Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Computer gesperrt durch Bundespolizei (https://www.trojaner-board.de/124371-computer-gesperrt-bundespolizei.html)

Iknazio 20.09.2012 09:31
Computer gesperrt durch Bundespolizei
 
Hallo Freunde,
ich habe mir den Trojaner eingefangen der mir mit dem formschönen aber ärgerlichen "Die Bundespolizei hat Ihren Rechner gesperrt" Bildchen den ganzen Rechner blockiert.

Rechner: Desktop-Rechner
IntelCore2 Quad Q6600, 2,4GHz
3072MB SDRAM, 64bit
Windows Vista 32bit

Rechner wurde im abgesicherten Modus gestartet.
Die Bildschirm-Auflösung ist dann anders, keine Ahnung ob das normal ist.
Malware, OTL, Defogger und gmer liegen schon auf dem desktop bereit, aber ich kann, zwecks fehlender Internet-verbindung, kein update für malware machen. die rules.ref datei hab ich auf dem stick (von meinem Laptop rübergezogen) aber den Folder ProgrammData gibt's auf dem Desktop-Rechner nicht, was kann ich da machen?
Wohin soll ich die rules-datei kopieren?

Habe schon einiges hier gelesen und da ich mich nicht wirklich gut, im Sinne von schlecht, mit meinem Rechner auskenne, ist mir schon Angst und Bange davor was nun kommt.
Ich hatte noch nie sowas...

Ich hoffe Ihr bringt mich da durch, wünsche Euch und mir Geduld :-)

Vielen Dank schonmal für die Hilfe

cheerio
Iknazio

ok, hab die "mbam-rules.exe" runtergeladen, scheint zu funktionieren.
scan läuft, werde dann die logs posten.

Iknazio 20.09.2012 11:59
log dateien von malware angehängt.

Iknazio 20.09.2012 12:08
sorry, vergesst den anhang, da waren 2 abgebrochene versuche dabei ;-)
hier jetzt das richtige...

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.17.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
zankit :: ZANKIT-SERVER [Administrator]

20.09.2012 11:12:13
mbam-log-2012-09-20 (11-12-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417279
Laufzeit: 49 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\zankit\ms.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Defogger hat nix

hier das OTL log:

OTL Logfile:
Code:
OTL logfile created on: 20.09.2012 13:03:50 - Run 1
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\zankit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,73% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 301,61 Gb Free Space | 67,66% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,92 Gb Free Space | 54,61% Space Free | Partition Type: FAT32
 
Computer Name: ZANKIT-SERVER | User Name: zankit | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 11:24:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.29 15:48:42 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.02.02 23:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007.03.12 23:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll
MOD - [2006.05.14 13:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll
MOD - [2005.02.17 23:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 11:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012.09.04 09:26:36 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.11 21:09:16 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011.06.02 18:10:46 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010.11.30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.09.07 11:07:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012.09.07 11:07:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012.08.01 10:51:35 | 000,228,376 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012.08.01 10:51:35 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011.07.01 09:35:47 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Programme\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011.06.02 18:10:47 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010.08.20 18:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.08.20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- c:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 17:57:04 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A812E1BB-14C4-405E-B824-F4E508228D59}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=IEFM&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=V54OEHjrmOsMZdOgBFq8ciS8jUw?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{A812E1BB-14C4-405E-B824-F4E508228D59}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=IEFM&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://search.myheritage.com/"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=1157&systemid=1&sr=0&q="
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\zankit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.05 13:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 13:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 16:27:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
 
