5F9-4A1B-985B-D5DF4F0D25B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9812A523-D55A-4F3F-9F69-83B4A313518A}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8AD91C0-C3C5-4316-B247-D55FCB3F9F11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA01E426-5546-4558-9129-9F3B86D94C3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{C103AE74-BFBE-493F-AADF-BCDA5FBE8FC0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4A82D98-10B6-401C-84FE-BA807F0171FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA80D39E-8132-4A6B-B991-1189E6F09E26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CED0C482-CACB-4C21-8EB1-6F4520F341A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD87FC0E-A401-4AED-8D83-2F75BCC75644}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C4FCD1-FEDB-4AB2-9B5E-8FC80A0704D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{108CA03A-E610-4872-B3BA-73E9DE5481DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10B76AAC-7177-4C70-84C1-7291806BE2C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1D8F2028-7C4E-422C-9FF1-0B1DCCB76420}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{250F7A46-C776-4C2A-98F7-D0A2A9D96A8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2DE9B185-C313-4951-AE60-1E2758BF88F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4353C613-0F7E-41DF-A96A-42711E9A7FD1}" = protocol=6 | dir=out | app=system |
"{4EEE3A99-85BA-4BF6-B775-F116A9FD9900}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CE51CCC-B3FD-48E3-AABB-649C64612E3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DF82CC2-DBE9-4ED9-B257-BE51AF7FF30E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F428BA3-45F7-4695-81CC-010D1DCADDC5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A358A35-732D-4540-9B69-225F772EBF01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BEB8E42-B0B7-4CE5-B0B5-EEB503235035}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8348E6E4-B2C9-4EC5-8BB9-5EDEB63C00E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8645839B-0D7A-4397-8DC8-B3EB7CA1CD54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B091303-1387-49D0-82B5-C4525924AA6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D72761E-72B0-4EB9-93B7-2377C29D9425}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE651608-F8F1-41E7-9A2B-60687B30B6F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7FC6A66-13B0-4677-ACFF-AC8A053BDBCF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7554388-9A2C-4F69-87DF-9A78590EF08F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2AB731B-E109-4F0D-89E4-A3736A65CB39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8078649-4590-4E88-85DD-45021AA716F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA9B5202-9054-480F-A531-0C9E835B4392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F00AB2F0-2738-46BA-8560-7FA637823F41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F931B3E3-E92F-43C9-80D8-04E71DE59469}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{26141450-73CC-4A17-B6FD-72AC0E34F5F8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{2A3707E7-BE7B-4BFF-B544-040CA6D1DF9D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{5C2A092C-2FBE-4E3C-951D-71F494E8847F}D:\spiele\patgoldii\patrizier 2.exe" = protocol=6 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"TCP Query User{8B4138BD-2897-4348-97A8-76B6E733192D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{8D118FBB-98C0-4D47-A480-E85E079087A9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D6BA94A0-8049-4AA0-90E9-9AE7A5696358}D:\spiele\patgoldii\patrizier 2.exe" = protocol=6 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"TCP Query User{EE34ED6C-2BE1-4D03-BAC9-0BE3E1B12A63}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{F6411B29-8128-43CF-90C1-E04558F06251}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{1EA21E7B-0174-4C5C-B777-84E20C47A07F}D:\spiele\patgoldii\patrizier 2.exe" = protocol=17 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"UDP Query User{A5B64128-9EDA-4F9A-9036-3655FC3B88EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B49DD184-2FAB-447A-AD4B-3D095541F8C0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C4B2C8B0-9791-43A4-A1C1-DE14BC9E3FBC}D:\spiele\patgoldii\patrizier 2.exe" = protocol=17 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"UDP Query User{D3608C81-CF3D-42C7-8ADB-334E5859B3F6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DA65D40A-91C8-4A3A-AF9F-1B2675754A16}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{E4DD8DEF-6974-4961-BDA4-11012F5BA81E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{E657FA62-6FD9-490C-AF5B-C7F7919B2663}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"CCleaner" = CCleaner
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.2 (DX11)
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7BF1DD4A-8DBF-48C9-8B74-E6DAE4C57B31}" = Cleanse Uninstaller Pro
"{7cf1e8aa-b0db-4a85-8359-ba9b67df120c}" = Nero 9 Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A10F7877-4276-416C-9F22-CB56C0CB2700}" = Medieval - Total War - Gold Edition
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1384098-6838-4FE9-9035-B0F348A03402}_is1" = Disciples III Version 1.06.3
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9F0B814-4CBE-4DE2-83B2-C0D770CF9CA6}" = ArcSoft MediaImpression
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.0.0 Beta 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FormatFactory" = FormatFactory 2.90
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Liveupdate4_is1" = Liveupdate4
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MeineTraffic" = Meine Traffic 2.20
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Patrizier II Gold_is1" = Patrizier II Gold
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Winamp" = Winamp
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.04.2012 03:22:14 | Computer Name = Knobelbecher | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 06.04.2012 13:30:58 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 06.04.2012 13:30:58 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 06.04.2012 19:16:01 | Computer Name = Knobelbecher | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 07.04.2012 03:28:26 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 03:28:26 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:09:54 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:09:54 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:26:09 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:26:09 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ System Events ]
Error - 17.07.2012 15:34:39 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 17.07.2012 15:36:09 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 17.07.2012 15:39:06 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 18.07.2012 07:10:37 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 18.07.2012 08:33:15 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 19.07.2012 08:37:23 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 19.07.2012 12:38:39 | Computer Name = Knobelbecher | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.102 registriert werden. Der Computer mit IP-Adresse 192.168.2.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 19.07.2012 16:26:56 | Computer Name = Knobelbecher | Source = BugCheck | ID = 1001
Description =

Error - 20.07.2012 10:04:20 | Computer Name = Knobelbecher | Source = BugCheck | ID = 1001
Description =

Error - 21.07.2012 05:30:37 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =


< End of report >
eine Riesen report k.A. :wtf:
Bin da überfordert :eek:


Vielen Vielen Dank für Hilfe


Grüße

cosinus 25.07.2012 13:36
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Knobelhannes 25.07.2012 22:00
Gruß, Vielen Dank.

Die "älteren" Scans-Logs
Der erste mit Fund:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

14.07.2012 09:49:32
mbam-log-2012-07-14 (09-49-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231739
Laufzeit: 1 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_winsetupfromusb.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
andere nachfolgende ohne Fund

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

15.07.2012 10:41:17
mbam-log-2012-07-15 (10-41-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450351
Laufzeit: 44 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

14.07.2012 11:10:56
mbam-log-2012-07-14 (11-10-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450239
Laufzeit: 45 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hatte zwischenzeitlich mehrfach vollständige Scans mit Malwarebytes durchgeführt..waren Kein Funde....
Und Heute? 2 Stück, So eine Sch.....

Alles in Quarantäne (sind jetzt insgesamt nun mehr 4 Dateien)

Anbei alle vollständigen Malwarebytes-logs:
Der 1. von heute:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

25.07.2012 19:52:24
mbam-log-2012-07-25 (19-52-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426336
Laufzeit: 49 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\canon\treiber\iP3000\setup.exe (Spyware.Zbot.OUT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wir Zuhause\Pictures\Treiber\treiber\iP3000\setup.exe (Spyware.Zbot.OUT) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Der 2. von heute:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

25.07.2012 21:31:17
mbam-log-2012-07-25 (21-31-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426536
Laufzeit: 53 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset wird durchgeführt und folgt:

Der Eset Log

G ist eine externe Festplatte, welche eine alte Sicherung meines alten IBM Laptop darstellt.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=975091bfd61df34ca9b06fae1c4dca0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-26 12:33:24
# local_time=2012-07-26 02:33:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1759973 1759973 0 0
# compatibility_mode=5893 16776574 100 94 13432453 94879315 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=370822
# found=20
# cleaned=0
# scan_time=13352
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Wir Zuhause\Downloads\Notebook_Starter_Kit.zip        Win32/Adware.Linkular application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Wir Zuhause\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\57712.msi        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe        probably a variant of Win32/TrojanDownloader.Agent.BXGACSC trojan (unable to clean)        00000000000000000000000000000000        I
${Memory}        a variant of Win32/Toolbar.Widgi application        00000000000000000000000000000000        I
Ich hab keine Ahnung wie die ganzen Toolbars auf meinen Rechner kommen, da ich bevorzugt nur benutzerdefiniertes Setup mache, da ich eine Veränderung von meinem Firefox nicht leiden kann.