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Extensions
[2012.08.20 14:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions
[2009.10.01 12:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.10 12:58:13 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.02.09 12:57:09 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2011.06.10 13:08:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\engine@conduit.com
[2011.04.06 11:26:55 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com
[2012.08.20 14:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\staged
[2010.10.10 16:46:56 | 000,004,669 | ---- | M] () (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\firefox\profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
[2011.08.16 10:07:48 | 000,000,935 | ---- | M] () -- C:\Users\zankit\AppData\Roaming\mozilla\firefox\profiles\m914852j.default\searchplugins\conduit.xml
[2012.05.10 12:57:54 | 000,002,517 | ---- | M] () -- C:\Users\zankit\AppData\Roaming\mozilla\firefox\profiles\m914852j.default\searchplugins\Search_Results.xml
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.29 09:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.06.11 11:09:23 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 11:26:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.10 12:57:54 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Facemoods = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: Google Mail = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [gjohsjyxjgqrkda] C:\ProgramData\gjohsjyx.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B7C135-B02D-4EA3-A6BB-EAB071E7C218}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4F6B54-CC46-486E-83FC-323E81F62EA8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.07 12:08:34 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell\AutoRun\command - "" = I:\DVD-WRITER.exe
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.20 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Malwarebytes
[2012.09.20 10:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 10:12:12 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.20 10:10:57 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\deahgmifjhzytbh
[2012.09.07 11:07:30 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\Ahnenblatt
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ahnenblatt
[2012.09.03 19:32:13 | 004,697,808 | ---- | C] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\MyHeritage
[2012.09.03 19:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage
[2012.08.28 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\zankit\Desktop\stencils_icons
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 13:00:54 | 000,000,000 | ---- | M] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 12:57:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 12:18:18 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 12:18:17 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 12:18:16 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.20 10:49:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.20 10:09:18 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.20 10:09:17 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.20 10:09:17 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.20 10:09:17 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.19 12:50:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 11:44:10 | 000,302,592 | ---- | M] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.19 11:24:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.19 11:20:12 | 000,050,477 | ---- | M] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.19 10:39:12 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:35:34 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.18 18:22:08 | 000,076,348 | ---- | M] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.18 18:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.18 18:19:57 | 000,080,896 | ---- | M] () -- C:\ProgramData\gjohsjyx.exe
[2012.09.18 17:56:35 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.17 17:23:08 | 000,005,603 | ---- | M] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | M] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | M] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | M] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | M] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | M] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | M] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.06 09:45:00 | 000,220,711 | ---- | M] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | M] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | M] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:32:16 | 004,697,808 | ---- | M] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:27:07 | 029,083,344 | ---- | M] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | M] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[2012.08.27 10:58:13 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.08.22 12:08:00 | 000,017,439 | ---- | M] () -- C:\Users\zankit\Desktop\Invoice James J Halford No. 051.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.20 13:00:54 | 000,000,000 | ---- | C] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 10:13:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.20 10:12:29 | 000,050,477 | ---- | C] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.20 10:11:24 | 000,302,592 | ---- | C] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.18 18:22:08 | 000,080,896 | ---- | C] () -- C:\ProgramData\gjohsjyx.exe
[2012.09.18 18:19:58 | 000,076,348 | ---- | C] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.17 17:23:06 | 000,005,603 | ---- | C] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | C] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | C] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | C] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | C] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | C] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | C] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.06 09:45:00 | 000,220,711 | ---- | C] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | C] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | C] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:26:32 | 029,083,344 | ---- | C] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | C] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[2012.08.27 10:49:37 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012.08.22 12:08:00 | 000,017,439 | ---- | C] () -- C:\Users\zankit\Desktop\Invoice James J Halford No. 051.odt
[2012.01.27 14:24:41 | 003,445,337 | ---- | C] () -- C:\Users\zankit\ROUGH_Shake_01.mp3
[2012.01.27 14:24:41 | 002,811,497 | ---- | C] () -- C:\Users\zankit\roughmix fight_01.mp3
[2011.06.25 08:42:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.06.25 08:42:02 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.04.19 08:43:00 | 000,998,677 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.04.05 14:17:18 | 000,120,075 | ---- | C] () -- C:\Users\zankit\Interessenbogen_WJ.pdf
[2010.11.11 16:09:50 | 000,389,302 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf +.pdf
[2010.10.25 13:14:44 | 000,000,076 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\Default.PLS
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Space Choir
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Solid Colors
[2010.10.07 09:48:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.10.07 09:48:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2010.10.07 09:46:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jazz
[2010.10.07 09:46:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Spacious
[2010.10.07 09:46:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\BSD
[2010.10.07 09:33:45 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Sound Effects
[2010.10.07 09:29:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010.06.20 11:42:42 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.20 11:36:10 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.28 08:54:57 | 000,000,760 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\setup_ldm.iss
[2010.03.10 16:30:22 | 000,389,715 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV+.pdf
[2010.03.08 19:42:41 | 000,384,593 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf.pdf
[2010.02.23 10:17:38 | 000,000,025 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\bdfvconp.ini
[2009.09.09 11:27:39 | 000,326,518 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV.pdf
[2009.05.05 20:26:04 | 000,008,879 | ---- | C] () -- C:\Users\zankit\ztet_03.jpg
[2009.05.05 20:25:58 | 000,006,362 | ---- | C] () -- C:\Users\zankit\ztet_02.jpg
[2009.05.05 20:25:53 | 000,011,644 | ---- | C] () -- C:\Users\zankit\ztet_08.jpg
[2009.05.05 20:25:37 | 000,048,612 | ---- | C] () -- C:\Users\zankit\ztet_01.jpg
[2009.05.05 20:25:32 | 000,005,686 | ---- | C] () -- C:\Users\zankit\ztet_07.jpg
[2009.05.05 20:23:11 | 000,005,500 | ---- | C] () -- C:\Users\zankit\ztet_04.gif
[2009.04.04 12:31:19 | 000,047,994 | ---- | C] () -- C:\Users\zankit\sylvia logo.pdf
[2008.08.17 13:16:05 | 290,538,496 | ---- | C] () -- C:\Users\zankit\postein17808.pst
[2008.08.17 13:11:31 | 001,033,216 | ---- | C] () -- C:\Users\zankit\kal17808.pst
[2008.08.17 13:02:57 | 542,458,880 | ---- | C] () -- C:\Users\zankit\backup.pst
[2008.07.18 09:59:29 | 000,007,916 | ---- | C] () -- C:\Users\zankit\AppData\Local\d3d9caps.dat
[2008.07.17 22:49:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.17 14:41:28 | 000,060,928 | ---- | C] () -- C:\Users\zankit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.02.27 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\4Media
[2012.09.04 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2011.11.15 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Bitcoin
[2011.04.19 09:20:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\BitDefender
[2012.07.18 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Blender Foundation
[2012.09.18 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Dropbox
[2012.04.25 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FileZilla
[2011.04.11 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeAudioPack
[2011.04.11 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeCDRipper
[2011.08.12 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\go
[2010.05.29 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Leadertech
[2012.05.10 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\MusicNet
[2012.07.27 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Need for Speed World
[2010.10.07 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nikon
[2010.06.23 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nokia
[2011.04.19 08:01:08 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Opera
[2010.06.22 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\PC Suite
[2009.10.22 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Peace Craft
[2011.04.19 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\QuickScan
[2008.12.05 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Spellborn Downloader
[2008.07.20 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ulead Systems
[2011.11.14 12:19:01 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
[/code]