Zu den Malwares von heute...meine Freundin hatte freegmx nicht beendet (logout) und den Rechner die ganze Zeit on gehabt....kann da sowas passieren oder is dies nur von einer E-Mail mit Trojaner-Anhang möglich?

Vielen Dank für Eure Hilfe. Der Eset Scan hat fast 4 h gedauert...wenn ich das vorher gewußt hätte...

cosinus 26.07.2012 14:42
Code:
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (
Das kommt wenn Software von dieser sch. Seite Softonic lädt!

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Knobelhannes 26.07.2012 18:15
Jetzt bin ja auch schlauer *Schnüff*.
Mache es garantiert nicht wieder, aber manchmal ist es schwierig die richtigen Suchvariablen einzugeben um eben nich auf so einer vermüllten Seite zu landen....Sry


Die Log-Datei liest sich so
Code:
Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Wir Zuhause\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Wir Zuhause\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\pdfforge Toolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
[x64] Key Found : HKCU\Software\AppDataLow\Software\pdfforge
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\pdfforge
[x64] Key Found : HKCU\Software\Search Settings
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2434 octets] - [26/07/2012 19:12:10]

########## EOF - C:\AdwCleaner[R1].txt - [2562 octets] ##########

cosinus 26.07.2012 22:37
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Hätte dann mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?

Knobelhannes 26.07.2012 23:12
Gemacht:
Code:
# AdwCleaner v1.703 - Logfile created 07/26/2012 at 23:54:55
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Wir Zuhause - KNOBELBECHER
# Running from : C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Wir Zuhause\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Wir Zuhause\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Wise Solutions
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2551 octets] - [26/07/2012 19:12:10]
AdwCleaner[R2].txt - [2611 octets] - [26/07/2012 19:20:23]
AdwCleaner[R3].txt - [2671 octets] - [26/07/2012 23:54:46]
AdwCleaner[S1].txt - [2271 octets] - [26/07/2012 23:54:55]

########## EOF - C:\AdwCleaner[S1].txt - [2399 octets] ##########

1. Das Herunterfahren des Rechners geht gefühlt 30 mal schneller.
Das sofortige Herunterfahren des Rechners nach Schließen des Browser geht sofort ohne Warten auf Hintergrundprogramme, abgesehen von jetzt: adware.exe.
Edit1: Das Browseröffnen+Seite laden geht schneller mind. 3 mal so schnell

2. Kann sein, kann ich nicht so nachvollziehen. Tendiere zu Nein.

3. K.A. Hatte keine Toolbar, bzw. wenn hatte ich diese über andere Wege (manuelle Einstellung von Firefox) zumindest im Browser deaktiviert.
Aber entfernt wahrscheinlich genau jetzt über Adware.



4.!!!!!!!!! DANKE !!!!!!!!!!!!!!!!!!!!


Gruß Frank

cosinus 27.07.2012 08:15
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Knobelhannes 27.07.2012 10:24
Moin Moin,

Das OTL-Log von heute mit der heutig geladenen Version
Code:
OTL logfile created on: 27.07.2012 11:07:21 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Wir Zuhause\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,98% Memory free
8,00 Gb Paging File | 6,73 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 236,26 Gb Free Space | 78,78% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,84 Gb Free Space | 97,20% Space Free | Partition Type: NTFS
 
Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.27 11:04:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.25 19:07:58 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.25 19:07:58 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.17 10:14:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes\{ABDADF06-9C5F-4467-ADBD-A50FFE434085}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: browserprotect@browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledItems: cookiekiller@joseph.moran:1.0.11
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 11:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
 
[2011.01.13 00:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Extensions
[2012.07.26 23:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.05.11 11:35:54 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\browserprotect@browserprotect.com
[2011.01.15 10:21:24 | 000,000,000 | ---D | M] (external IP) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\externalip@erik.morlin
[2012.04.23 12:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.26 23:33:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.08 21:39:29 | 000,164,885 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
[2011.09.16 22:46:13 | 000,057,127 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\COOKIEKILLER@JOSEPH.MORAN.XPI
[2012.06.17 10:14:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:21:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.23 12:02:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.23 12:02:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.23 12:02:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.23 12:02:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.23 12:02:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.23 12:02:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013C6BA5-3355-4F15-BB34-6AAF6CD4B685}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 11:04:05 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
[2012.07.25 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.24 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Documents\Hochszeitung
[2012.07.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\kerstin
[2012.07.14 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2012.07.14 09:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\Hearts of Iron 2
[2012.07.05 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2012.07.05 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.05 13:58:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.05 13:58:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.05 13:58:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.03 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.03 19:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.03 19:29:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.07.03 19:29:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.07.03 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.27 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\Programs
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\ArcSoft
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012.06.27 14:43:03 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012.06.27 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.06.27 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.27 11:06:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.27 11:04:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
[2012.07.27 11:02:07 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 11:02:07 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 10:59:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 10:59:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 10:59:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 10:59:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 10:59:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 10:55:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 10:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 10:54:42 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 19:11:33 | 000,632,049 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
[2012.07.24 22:19:54 | 030,046,296 | ---- | M] () -- C:\Users\Wir Zuhause\Documents\Die Braut stellt sich 2.odt
[2012.07.22 19:16:02 | 000,000,000 | ---- | M] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.18 11:12:33 | 010,836,596 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.18 11:11:56 | 008,126,925 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:07 | 010,512,919 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.17 22:02:59 | 029,431,903 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.11 21:50:50 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 14:17:31 | 000,015,322 | ---- | M] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 14:42:59 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 19:11:31 | 000,632,049 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
[2012.07.22 22:45:58 | 030,046,296 | ---- | C] () -- C:\Users\Wir Zuhause\Documents\Die Braut stellt sich 2.odt
[2012.07.22 19:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.18 11:11:51 | 008,126,925 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:00 | 010,512,919 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.18 10:32:43 | 010,836,596 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.17 21:59:40 | 029,431,903 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.10 14:17:30 | 000,015,322 | ---- | C] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 19:29:15 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.07.03 19:28:10 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.06.27 14:42:59 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.21 13:38:51 | 000,100,159 | ---- | C] () -- C:\ProgramData\1329824262.bdinstall.bin
[2012.01.21 13:55:01 | 000,314,077 | ---- | C] () -- C:\ProgramData\1327146115.bdinstall.bin
[2012.01.21 13:39:35 | 000,102,491 | ---- | C] () -- C:\ProgramData\1327145953.bdinstall.bin
[2012.01.11 11:26:26 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{770631B1-B43D-456E-8BAD-2F0B02957066}
[2011.11.08 08:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{9A89FF69-F7B9-4CD0-9B02-6728492FFC6D}
[2011.10.27 16:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{4C9748DF-FB2F-4E70-8833-66719F23A638}
[2011.10.24 10:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{A6413DDB-12ED-4DD5-95B7-AF51B2D42B56}
[2011.07.12 06:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{B4D045BD-854D-48C9-8D3E-E4A940095CA7}
[2011.06.28 21:23:07 | 000,007,611 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\Resmon.ResmonCfg
[2011.04.28 09:49:18 | 000,012,288 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 21:03:36 | 000,000,053 | ---- | C] () -- C:\Windows\COLONIZ.INI
[2011.03.15 22:03:53 | 000,590,145 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.01.30 15:39:09 | 000,000,161 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Roaming\default.rss
 
========== LOP Check ==========
 
[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.12 19:32:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.02 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Adobe
[2012.06.27 14:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft
[2012.07.05 14:03:33 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.12 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Identities
[2011.01.19 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\InstallShield
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2011.01.13 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Macromedia
[2012.07.14 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Media Center Programs
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.11.21 21:29:56 | 000,000,000 | --SD | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Microsoft
[2011.01.13 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Mozilla
[2011.01.26 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Nero
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.04 23:16:49 | 000,000,000 | RH-D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\SecuROM
[2012.06.15 11:49:08 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Skype
[2011.07.13 10:35:15 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\teamspeak2
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.19 22:51:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Winamp
[2011.01.31 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 27.07.2012 13:29
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\PDFCreator\Toolbar
C:\Program Files (x86)\pdfforge Toolbar
G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Knobelhannes 27.07.2012 22:14
Guten Abend,

Als Hinweis die externe Festplatte, wo die alte Daten drauf sind hatte ich nicht angeschlossen da Antivir da Viren gefunden hatte und ich meinen Rechner nicht neu infizieren wollte. Muß Dich da eh fragen: Wie kann ich ein paar alte Daten auf eine DVD brennen ohne das ich in dem Augenblick, wo die Festplatte per USB verbunden ist Viren auf meine Rechner hole?

Die geforderte FIX-Log-File liest sich so:


Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
File G:\EasySuite.exe bootup not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
C:\Program Files (x86)\PDFCreator\Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\pdfforge Toolbar not found.
File\Folder G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Wir Zuhause
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3052280 bytes
->Java cache emptied: 806206 bytes
->FireFox cache emptied: 55243520 bytes
->Flash cache emptied: 563 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5022424 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 192516 bytes
RecycleBin emptied: 15208930 bytes
 
Total Files Cleaned = 76,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: Wir Zuhause
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_230227

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 27.07.2012 22:43
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Knobelhannes 30.07.2012 17:58
Hallo Cosinus, bin erst heute wieder da, habe 2mal sicherheitshalber Deine Anweisung gemacht. Beide Logs ergaben keine Funde. Das aktuelleree poste ich. Viele Grüße Frank