und die extras:

OTL Logfile:
Code:
OTL Extras logfile created on: 20.09.2012 13:03:50 - Run 1
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\zankit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,73% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 301,61 Gb Free Space | 67,66% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,92 Gb Free Space | 54,61% Space Free | Partition Type: FAT32
 
Computer Name: ZANKIT-SERVER | User Name: zankit | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23C976A4-26AF-45AE-ADC3-B2A82E809AA9}" = rport=138 | protocol=17 | dir=out | app=system |
"{2874F68B-6188-41E5-90C3-6455BF27DAC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{2AE23A41-F785-492F-A4AA-D2CF90AB2870}" = lport=139 | protocol=6 | dir=in | app=system |
"{31BF188F-F03A-4506-9255-2E959B578967}" = rport=445 | protocol=6 | dir=out | app=system |
"{325F69B8-8234-4652-A89F-D52C0F2C67E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DD2844B-8D18-451E-B080-2234F4C7D2AB}" = rport=139 | protocol=6 | dir=out | app=system |
"{4A3DAFFD-4021-4DB1-B216-C76FEB3FF143}" = lport=138 | protocol=17 | dir=in | app=system |
"{629C4A15-E494-40B0-8894-0BB31BAFE1DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C632FB1-A609-4F9D-80E0-81D59585A696}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{871D9D25-F4D0-4276-BB27-D222F5155406}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C807128E-6720-4A65-B756-25ABC5F2F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D54F48D0-5D52-4201-A6DD-FA456D7C2D5D}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{F9E68322-A962-4815-8B0F-6DB750897175}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1379CFE5-D837-4D16-9F8B-FE96B4A4E816}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{155E6A4D-75DC-4000-ACC0-A173323331CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19F68800-AD9B-4DA2-A174-B338AA33697C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1D50B077-71E3-497E-AF08-C48CE8D230FB}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{2762AB4E-4B03-4AF9-8A8F-D75EB12BC7D5}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{291992A6-7727-4C90-A93D-2A79383AB60B}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{2BB0880D-4062-4870-A82B-4DD467000435}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{33DC2FEC-4BDF-4454-A991-C7FD4FB786D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3A80D618-DACB-44F4-BB6D-3E90984764D1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B53117B-C794-4BE4-96B8-E7FBEE574909}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3BF3620B-C5C3-480B-A050-5ECE76375CC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FEC34E3-63C1-48FE-A12E-B176B671E85F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{425C8777-B1A3-490F-97E6-E8BFA0894262}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5224A520-6B18-492E-A075-B5AE6D4C1E63}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{558638E4-7F91-47DE-BD01-0D2056B26067}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{67083C61-3752-4086-BC28-ACF94319C2F9}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{71682D17-9300-4FF1-9220-D364A75E957A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{74B1150F-AB8A-4B8C-B166-C76494C21960}" = protocol=6 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe |
"{87F09664-E8F6-4FCF-B68F-DB53F9EA3AA7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9199742B-83D1-4C77-9E02-B18C1BE115F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F6700FE-9205-4A77-9E8F-2166DC360AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AC99D272-27E6-40A6-BDC3-98FB01FE17C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C68AC561-EAF6-404F-AC51-BB2374804646}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D0F44B58-4DD1-459A-9D18-F69E97D5885D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D7369D91-F35C-473D-AF18-EFBD945D76BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBA1E31C-AAE1-4E33-A795-4B9039A7352A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{DF71B3C8-95EA-4368-AFBE-CBB0E3EAE071}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E49F89C5-AF78-47BF-921B-960E2FDB20F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4F39962-9A38-40AE-AD51-32E8D055D3AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E98A0256-E748-4E66-9823-AEB39A99C5F9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EB96714E-DBB5-4F76-9382-F0928F4042DC}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{F0496759-D4D5-4588-85C6-0B9EE7B3B6AD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{FC182528-E3E7-4728-B558-4A5A79CFF193}" = protocol=17 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0BB2B016-A1F1-41B7-B05C-8CAE0DA28666}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{1151ABA4-2B5F-4D70-B85C-DC9F508BCD18}C:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{31A372A4-AE64-4335-8255-A01A4FD63D51}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{6BACD7D3-AE33-4756-964D-D81E66D81234}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{93144B61-CDDA-4F21-B439-F7094DDA3512}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E3A34522-9695-44FA-9D1B-8D40E601F976}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{17613781-05E4-4F16-8119-ED5E00B990F1}C:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1D992755-3F51-4650-89CF-F9EB3440DFBA}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{4F119F6E-89E6-4F45-8947-139CBB28B404}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{AE740EF3-F32B-4757-B6D7-6F9813D9C0E4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D2A06792-AE48-4814-8015-C526387D189D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{FC4B4F59-E2BE-4276-B8DA-6B211F97832C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Internet Security 2011
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{E23FFC9A-5388-45F1-8BFB-61DA9A94CDF7}" = Skat 7.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ahnenblatt_is1" = Ahnenblatt 2.71
"BitDefender" = BitDefender Internet Security 2011
"Blender" = Blender
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.1.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Rapport_msi" = Rapport
"STANDARDR" = Microsoft Office Standard 2007
"TUGZip_is1" = TUGZip 3.5
"Wincore MediaBar" = Wincore MediaBar
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2012 12:34:41 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description =
 