Code:
18:46:25.0048 4064        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:46:27.0061 4064        ============================================================
18:46:27.0061 4064        Current date / time: 2012/07/30 18:46:27.0061
18:46:27.0061 4064        SystemInfo:
18:46:27.0061 4064       
18:46:27.0061 4064        OS Version: 6.1.7601 ServicePack: 1.0
18:46:27.0061 4064        Product type: Workstation
18:46:27.0061 4064        ComputerName: KNOBELBECHER
18:46:27.0061 4064        UserName: Wir Zuhause
18:46:27.0061 4064        Windows directory: C:\Windows
18:46:27.0061 4064        System windows directory: C:\Windows
18:46:27.0061 4064        Running under WOW64
18:46:27.0061 4064        Processor architecture: Intel x64
18:46:27.0061 4064        Number of processors: 2
18:46:27.0061 4064        Page size: 0x1000
18:46:27.0061 4064        Boot type: Normal boot
18:46:27.0061 4064        ============================================================
18:46:28.0746 4064        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:28.0746 4064        ============================================================
18:46:28.0746 4064        \Device\Harddisk0\DR0:
18:46:28.0746 4064        MBR partitions:
18:46:28.0746 4064        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:28.0746 4064        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x257CE000
18:46:28.0746 4064        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25800800, BlocksNum 0x4EF05800
18:46:28.0746 4064        ============================================================
18:46:28.0761 4064        C: <-> \Device\Harddisk0\DR0\Partition1
18:46:28.0824 4064        D: <-> \Device\Harddisk0\DR0\Partition2
18:46:28.0824 4064        ============================================================
18:46:28.0824 4064        Initialize success
18:46:28.0824 4064        ============================================================
18:48:41.0954 2836        ============================================================
18:48:41.0954 2836        Scan started
18:48:41.0954 2836        Mode: Manual;
18:48:41.0954 2836        ============================================================
18:48:43.0218 2836        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:48:43.0234 2836        1394ohci - ok
18:48:43.0327 2836        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:48:43.0358 2836        ACDaemon - ok
18:48:43.0390 2836        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:48:43.0390 2836        ACPI - ok
18:48:43.0405 2836        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:48:43.0405 2836        AcpiPmi - ok
18:48:43.0452 2836        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:43.0468 2836        AdobeARMservice - ok
18:48:43.0530 2836        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:43.0546 2836        adp94xx - ok
18:48:43.0577 2836        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:43.0608 2836        adpahci - ok
18:48:43.0624 2836        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:43.0624 2836        adpu320 - ok
18:48:43.0639 2836        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:43.0655 2836        AeLookupSvc - ok
18:48:43.0717 2836        Afc            (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
18:48:43.0733 2836        Afc - ok
18:48:43.0780 2836        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:48:43.0811 2836        AFD - ok
18:48:43.0842 2836        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:48:43.0842 2836        agp440 - ok
18:48:43.0858 2836        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:43.0858 2836        ALG - ok
18:48:43.0873 2836        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:48:43.0873 2836        aliide - ok
18:48:43.0889 2836        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:48:43.0889 2836        amdide - ok
18:48:43.0904 2836        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:43.0904 2836        AmdK8 - ok
18:48:43.0936 2836        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:43.0936 2836        AmdPPM - ok
18:48:43.0967 2836        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:48:43.0967 2836        amdsata - ok
18:48:43.0982 2836        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:43.0998 2836        amdsbs - ok
18:48:43.0998 2836        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:48:43.0998 2836        amdxata - ok
18:48:44.0076 2836        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:48:44.0092 2836        AntiVirSchedulerService - ok
18:48:44.0107 2836        Scan interrupted by user!
18:48:44.0107 2836        Scan interrupted by user!
18:48:44.0107 2836        Scan interrupted by user!
18:48:44.0107 2836        ============================================================
18:48:44.0107 2836        Scan finished
18:48:44.0107 2836        ============================================================
18:48:44.0107 2840        Detected object count: 0
18:48:44.0107 2840        Actual detected object count: 0
18:48:51.0673 2512        ============================================================
18:48:51.0673 2512        Scan started
18:48:51.0673 2512        Mode: Manual; SigCheck; TDLFS;
18:48:51.0673 2512        ============================================================
18:48:51.0767 2512        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:48:51.0954 2512        1394ohci - ok
18:48:52.0016 2512        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:48:52.0094 2512        ACDaemon - ok
18:48:52.0110 2512        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:48:52.0126 2512        ACPI - ok
18:48:52.0126 2512        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:48:52.0204 2512        AcpiPmi - ok
18:48:52.0250 2512        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:52.0266 2512        AdobeARMservice - ok
18:48:52.0282 2512        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:52.0313 2512        adp94xx - ok
18:48:52.0328 2512        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:52.0344 2512        adpahci - ok
18:48:52.0360 2512        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:52.0375 2512        adpu320 - ok
18:48:52.0391 2512        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:52.0531 2512        AeLookupSvc - ok
18:48:52.0578 2512        Afc            (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
18:48:52.0609 2512        Afc - ok
18:48:52.0640 2512        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:48:52.0703 2512        AFD - ok
18:48:52.0718 2512        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:48:52.0734 2512        agp440 - ok
18:48:52.0750 2512        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:52.0812 2512        ALG - ok
18:48:52.0828 2512        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:48:52.0859 2512        aliide - ok
18:48:52.0874 2512        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:48:52.0874 2512        amdide - ok
18:48:52.0890 2512        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:52.0921 2512        AmdK8 - ok
18:48:52.0937 2512        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:52.0968 2512        AmdPPM - ok
18:48:52.0999 2512        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:48:53.0015 2512        amdsata - ok
18:48:53.0015 2512        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:53.0030 2512        amdsbs - ok
18:48:53.0046 2512        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:48:53.0046 2512        amdxata - ok
18:48:53.0108 2512        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:48:53.0140 2512        AntiVirSchedulerService - ok
18:48:53.0155 2512        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:48:53.0186 2512        AntiVirService - ok
18:48:53.0218 2512        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:48:53.0264 2512        AppID - ok
18:48:53.0280 2512        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:48:53.0342 2512        AppIDSvc - ok
18:48:53.0374 2512        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:48:53.0389 2512        Appinfo - ok
18:48:53.0405 2512        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:48:53.0420 2512        arc - ok
18:48:53.0436 2512        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:48:53.0452 2512        arcsas - ok
18:48:53.0467 2512        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:53.0561 2512        AsyncMac - ok
18:48:53.0576 2512        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:48:53.0592 2512        atapi - ok
18:48:53.0623 2512        AtiPcie        (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:48:53.0639 2512        AtiPcie - ok
18:48:53.0686 2512        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:48:53.0732 2512        AudioEndpointBuilder - ok
18:48:53.0732 2512        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:48:53.0764 2512        AudioSrv - ok
18:48:53.0795 2512        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:48:53.0810 2512        avgntflt - ok
18:48:53.0826 2512        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:48:53.0842 2512        avipbb - ok
18:48:53.0842 2512        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:48:53.0857 2512        avkmgr - ok
18:48:53.0888 2512        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:48:53.0982 2512        AxInstSV - ok
18:48:54.0013 2512        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:48:54.0076 2512        b06bdrv - ok
18:48:54.0107 2512        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:54.0138 2512        b57nd60a - ok
18:48:54.0185 2512        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:48:54.0263 2512        BDESVC - ok
18:48:54.0278 2512        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:48:54.0356 2512        Beep - ok
18:48:54.0419 2512        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:48:54.0466 2512        BFE - ok
18:48:54.0512 2512        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:48:54.0559 2512        BITS - ok
18:48:54.0590 2512        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:54.0622 2512        blbdrive - ok
18:48:54.0637 2512        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:48:54.0684 2512        bowser - ok
18:48:54.0700 2512        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:48:54.0778 2512        BrFiltLo - ok
18:48:54.0793 2512        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:48:54.0809 2512        BrFiltUp - ok
18:48:54.0840 2512        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:48:54.0918 2512        Browser - ok
18:48:54.0949 2512        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:48:55.0027 2512        Brserid - ok
18:48:55.0043 2512        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:55.0074 2512        BrSerWdm - ok
18:48:55.0090 2512        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:55.0121 2512        BrUsbMdm - ok
18:48:55.0121 2512        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:55.0136 2512        BrUsbSer - ok
18:48:55.0152 2512        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:48:55.0183 2512        BTHMODEM - ok
18:48:55.0214 2512        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:48:55.0277 2512        bthserv - ok
18:48:55.0292 2512        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:48:55.0370 2512        cdfs - ok
18:48:55.0402 2512        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:48:55.0448 2512        cdrom - ok
18:48:55.0464 2512        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:48:55.0526 2512        CertPropSvc - ok
18:48:55.0526 2512        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:48:55.0542 2512        circlass - ok
18:48:55.0558 2512        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:48:55.0573 2512        CLFS - ok
18:48:55.0620 2512        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:55.0636 2512        clr_optimization_v2.0.50727_32 - ok
18:48:55.0667 2512        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:55.0682 2512        clr_optimization_v2.0.50727_64 - ok
18:48:55.0698 2512        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:48:55.0729 2512        CmBatt - ok
18:48:55.0745 2512        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:48:55.0745 2512        cmdide - ok
18:48:55.0776 2512        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:48:55.0807 2512        CNG - ok
18:48:55.0807 2512        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:48:55.0823 2512        Compbatt - ok