Error - 19.09.2012 06:50:21 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description =
 
Error - 19.09.2012 06:51:42 | Computer Name = zankit-Server | Source = RasClient | ID = 20227
Description =
 
Error - 19.09.2012 06:53:40 | Computer Name = zankit-Server | Source = RasClient | ID = 20227
Description =
 
Error - 20.09.2012 03:44:55 | Computer Name = zankit-Server | Source = EventSystem | ID = 4609
Description =
 
Error - 20.09.2012 03:45:23 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description =
 
Error - 20.09.2012 04:05:48 | Computer Name = zankit-Server | Source = EventSystem | ID = 4609
Description =
 
Error - 20.09.2012 04:06:31 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description =
 
Error - 20.09.2012 06:58:50 | Computer Name = zankit-Server | Source = EventSystem | ID = 4609
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 20.08.2009 11:33:53 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 257845
 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2009 09:31:05 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 08.02.2011 04:27:54 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.02.2011 05:21:11 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.07.2011 06:30:42 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10095
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 02.09.2011 10:55:51 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 28316
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error - 27.09.2011 05:12:58 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7517
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 14.10.2011 04:52:56 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6046
 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error - 30.11.2011 05:26:28 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2240
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2012 13:09:43 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32167
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7026
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:25 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 06:59:26 | Computer Name = zankit-Server | Source = DCOM | ID = 10005
Description =
 
Error - 20.09.2012 06:59:26 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description =
 
 
< End of report >
--- --- ---
[/code]

hab jetzt mal den pc im normalen modus gestartet und hab immernoch das schöne bildchen von der bundespolizei...
heul...

und jetzt?

cosinus 24.09.2012 11:38
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Iknazio 24.09.2012 13:12
ja, das funktioniert.

hab jetzt auch gleich noch mal malware einen komplett-scan machen lassen, mit dem neuesten update und es wurde wieder was gefunden.
hier das log:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
zankit :: ZANKIT-SERVER [Administrator]

24.09.2012 14:38:48
mbam-log-2012-09-24 (14-38-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418699
Laufzeit: 51 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gjohsjyxjgqrkda (Trojan.Winlock) -> Daten: C:\ProgramData\gjohsjyx.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\gjohsjyx.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

nochmal OTL drüberjagen?