18:48:55.0838 2512        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:48:55.0870 2512        CompositeBus - ok
18:48:55.0870 2512        COMSysApp - ok
18:48:55.0885 2512        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:48:55.0885 2512        crcdisk - ok
18:48:55.0916 2512        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:48:55.0963 2512        CryptSvc - ok
18:48:55.0994 2512        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:48:56.0026 2512        DcomLaunch - ok
18:48:56.0057 2512        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:48:56.0104 2512        defragsvc - ok
18:48:56.0135 2512        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:48:56.0182 2512        DfsC - ok
18:48:56.0197 2512        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:48:56.0244 2512        Dhcp - ok
18:48:56.0244 2512        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:48:56.0291 2512        discache - ok
18:48:56.0322 2512        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:48:56.0322 2512        Disk - ok
18:48:56.0353 2512        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:48:56.0416 2512        Dnscache - ok
18:48:56.0447 2512        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:48:56.0494 2512        dot3svc - ok
18:48:56.0525 2512        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:48:56.0556 2512        DPS - ok
18:48:56.0603 2512        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:48:56.0634 2512        drmkaud - ok
18:48:56.0681 2512        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:48:56.0712 2512        DXGKrnl - ok
18:48:56.0743 2512        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:48:56.0759 2512        EapHost - ok
18:48:56.0852 2512        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:48:56.0915 2512        ebdrv - ok
18:48:56.0977 2512        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:48:57.0024 2512        EFS - ok
18:48:57.0086 2512        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:48:57.0133 2512        ehRecvr - ok
18:48:57.0149 2512        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:48:57.0196 2512        ehSched - ok
18:48:57.0242 2512        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:48:57.0289 2512        elxstor - ok
18:48:57.0305 2512        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:48:57.0336 2512        ErrDev - ok
18:48:57.0352 2512        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:48:57.0398 2512        EventSystem - ok
18:48:57.0414 2512        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:48:57.0445 2512        exfat - ok
18:48:57.0461 2512        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:48:57.0492 2512        fastfat - ok
18:48:57.0554 2512        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:48:57.0586 2512        Fax - ok
18:48:57.0586 2512        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:48:57.0601 2512        fdc - ok
18:48:57.0617 2512        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:48:57.0679 2512        fdPHost - ok
18:48:57.0695 2512        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:48:57.0726 2512        FDResPub - ok
18:48:57.0742 2512        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:48:57.0757 2512        FileInfo - ok
18:48:57.0773 2512        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:48:57.0820 2512        Filetrace - ok
18:48:57.0820 2512        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:48:57.0820 2512        flpydisk - ok
18:48:57.0851 2512        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:48:57.0851 2512        FltMgr - ok
18:48:57.0898 2512        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:48:57.0944 2512        FontCache - ok
18:48:58.0022 2512        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:58.0038 2512        FontCache3.0.0.0 - ok
18:48:58.0054 2512        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:48:58.0069 2512        FsDepends - ok
18:48:58.0100 2512        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:48:58.0116 2512        Fs_Rec - ok
18:48:58.0147 2512        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:48:58.0163 2512        fvevol - ok
18:48:58.0178 2512        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:48:58.0194 2512        gagp30kx - ok
18:48:58.0210 2512        GMSIPCI - ok
18:48:58.0241 2512        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:48:58.0303 2512        gpsvc - ok
18:48:58.0397 2512        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:58.0412 2512        gupdate - ok
18:48:58.0428 2512        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:58.0444 2512        gupdatem - ok
18:48:58.0444 2512        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:48:58.0475 2512        hcw85cir - ok
18:48:58.0506 2512        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:48:58.0537 2512        HdAudAddService - ok
18:48:58.0553 2512        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:48:58.0584 2512        HDAudBus - ok
18:48:58.0600 2512        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:48:58.0631 2512        HidBatt - ok
18:48:58.0646 2512        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:48:58.0662 2512        HidBth - ok
18:48:58.0662 2512        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:48:58.0693 2512        HidIr - ok
18:48:58.0724 2512        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:48:58.0756 2512        hidserv - ok
18:48:58.0771 2512        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:48:58.0787 2512        HidUsb - ok
18:48:58.0818 2512        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:48:58.0880 2512        hkmsvc - ok
18:48:58.0896 2512        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:48:58.0943 2512        HomeGroupListener - ok
18:48:58.0958 2512        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:48:58.0990 2512        HomeGroupProvider - ok
18:48:59.0005 2512        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:48:59.0021 2512        HpSAMD - ok
18:48:59.0068 2512        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:48:59.0114 2512        HTTP - ok
18:48:59.0130 2512        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:48:59.0130 2512        hwpolicy - ok
18:48:59.0161 2512        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:48:59.0177 2512        i8042prt - ok
18:48:59.0208 2512        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:48:59.0224 2512        iaStorV - ok
18:48:59.0333 2512        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:59.0380 2512        idsvc - ok
18:48:59.0395 2512        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:48:59.0411 2512        iirsp - ok
18:48:59.0426 2512        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:48:59.0489 2512        IKEEXT - ok
18:48:59.0567 2512        IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
18:48:59.0598 2512        IntcAzAudAddService - ok
18:48:59.0676 2512        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:48:59.0707 2512        intelide - ok
18:48:59.0723 2512        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:48:59.0738 2512        intelppm - ok
18:48:59.0754 2512        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:48:59.0801 2512        IPBusEnum - ok
18:48:59.0832 2512        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:59.0879 2512        IpFilterDriver - ok
18:48:59.0926 2512        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:48:59.0957 2512        iphlpsvc - ok
18:48:59.0972 2512        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:48:59.0988 2512        IPMIDRV - ok
18:49:00.0004 2512        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:49:00.0050 2512        IPNAT - ok
18:49:00.0082 2512        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:49:00.0175 2512        IRENUM - ok
18:49:00.0191 2512        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:49:00.0206 2512        isapnp - ok
18:49:00.0222 2512        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:49:00.0253 2512        iScsiPrt - ok
18:49:00.0269 2512        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:49:00.0269 2512        kbdclass - ok
18:49:00.0300 2512        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:49:00.0331 2512        kbdhid - ok
18:49:00.0362 2512        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:00.0394 2512        KeyIso - ok
18:49:00.0409 2512        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:49:00.0425 2512        KSecDD - ok
18:49:00.0440 2512        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:49:00.0456 2512        KSecPkg - ok
18:49:00.0456 2512        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:49:00.0503 2512        ksthunk - ok
18:49:00.0518 2512        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:49:00.0565 2512        KtmRm - ok
18:49:00.0612 2512        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:49:00.0706 2512        LanmanServer - ok
18:49:00.0721 2512        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:49:00.0784 2512        LanmanWorkstation - ok
18:49:00.0815 2512        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:49:00.0862 2512        lltdio - ok
18:49:00.0893 2512        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:49:00.0924 2512        lltdsvc - ok
18:49:00.0924 2512        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:49:00.0955 2512        lmhosts - ok
18:49:00.0971 2512        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:49:00.0986 2512        LSI_FC - ok
18:49:01.0002 2512        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:49:01.0018 2512        LSI_SAS - ok
18:49:01.0018 2512        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:49:01.0033 2512        LSI_SAS2 - ok
18:49:01.0049 2512        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:49:01.0049 2512        LSI_SCSI - ok
18:49:01.0064 2512        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:49:01.0111 2512        luafv - ok
18:49:01.0127 2512        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:49:01.0189 2512        Mcx2Svc - ok
18:49:01.0205 2512        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:49:01.0220 2512        megasas - ok
18:49:01.0236 2512        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:49:01.0267 2512        MegaSR - ok
18:49:01.0283 2512        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:49:01.0314 2512        MMCSS - ok
18:49:01.0345 2512        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:49:01.0376 2512        Modem - ok
18:49:01.0408 2512        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:49:01.0439 2512        monitor - ok
18:49:01.0470 2512        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:49:01.0517 2512        mouclass - ok
18:49:01.0517 2512        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:49:01.0548 2512        mouhid - ok
18:49:01.0564 2512        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:49:01.0579 2512        mountmgr - ok
18:49:01.0673 2512        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:49:01.0720 2512        MozillaMaintenance - ok
18:49:01.0735 2512        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:49:01.0766 2512        mpio - ok
18:49:01.0782 2512        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:49:01.0813 2512        mpsdrv - ok
18:49:01.0860 2512        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:49:01.0907 2512        MpsSvc - ok
18:49:01.0922 2512        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:49:01.0954 2512        MRxDAV - ok
18:49:01.0985 2512        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:49:02.0032 2512        mrxsmb - ok
18:49:02.0063 2512        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:49:02.0078 2512        mrxsmb10 - ok
18:49:02.0110 2512        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:49:02.0125 2512        mrxsmb20 - ok
18:49:02.0141 2512        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:49:02.0156 2512        msahci - ok
18:49:02.0172 2512        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:49:02.0188 2512        msdsm - ok
18:49:02.0219 2512        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:49:02.0234 2512        MSDTC - ok
18:49:02.0250 2512        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:49:02.0281 2512        Msfs - ok
18:49:02.0297 2512        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:49:02.0328 2512        mshidkmdf - ok
18:49:02.0344 2512        MSICDSetup - ok
18:49:02.0375 2512        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:49:02.0390 2512        msisadrv - ok
18:49:02.0406 2512        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:49:02.0437 2512        MSiSCSI - ok
18:49:02.0453 2512        msiserver - ok
18:49:02.0468 2512        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:49:02.0546 2512        MSKSSRV - ok
18:49:02.0562 2512        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:49:02.0609 2512        MSPCLOCK - ok
18:49:02.0609 2512        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:49:02.0671 2512        MSPQM - ok
18:49:02.0702 2512        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:49:02.0734 2512        MsRPC - ok
18:49:02.0749 2512        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:49:02.0765 2512        mssmbios - ok
18:49:02.0765 2512        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:49:02.0812 2512        MSTEE - ok
18:49:02.0827 2512        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:49:02.0843 2512        MTConfig - ok
18:49:02.0858 2512        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:49:02.0858 2512        Mup - ok
18:49:02.0890 2512        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:49:02.0936 2512        napagent - ok
18:49:02.0968 2512        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:49:02.0999 2512        NativeWifiP - ok
18:49:03.0061 2512        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:49:03.0092 2512        NDIS - ok
18:49:03.0092 2512        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:49:03.0124 2512        NdisCap - ok
18:49:03.0155 2512        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:49:03.0186 2512        NdisTapi - ok
18:49:03.0217 2512        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:49:03.0248 2512        Ndisuio - ok
18:49:03.0264 2512        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:49:03.0311 2512        NdisWan - ok
18:49:03.0311 2512        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:49:03.0342 2512        NDProxy - ok
18:49:03.0482 2512        Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:49:03.0498 2512        Nero BackItUp Scheduler 4.0 - ok
18:49:03.0514 2512        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:49:03.0545 2512        NetBIOS - ok
18:49:03.0560 2512        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:49:03.0592 2512        NetBT - ok
18:49:03.0607 2512        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:03.0623 2512        Netlogon - ok
18:49:03.0654 2512        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:49:03.0685 2512        Netman - ok
18:49:03.0716 2512        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:49:03.0748 2512        netprofm - ok
18:49:03.0826 2512        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:49:03.0857 2512        NetTcpPortSharing - ok
18:49:03.0872 2512        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:49:03.0872 2512        nfrd960 - ok
18:49:03.0904 2512        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:49:03.0950 2512        NlaSvc - ok
18:49:03.0950 2512        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:49:03.0982 2512        Npfs - ok
18:49:03.0997 2512        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:49:04.0044 2512        nsi - ok
18:49:04.0044 2512        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:49:04.0091 2512        nsiproxy - ok
18:49:04.0153 2512        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:49:04.0184 2512        Ntfs - ok
18:49:04.0247 2512        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:49:04.0278 2512        Null - ok
18:49:04.0309 2512        nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:49:04.0325 2512        nusb3hub - ok
18:49:04.0340 2512        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:49:04.0356 2512        nusb3xhc - ok
18:49:04.0387 2512        NVHDA          (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
18:49:04.0418 2512        NVHDA - ok
18:49:04.0746 2512        nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:49:04.0902 2512        nvlddmkm - ok
18:49:04.0996 2512        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:49:05.0027 2512        nvraid - ok
18:49:05.0042 2512        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:49:05.0074 2512        nvstor - ok
18:49:05.0136 2512        nvsvc          (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
18:49:05.0152 2512        nvsvc - ok
18:49:05.0276 2512        nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:49:05.0308 2512        nvUpdatusService - ok
18:49:05.0339 2512        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:49:05.0354 2512        nv_agp - ok
18:49:05.0370 2512        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:49:05.0401 2512        ohci1394 - ok
18:49:05.0432 2512        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:49:05.0464 2512        p2pimsvc - ok
18:49:05.0479 2512        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:49:05.0495 2512        p2psvc - ok
18:49:05.0526 2512        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:49:05.0526 2512        Parport - ok
18:49:05.0557 2512        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:49:05.0573 2512        partmgr - ok
18:49:05.0588 2512        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:49:05.0604 2512        PcaSvc - ok
18:49:05.0620 2512        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:49:05.0635 2512        pci - ok
18:49:05.0651 2512        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:49:05.0651 2512        pciide - ok
18:49:05.0666 2512        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:49:05.0682 2512        pcmcia - ok
18:49:05.0698 2512        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:49:05.0713 2512        pcw - ok
18:49:05.0729 2512        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:49:05.0791 2512        PEAUTH - ok
18:49:05.0838 2512        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:49:05.0932 2512        PerfHost - ok
18:49:06.0010 2512        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:49:06.0072 2512        pla - ok
18:49:06.0103 2512        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:49:06.0119 2512        PlugPlay - ok
18:49:06.0134 2512        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:49:06.0150 2512        PNRPAutoReg - ok
18:49:06.0166 2512        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:49:06.0181 2512        PNRPsvc - ok
18:49:06.0197 2512        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:49:06.0244 2512        PolicyAgent - ok
18:49:06.0275 2512        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:49:06.0306 2512        Power - ok
18:49:06.0368 2512        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:49:06.0446 2512        PptpMiniport - ok
18:49:06.0462 2512        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:49:06.0478 2512        Processor - ok
18:49:06.0509 2512        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:49:06.0540 2512        ProfSvc - ok
18:49:06.0571 2512        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:06.0571 2512        ProtectedStorage - ok
18:49:06.0602 2512        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:49:06.0634 2512        Psched - ok
18:49:06.0680 2512        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:49:06.0712 2512        ql2300 - ok
18:49:06.0758 2512        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:49:06.0774 2512        ql40xx - ok
18:49:06.0805 2512        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:49:06.0821 2512        QWAVE - ok
18:49:06.0836 2512        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:49:06.0852 2512        QWAVEdrv - ok
18:49:06.0868 2512        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:49:06.0914 2512        RasAcd - ok
18:49:06.0930 2512        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:49:06.0961 2512        RasAgileVpn - ok
18:49:06.0977 2512        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:49:06.0992 2512        RasAuto - ok
18:49:07.0024 2512        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:07.0070 2512        Rasl2tp - ok
18:49:07.0102 2512        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:49:07.0148 2512        RasMan - ok
18:49:07.0164 2512        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:07.0195 2512        RasPppoe - ok
18:49:07.0226 2512        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:49:07.0289 2512        RasSstp - ok
18:49:07.0320 2512        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:49:07.0351 2512        rdbss - ok
18:49:07.0367 2512        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:49:07.0414 2512        rdpbus - ok
18:49:07.0414 2512        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:07.0460 2512        RDPCDD - ok
18:49:07.0476 2512        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:49:07.0523 2512        RDPENCDD - ok
18:49:07.0523 2512        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:49:07.0538 2512        RDPREFMP - ok
18:49:07.0570 2512        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:49:07.0601 2512        RDPWD - ok
18:49:07.0632 2512        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:49:07.0648 2512        rdyboost - ok
18:49:07.0679 2512        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:49:07.0726 2512        RemoteAccess - ok
18:49:07.0741 2512        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:49:07.0788 2512        RemoteRegistry - ok
18:49:07.0788 2512        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:49:07.0835 2512        RpcEptMapper - ok
18:49:07.0850 2512        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:49:07.0882 2512        RpcLocator - ok
18:49:07.0913 2512        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:49:07.0944 2512        RpcSs - ok
18:49:07.0975 2512        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:49:08.0038 2512        rspndr - ok
18:49:08.0084 2512        RTL8167        (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:49:08.0131 2512        RTL8167 - ok
18:49:08.0162 2512        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:08.0178 2512        SamSs - ok
18:49:08.0194 2512        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:49:08.0209 2512        sbp2port - ok
18:49:08.0209 2512        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:49:08.0256 2512        SCardSvr - ok
18:49:08.0272 2512        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:49:08.0303 2512        scfilter - ok
18:49:08.0350 2512        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:49:08.0396 2512        Schedule - ok
18:49:08.0412 2512        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:49:08.0443 2512        SCPolicySvc - ok
18:49:08.0459 2512        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:49:08.0506 2512        SDRSVC - ok
18:49:08.0537 2512        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:49:08.0552 2512        secdrv - ok
18:49:08.0584 2512        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:49:08.0615 2512        seclogon - ok
18:49:08.0630 2512        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:49:08.0662 2512        SENS - ok
18:49:08.0677 2512        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:49:08.0708 2512        SensrSvc - ok
18:49:08.0724 2512        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:49:08.0724 2512        Serenum - ok
18:49:08.0740 2512        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:49:08.0755 2512        Serial - ok
18:49:08.0786 2512        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:49:08.0786 2512        sermouse - ok
18:49:08.0818 2512        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:49:08.0864 2512        SessionEnv - ok
18:49:08.0880 2512        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:49:08.0927 2512        sffdisk - ok
18:49:08.0942 2512        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:49:08.0958 2512        sffp_mmc - ok
18:49:08.0958 2512        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:49:08.0974 2512        sffp_sd - ok
18:49:08.0989 2512        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:49:09.0005 2512        sfloppy - ok
18:49:09.0036 2512        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:49:09.0067 2512        SharedAccess - ok
18:49:09.0098 2512        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:49:09.0130 2512        ShellHWDetection - ok