cosinus 24.09.2012 18:53

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Iknazio 25.09.2012 16:51
ohmann bin ich verseucht...
hier das eset log:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a60d838779c03b4b93cbbd6a06f2827b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-25 03:48:37
# local_time=2012-09-25 05:48:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 45389610 186115369 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# scanned=200453
# found=9
# cleaned=0
# scan_time=5476
C:\Program Files\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\DnsBHO.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\deahgmifjhzytbh\main.html        HTML/Ransom.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\deahgmifjhzytbh\main.html        HTML/Ransom.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\zankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NYV6M1Z\brand_files[1].7zip        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\zankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V14474CY\firstload_com[1].htm        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

cosinus 25.09.2012 19:28
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Iknazio 26.09.2012 08:30
Code:
# AdwCleaner v2.003 - Datei am 09/26/2012 um 09:29:33 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : zankit - ZANKIT-SERVER
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\zankit\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\facemoods.com
Ordner Gefunden : C:\ProgramData\~0
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\mediabarim
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\ConduitCommon
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\CT2849855
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\engine@conduit.com
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\mediabarim

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\facemoods.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\facemoods.com
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Schlüssel Gefunden : HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

-\\ Mozilla Firefox v6.0 (de)

Profilname : default
Datei : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\prefs.js

Gefunden : user_pref("CT2849855..clientLogIsEnabled", false);
Gefunden : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Gefunden : user_pref("CT2849855.CT2849855", "CT2849855");
Gefunden : user_pref("CT2849855.CurrentServerDate", "25-9-2012");
Gefunden : user_pref("CT2849855.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2849855.EMailNotifierPollDate", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedLastCount129349796701375473", 352);
Gefunden : user_pref("CT2849855.FeedPollDate129313974171006416", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313975698350231", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313976370850190", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313976648818968", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313977444757117", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313980389131455", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313980655381977", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313980886163259", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313981234756535", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313983226631720", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313983607725691", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Gefunden : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Gefunden : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Gefunden : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Gefunden : user_pref("CT2849855.FirstServerDate", "19-4-2012");
Gefunden : user_pref("CT2849855.FirstTime", true);
Gefunden : user_pref("CT2849855.FirstTimeFF3", true);
Gefunden : user_pref("CT2849855.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2849855.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2849855.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2849855.Initialize", true);
Gefunden : user_pref("CT2849855.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2849855.InstallationType", "Unknown");
Gefunden : user_pref("CT2849855.InstalledDate", "Thu Apr 19 2012 20:07:04 GMT+0200");
Gefunden : user_pref("CT2849855.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2849855.IsGrouping", false);
Gefunden : user_pref("CT2849855.IsInitSetupIni", true);
Gefunden : user_pref("CT2849855.IsMulticommunity", false);
Gefunden : user_pref("CT2849855.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2849855.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2849855.IsProtectorsInit", true);
Gefunden : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2849855.LastLogin_3.14.1.0", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.LastLogin_3.6.0.10", "Mon Aug 20 2012 14:20:42 GMT+0200");
Gefunden : user_pref("CT2849855.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2849855.Locale", "de");
Gefunden : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Gefunden : user_pref("CT2849855.SearchEngineBeforeUnload", "Search Results");
Gefunden : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gefunden : user_pref("CT2849855.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2849855.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.SettingsLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.SettingsLastUpdate", "1348495115");
Gefunden : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Tue Sep 25 2012 16:05:03 GMT+0200");
Gefunden : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Gefunden : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2849855.UserID", "UN03201696733962012");
Gefunden : user_pref("CT2849855.ValidationData_Toolbar", 1);
Gefunden : user_pref("CT2849855.WeatherNetwork", "");
Gefunden : user_pref("CT2849855.WeatherPollDate", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.WeatherUnit", "C");
Gefunden : user_pref("CT2849855.alertChannelId", "1241896");
Gefunden : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gefunden : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6D6A6E6C746E7275");
Gefunden : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737074727A74787B242F4B4947[...]
Gefunden : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3E6840703F6E746F7A47797A7A20754C4E4D257E2021522A26[...]
Gefunden : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gefunden : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gefunden : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Gefunden : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "3A3F6C3E6C6D6E6E7A774545487B79794B774C517B");
Gefunden : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6A6E6C746D776F717172");
Gefunden : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2849855.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gefunden : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gefunden : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2849855.initDone", true);
Gefunden : user_pref("CT2849855.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT2849855.myStuffEnabled", true);
Gefunden : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2849855.revertSettingsEnabled", true);
Gefunden : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2849855.testingCtid", "");
Gefunden : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "BittorrentBar_DE Customized Web Search");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"a57[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\zankit\\AppData\\Roaming\\Mozilla\\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Gefunden : user_pref("CommunityToolbar.globalUserId", "f7112911-cc29-48d7-b4e7-04ed2a761d1f");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:0[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 16:05:15 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "3ae3c37e-0168-4121-8bef-92a67dcee737");
Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.defaultthis.engineName", "BittorrentBar_DE Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("browser.search.selectedEngine", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.64.1403.0

Datei : C:\Users\zankit\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24995 octets] - [26/09/2012 09:29:33]