18:49:09.0145 2512        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:49:09.0145 2512        SiSRaid2 - ok
18:49:09.0161 2512        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:49:09.0176 2512        SiSRaid4 - ok
18:49:09.0192 2512        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:49:09.0270 2512        Smb - ok
18:49:09.0301 2512        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:49:09.0317 2512        SNMPTRAP - ok
18:49:09.0348 2512        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:49:09.0348 2512        spldr - ok
18:49:09.0379 2512        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:49:09.0426 2512        Spooler - ok
18:49:09.0520 2512        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:49:09.0582 2512        sppsvc - ok
18:49:09.0644 2512        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:49:09.0722 2512        sppuinotify - ok
18:49:09.0769 2512        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:49:09.0816 2512        srv - ok
18:49:09.0832 2512        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:49:09.0863 2512        srv2 - ok
18:49:09.0878 2512        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:49:09.0910 2512        srvnet - ok
18:49:09.0941 2512        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:49:09.0972 2512        SSDPSRV - ok
18:49:09.0988 2512        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:49:10.0019 2512        SstpSvc - ok
18:49:10.0097 2512        Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:49:10.0128 2512        Stereo Service - ok
18:49:10.0144 2512        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:49:10.0159 2512        stexstor - ok
18:49:10.0190 2512        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:49:10.0237 2512        stisvc - ok
18:49:10.0268 2512        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:49:10.0268 2512        swenum - ok
18:49:10.0315 2512        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:49:10.0362 2512        swprv - ok
18:49:10.0424 2512        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:49:10.0471 2512        SysMain - ok
18:49:10.0549 2512        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:49:10.0612 2512        TabletInputService - ok
18:49:10.0643 2512        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:49:10.0690 2512        TapiSrv - ok
18:49:10.0705 2512        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:49:10.0768 2512        TBS - ok
18:49:10.0877 2512        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:49:10.0924 2512        Tcpip - ok
18:49:10.0986 2512        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:49:11.0017 2512        TCPIP6 - ok
18:49:11.0064 2512        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:49:11.0095 2512        tcpipreg - ok
18:49:11.0111 2512        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:49:11.0126 2512        TDPIPE - ok
18:49:11.0158 2512        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:49:11.0189 2512        TDTCP - ok
18:49:11.0220 2512        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:49:11.0251 2512        tdx - ok
18:49:11.0267 2512        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:49:11.0282 2512        TermDD - ok
18:49:11.0314 2512        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:49:11.0360 2512        TermService - ok
18:49:11.0360 2512        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:49:11.0392 2512        Themes - ok
18:49:11.0423 2512        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:49:11.0438 2512        THREADORDER - ok
18:49:11.0470 2512        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:49:11.0501 2512        TrkWks - ok
18:49:11.0548 2512        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:49:11.0610 2512        TrustedInstaller - ok
18:49:11.0626 2512        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:49:11.0657 2512        tssecsrv - ok
18:49:11.0704 2512        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:49:11.0766 2512        TsUsbFlt - ok
18:49:11.0813 2512        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:49:11.0891 2512        tunnel - ok
18:49:11.0922 2512        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:49:11.0938 2512        uagp35 - ok
18:49:11.0969 2512        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:49:12.0016 2512        udfs - ok
18:49:12.0031 2512        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:49:12.0062 2512        UI0Detect - ok
18:49:12.0078 2512        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:49:12.0094 2512        uliagpkx - ok
18:49:12.0125 2512        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:49:12.0156 2512        umbus - ok
18:49:12.0172 2512        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:49:12.0187 2512        UmPass - ok
18:49:12.0218 2512        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:49:12.0265 2512        upnphost - ok
18:49:12.0296 2512        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
18:49:12.0328 2512        usbccgp - ok
18:49:12.0359 2512        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:49:12.0374 2512        usbcir - ok
18:49:12.0390 2512        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:49:12.0406 2512        usbehci - ok
18:49:12.0437 2512        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:49:12.0468 2512        usbhub - ok
18:49:12.0484 2512        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:49:12.0499 2512        usbohci - ok
18:49:12.0499 2512        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:49:12.0530 2512        usbprint - ok
18:49:12.0562 2512        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:49:12.0562 2512        usbscan - ok
18:49:12.0577 2512        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:49:12.0608 2512        USBSTOR - ok
18:49:12.0624 2512        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:49:12.0640 2512        usbuhci - ok
18:49:12.0671 2512        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:49:12.0702 2512        usbvideo - ok
18:49:12.0733 2512        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:49:12.0764 2512        UxSms - ok
18:49:12.0780 2512        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:12.0796 2512        VaultSvc - ok
18:49:12.0811 2512        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:49:12.0811 2512        vdrvroot - ok
18:49:12.0858 2512        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:49:12.0920 2512        vds - ok
18:49:12.0952 2512        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:49:12.0967 2512        vga - ok
18:49:12.0967 2512        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:49:13.0014 2512        VgaSave - ok
18:49:13.0030 2512        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:49:13.0045 2512        vhdmp - ok
18:49:13.0061 2512        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:49:13.0061 2512        viaide - ok
18:49:13.0076 2512        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:49:13.0092 2512        volmgr - ok
18:49:13.0123 2512        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:49:13.0154 2512        volmgrx - ok
18:49:13.0170 2512        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:49:13.0186 2512        volsnap - ok
18:49:13.0201 2512        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:49:13.0201 2512        vsmraid - ok
18:49:13.0264 2512        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:49:13.0326 2512        VSS - ok
18:49:13.0404 2512        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:49:13.0435 2512        vwifibus - ok
18:49:13.0466 2512        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:49:13.0513 2512        W32Time - ok
18:49:13.0529 2512        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:49:13.0544 2512        WacomPen - ok
18:49:13.0576 2512        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:13.0622 2512        WANARP - ok
18:49:13.0622 2512        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:13.0638 2512        Wanarpv6 - ok
18:49:13.0685 2512        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:49:13.0747 2512        wbengine - ok
18:49:13.0778 2512        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:49:13.0794 2512        WbioSrvc - ok
18:49:13.0825 2512        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:49:13.0841 2512        wcncsvc - ok
18:49:13.0856 2512        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:49:13.0888 2512        WcsPlugInService - ok
18:49:13.0888 2512        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:49:13.0903 2512        Wd - ok
18:49:13.0934 2512        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:49:13.0950 2512        Wdf01000 - ok
18:49:13.0966 2512        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:49:14.0059 2512        WdiServiceHost - ok
18:49:14.0059 2512        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:49:14.0090 2512        WdiSystemHost - ok
18:49:14.0106 2512        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:49:14.0122 2512        WebClient - ok
18:49:14.0137 2512        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:49:14.0184 2512        Wecsvc - ok
18:49:14.0200 2512        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:49:14.0246 2512        wercplsupport - ok
18:49:14.0278 2512        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:49:14.0309 2512        WerSvc - ok
18:49:14.0340 2512        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:49:14.0356 2512        WfpLwf - ok
18:49:14.0371 2512        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:49:14.0387 2512        WIMMount - ok
18:49:14.0402 2512        WinDefend - ok
18:49:14.0418 2512        WinHttpAutoProxySvc - ok
18:49:14.0449 2512        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:49:14.0480 2512        Winmgmt - ok
18:49:14.0543 2512        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:49:14.0590 2512        WinRM - ok
18:49:14.0699 2512        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:49:14.0746 2512        WinUsb - ok
18:49:14.0792 2512        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:49:14.0839 2512        Wlansvc - ok
18:49:14.0855 2512        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:49:14.0870 2512        WmiAcpi - ok
18:49:14.0886 2512        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:49:14.0917 2512        wmiApSrv - ok
18:49:14.0933 2512        WMPNetworkSvc - ok
18:49:14.0933 2512        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:49:14.0964 2512        WPCSvc - ok
18:49:14.0980 2512        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:49:14.0995 2512        WPDBusEnum - ok
18:49:15.0026 2512        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:49:15.0089 2512        ws2ifsl - ok
18:49:15.0104 2512        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:49:15.0167 2512        wscsvc - ok
18:49:15.0167 2512        WSearch - ok
18:49:15.0260 2512        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:49:15.0292 2512        wuauserv - ok
18:49:15.0338 2512        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:49:15.0370 2512        WudfPf - ok
18:49:15.0416 2512        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:49:15.0448 2512        WUDFRd - ok
18:49:15.0463 2512        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:49:15.0494 2512        wudfsvc - ok
18:49:15.0526 2512        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:49:15.0541 2512        WwanSvc - ok
18:49:15.0557 2512        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:49:15.0728 2512        \Device\Harddisk0\DR0 - ok
18:49:15.0728 2512        Boot (0x1200)  (7aa8e1c6bc6b3e0f0397fbfa196808af) \Device\Harddisk0\DR0\Partition0
18:49:15.0728 2512        \Device\Harddisk0\DR0\Partition0 - ok
18:49:15.0760 2512        Boot (0x1200)  (f87845f54633b2e8d57eaed552a30701) \Device\Harddisk0\DR0\Partition1
18:49:15.0760 2512        \Device\Harddisk0\DR0\Partition1 - ok
18:49:15.0791 2512        Boot (0x1200)  (ac7a0ee493a0d40f2a01650f1471751e) \Device\Harddisk0\DR0\Partition2
18:49:15.0791 2512        \Device\Harddisk0\DR0\Partition2 - ok
18:49:15.0791 2512        ============================================================
18:49:15.0791 2512        Scan finished
18:49:15.0791 2512        ============================================================
18:49:15.0806 2508        Detected object count: 0
18:49:15.0806 2508        Actual detected object count: 0
18:52:18.0925 4056        Deinitialize success

cosinus 30.07.2012 20:31
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Knobelhannes 05.08.2012 17:10
Hatte die letzten Tage recht vile zu tun, hatte zwischendurch Drobbox installiert, da ich recht große pdf.Dateien verschiken mußte...

Combofix ausgeführt.
Folgendes Log:

Code:
ComboFix 12-08-05.02 - Wir Zuhause 05.08.2012  17:49:05.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.3073 [GMT 2:00]
ausgeführt von:: c:\users\Wir Zuhause\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1327145953.bdinstall.bin
c:\programdata\1327146115.bdinstall.bin
c:\programdata\1329824262.bdinstall.bin
c:\windows\IsUn0407.exe
D:\INSTALL.EXE
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-05 bis 2012-08-05  ))))))))))))))))))))))))))))))
.
.
2012-08-01 15:27 . 2012-08-02 07:51        --------        d-----r-        c:\users\Wir Zuhause\Dropbox
2012-08-01 14:35 . 2012-08-05 12:34        --------        d-----w-        c:\users\Wir Zuhause\AppData\Roaming\Dropbox
2012-07-30 08:50 . 2012-07-30 08:50        --------        d-----w-        c:\users\Wir Zuhause\AppData\Roaming\UDC Profiles
2012-07-30 08:49 . 2011-07-25 10:15        30656        ----a-w-        c:\windows\system32\udcpm.dll
2012-07-30 08:49 . 2012-07-30 08:49        --------        d-----w-        c:\program files (x86)\Universal Document Converter
2012-07-27 21:02 . 2012-07-27 21:02        --------        d-----w-        C:\_OTL
2012-07-25 20:42 . 2012-07-25 20:42        --------        d-----w-        c:\program files (x86)\ESET
2012-07-14 07:48 . 2012-07-14 07:48        --------        d-----w-        c:\users\Wir Zuhause\AppData\Roaming\Malwarebytes
2012-07-14 07:48 . 2012-07-14 07:48        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 07:48 . 2012-07-14 07:48        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-14 07:48 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-11 19:48 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 08:34 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-08 23:09 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-07-08 23:09 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-07-08 23:09 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-07-08 23:09 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-07-08 23:09 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-07-08 23:09 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-07-08 23:09 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-07-08 23:09 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-07-08 23:09 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 17:12 . 2012-04-05 09:27        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 17:12 . 2011-08-26 06:44        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:46 . 2011-01-23 10:40        59701280        ----a-w-        c:\windows\system32\MRT.exe
2012-05-15 10:48 . 2012-07-03 17:29        68928        ----a-w-        c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-07-03 17:29        61248        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-07-03 17:28        949056        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-07-03 17:28        818496        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-07-03 17:28        8105280        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-07-03 17:28        25743168        ----a-w-        c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-07-03 17:28        19607872        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-07-03 17:28        10194752        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-07-03 17:28        8139072        ----a-w-        c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-07-03 17:28        5982528        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-07-03 17:28        364352        ----a-w-        c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-07-03 17:28        301376        ----a-w-        c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-07-03 17:28        2881856        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-07-03 17:28        2741568        ----a-w-        c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-07-03 17:28        2681664        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-07-03 17:28        2524992        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-07-03 17:28        25248064        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-07-03 17:28        246592        ----a-w-        c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-07-03 17:28        2445120        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-07-03 17:28        2368832        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-07-03 17:28        202048        ----a-w-        c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-07-03 17:28        18044224        ----a-w-        c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-07-03 17:28        17551680        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-07-03 17:28        1738048        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-07-03 17:28        15322432        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-07-03 17:28        1468224        ----a-w-        c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-07-03 17:28        14298944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 09:29 . 2012-07-03 17:29        889664        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-07-03 17:29        63296        ----a-w-        c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-07-03 17:29        2561856        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-07-03 17:29        118080        ----a-w-        c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-07-03 17:29        2621723        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-07-03 17:29        3149632        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-07-03 17:29        6151488        ----a-w-        c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21        423744        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meine Traffic"="c:\progra~2\MT\MT.EXE" [2012-01-20 1412096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 21:52]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 21:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\SecuROM\License information*]
"datasecu"=hex:ae,61,5c,c9,66,0b,d7,32,c9,fb,48,1c,0b,65,cf,e5,4e,28,a4,40,87,
  d2,dd,94,12,91,65,f0,57,dc,0f,06,39,54,1b,6b,e8,c1,81,0a,b4,e3,f9,ce,37,bd,\
"rkeysecu"=hex:bb,9f,76,9b,9d,f0,dd,96,60,d3,f0,6b,fb,f4,fb,41
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-05  17:55:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-05 15:55
.
Vor Suchlauf: 10 Verzeichnis(se), 242.467.049.472 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 243.344.855.040 Bytes frei
.
- - End Of File - - FCF65C088BD950F7AF710ED1C39F37AC
Hatte anschließend Win7 manuell selber 1x neugestartet (nach combofix-Neustart und log-Anzeige) da antivir sich nicht sofort starten ließ.

Danke Dir Arne

Hätte da noch ein paar Fragen:

1. Ist jetzt derzeit mein System sauber?

2. Ich möchte 2 Bootpartitionen haben, sozusagen einen Bootmanager am Anfang...einmal Win7 als system und einemal linux (ubuntu o.ä.) Muß ich den Rechner neuaufsetzen? Lohnt sich das? Bin ein ONU (otto-Normal-User), mit ein paar erweiteren Kenntnissen.

3. Lohnt sich die Installation eines Sandkasten für den Browser für mich?

Gruß Frank


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131