########## EOF - C:\AdwCleaner[R1].txt - [25056 octets] ##########

cosinus 26.09.2012 15:27
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Iknazio 26.09.2012 15:40
Code:
# AdwCleaner v2.003 - Datei am 09/26/2012 um 16:31:45 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : zankit - ZANKIT-SERVER
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\zankit\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\facemoods.com
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\mediabarim
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\ConduitCommon
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\CT2849855
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\mediabarim

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v6.0 (de)

Profilname : default
Datei : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\prefs.js

Gelöscht : user_pref("CT2849855..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Gelöscht : user_pref("CT2849855.CT2849855", "CT2849855");
Gelöscht : user_pref("CT2849855.CurrentServerDate", "25-9-2012");
Gelöscht : user_pref("CT2849855.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2849855.EMailNotifierPollDate", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedLastCount129349796701375473", 352);
Gelöscht : user_pref("CT2849855.FeedPollDate129313974171006416", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313975698350231", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313976370850190", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313976648818968", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313977444757117", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980389131455", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980655381977", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980886163259", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313981234756535", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313983226631720", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313983607725691", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Gelöscht : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Gelöscht : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Gelöscht : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Gelöscht : user_pref("CT2849855.FirstServerDate", "19-4-2012");
Gelöscht : user_pref("CT2849855.FirstTime", true);
Gelöscht : user_pref("CT2849855.FirstTimeFF3", true);
Gelöscht : user_pref("CT2849855.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2849855.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2849855.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2849855.Initialize", true);
Gelöscht : user_pref("CT2849855.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2849855.InstallationType", "Unknown");
Gelöscht : user_pref("CT2849855.InstalledDate", "Thu Apr 19 2012 20:07:04 GMT+0200");
Gelöscht : user_pref("CT2849855.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2849855.IsGrouping", false);
Gelöscht : user_pref("CT2849855.IsInitSetupIni", true);
Gelöscht : user_pref("CT2849855.IsMulticommunity", false);
Gelöscht : user_pref("CT2849855.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2849855.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2849855.IsProtectorsInit", true);
Gelöscht : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2849855.LastLogin_3.14.1.0", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.LastLogin_3.6.0.10", "Mon Aug 20 2012 14:20:42 GMT+0200");
Gelöscht : user_pref("CT2849855.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2849855.Locale", "de");
Gelöscht : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Gelöscht : user_pref("CT2849855.SearchEngineBeforeUnload", "Search Results");
Gelöscht : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gelöscht : user_pref("CT2849855.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2849855.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.SettingsLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.SettingsLastUpdate", "1348495115");
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Tue Sep 25 2012 16:05:03 GMT+0200");
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Gelöscht : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2849855.UserID", "UN03201696733962012");
Gelöscht : user_pref("CT2849855.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2849855.WeatherNetwork", "");
Gelöscht : user_pref("CT2849855.WeatherPollDate", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.WeatherUnit", "C");
Gelöscht : user_pref("CT2849855.alertChannelId", "1241896");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6D6A6E6C746E7275");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737074727A74787B242F4B4947[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3E6840703F6E746F7A47797A7A20754C4E4D257E2021522A26[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "3A3F6C3E6C6D6E6E7A774545487B79794B774C517B");
Gelöscht : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6A6E6C746D776F717172");
Gelöscht : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2849855.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gelöscht : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2849855.initDone", true);
Gelöscht : user_pref("CT2849855.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2849855.myStuffEnabled", true);
Gelöscht : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2849855.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2849855.testingCtid", "");
Gelöscht : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "BittorrentBar_DE Customized Web Search");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"a57[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\zankit\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "f7112911-cc29-48d7-b4e7-04ed2a761d1f");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:0[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 16:05:15 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "3ae3c37e-0168-4121-8bef-92a67dcee737");
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "BittorrentBar_DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.64.1403.0

Datei : C:\Users\zankit\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [25200 octets] - [26/09/2012 16:31:45]

########## EOF - C:\AdwCleaner[S1].txt - [25261 octets] ##########

cosinus 26.09.2012 16:34
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Iknazio 26.09.2012 17:04
Dachte mir schon, dass wir noch nicht fertig sind :heulen:

Trotzdem schonmal 1000Dank, weil:

der normale modus scheint wieder zu gehen, startet und lädt in normaler Geschwindigeit, Office Programme öffnen brav, Internet läuft.
Im Start-Menü fehlt nichts, in allen Ordnern ist was drin, ich vermisse auf den ersten Blick Nichts.

Und jetzt?

cosinus 27.09.2012 11:36
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Iknazio 27.09.2012 12:30
mein verseuchter rechner wollte OTL nicht runterladen,.. musste vom laptop über usb-stick rüberziehen,..

OTL Logfile:
Code:
OTL logfile created on: 27.09.2012 12:53:32 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\zankit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,63% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 297,93 Gb Free Space | 66,84% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,92 Gb Free Space | 54,61% Space Free | Partition Type: FAT32
Drive I: | 0,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 125,93 Mb Total Space | 82,75 Mb Free Space | 65,71% Space Free | Partition Type: FAT
 
Computer Name: ZANKIT-SERVER | User Name: zankit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.27 12:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
PRC - [2012.09.07 11:07:12 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Programme\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012.09.07 11:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2011.07.11 21:09:17 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011.07.11 21:09:16 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011.06.02 18:11:23 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011.06.02 18:10:46 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 13:30:08 | 001,840,424 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Programme\Trusteer\Rapport\bin\js32.dll
MOD - [2012.08.01 10:51:35 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.07.11 21:09:14 | 000,185,040 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2011\framework.dll
MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011.06.02 18:11:09 | 000,189,184 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011.06.02 18:11:09 | 000,109,344 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2011\connector.dll
MOD - [2011.05.26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008.09.29 15:48:42 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.02.02 23:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007.03.12 23:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll
MOD - [2006.05.14 13:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll
MOD - [2005.02.17 23:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.26 18:20:52 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 11:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.11 21:09:16 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011.06.02 18:10:46 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010.11.30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.09.07 11:07:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012.09.07 11:07:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012.08.01 10:51:35 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012.08.01 10:51:35 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011.07.01 09:35:47 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Programme\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011.06.02 18:10:47 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010.08.20 18:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.08.20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 17:57:04 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A812E1BB-14C4-405E-B824-F4E508228D59}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=IEFM&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.myheritage.com/"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
FF - prefs.js..extensions.enabledAddons: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.14.1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\zankit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.05 13:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 13:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 16:27:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
 
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Extensions
[2012.09.26 16:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions
[2009.10.01 12:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.29 09:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.06.11 11:09:23 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\ZANKIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M914852J.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
File not found (No name found) -- C:\USERS\ZANKIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M914852J.DEFAULT\EXTENSIONS\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 11:26:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Mail = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B7C135-B02D-4EA3-A6BB-EAB071E7C218}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4F6B54-CC46-486E-83FC-323E81F62EA8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.07 12:08:34 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007.02.08 05:09:56 | 000,000,235 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell\AutoRun\command - "" = I:\DVD-WRITER.exe
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 12:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.26 18:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2012.09.24 11:01:31 | 007,493,256 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-rules.exe
[2012.09.20 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Malwarebytes
[2012.09.20 10:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 10:10:57 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\deahgmifjhzytbh
[2012.09.07 11:07:30 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\Ahnenblatt
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ahnenblatt
[2012.09.03 19:32:13 | 004,697,808 | ---- | C] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\MyHeritage
[2012.09.03 19:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 12:54:25 | 000,628,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.27 12:54:25 | 000,595,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.27 12:54:25 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.27 12:54:25 | 000,103,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.27 12:51:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 12:51:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 12:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.27 12:42:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.27 12:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.27 09:42:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 09:24:50 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.27 09:24:50 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.27 09:24:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.26 18:11:08 | 000,001,024 | ---- | M] () -- C:\Users\zankit\.rnd
[2012.09.26 16:30:39 | 000,513,501 | ---- | M] () -- C:\Users\zankit\Desktop\adwcleaner.exe
[2012.09.20 13:00:54 | 000,000,000 | ---- | M] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 11:08:44 | 007,493,256 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-rules.exe
[2012.09.20 10:49:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.19 11:44:10 | 000,302,592 | ---- | M] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.19 11:20:12 | 000,050,477 | ---- | M] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.19 10:39:12 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:22:08 | 000,076,348 | ---- | M] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.17 17:23:08 | 000,005,603 | ---- | M] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | M] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | M] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | M] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | M] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | M] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | M] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.06 09:45:00 | 000,220,711 | ---- | M] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | M] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | M] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:32:16 | 004,697,808 | ---- | M] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:27:07 | 029,083,344 | ---- | M] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | M] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.26 18:11:31 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2012.09.26 18:11:07 | 000,001,024 | ---- | C] () -- C:\Users\zankit\.rnd
[2012.09.26 16:30:39 | 000,513,501 | ---- | C] () -- C:\Users\zankit\Desktop\adwcleaner.exe
[2012.09.20 13:00:54 | 000,000,000 | ---- | C] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 10:13:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.20 10:12:29 | 000,050,477 | ---- | C] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.20 10:11:24 | 000,302,592 | ---- | C] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.18 18:19:58 | 000,076,348 | ---- | C] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.17 17:23:06 | 000,005,603 | ---- | C] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | C] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | C] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | C] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | C] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | C] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | C] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.06 09:45:00 | 000,220,711 | ---- | C] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | C] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | C] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:26:32 | 029,083,344 | ---- | C] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | C] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[2012.01.27 14:24:41 | 003,445,337 | ---- | C] () -- C:\Users\zankit\ROUGH_Shake_01.mp3
[2012.01.27 14:24:41 | 002,811,497 | ---- | C] () -- C:\Users\zankit\roughmix fight_01.mp3
[2011.06.25 08:42:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.06.25 08:42:02 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.04.19 08:43:00 | 000,998,677 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.04.05 14:17:18 | 000,120,075 | ---- | C] () -- C:\Users\zankit\Interessenbogen_WJ.pdf
[2010.11.11 16:09:50 | 000,389,302 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf +.pdf
[2010.10.25 13:14:44 | 000,000,076 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\Default.PLS
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Space Choir
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Solid Colors
[2010.10.07 09:48:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.10.07 09:48:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2010.10.07 09:46:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jazz
[2010.10.07 09:46:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Spacious
[2010.10.07 09:46:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\BSD
[2010.10.07 09:33:45 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Sound Effects
[2010.10.07 09:29:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010.06.20 11:42:42 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.20 11:36:10 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.28 08:54:57 | 000,000,760 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\setup_ldm.iss
[2010.03.10 16:30:22 | 000,389,715 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV+.pdf
[2010.03.08 19:42:41 | 000,384,593 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf.pdf
[2010.02.23 10:17:38 | 000,000,025 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\bdfvconp.ini
[2009.09.09 11:27:39 | 000,326,518 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV.pdf
[2009.05.05 20:26:04 | 000,008,879 | ---- | C] () -- C:\Users\zankit\ztet_03.jpg
[2009.05.05 20:25:58 | 000,006,362 | ---- | C] () -- C:\Users\zankit\ztet_02.jpg
[2009.05.05 20:25:53 | 000,011,644 | ---- | C] () -- C:\Users\zankit\ztet_08.jpg
[2009.05.05 20:25:37 | 000,048,612 | ---- | C] () -- C:\Users\zankit\ztet_01.jpg
[2009.05.05 20:25:32 | 000,005,686 | ---- | C] () -- C:\Users\zankit\ztet_07.jpg
[2009.05.05 20:23:11 | 000,005,500 | ---- | C] () -- C:\Users\zankit\ztet_04.gif
[2009.04.04 12:31:19 | 000,047,994 | ---- | C] () -- C:\Users\zankit\sylvia logo.pdf
[2008.08.17 13:16:05 | 290,538,496 | ---- | C] () -- C:\Users\zankit\postein17808.pst
[2008.08.17 13:11:31 | 001,033,216 | ---- | C] () -- C:\Users\zankit\kal17808.pst
[2008.08.17 13:02:57 | 542,458,880 | ---- | C] () -- C:\Users\zankit\backup.pst
[2008.07.18 09:59:29 | 000,007,916 | ---- | C] () -- C:\Users\zankit\AppData\Local\d3d9caps.dat
[2008.07.17 22:49:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.17 14:41:28 | 000,060,928 | ---- | C] () -- C:\Users\zankit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.03.26 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\kaba\AppData\Roaming\BullGuard
[2011.02.27 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\4Media
[2012.09.04 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2011.11.15 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Bitcoin
[2011.04.19 09:20:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\BitDefender
[2012.07.18 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Blender Foundation
[2012.09.27 08:53:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Dropbox
[2012.04.25 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FileZilla
[2011.04.11 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeAudioPack
[2011.04.11 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeCDRipper
[2011.08.12 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\go
[2010.05.29 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Leadertech
[2012.05.10 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\MusicNet
[2012.07.27 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Need for Speed World
[2010.10.07 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nikon
[2010.06.23 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nokia
[2011.04.19 08:01:08 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Opera
[2010.06.22 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\PC Suite
[2009.10.22 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Peace Craft
[2011.04.19 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\QuickScan
[2008.12.05 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Spellborn Downloader
[2008.07.20 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ulead Systems
[2011.11.14 12:19:01 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.27 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\4Media
[2008.07.18 10:24:55 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Adobe
[2012.09.04 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2012.05.22 11:00:09 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Apple Computer
[2011.11.15 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Bitcoin
[2011.04.19 09:20:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\BitDefender
[2012.07.18 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Blender Foundation
[2008.10.01 12:32:47 | 000,000,000 | R--D | M] -- C:\Users\zankit\AppData\Roaming\Brother
[2010.10.25 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\CyberLink
[2012.09.27 08:53:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Dropbox
[2012.04.25 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FileZilla
[2011.04.11 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeAudioPack
[2011.04.11 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeCDRipper
[2011.08.12 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\go
[2010.12.18 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Google
[2008.07.17 14:09:29 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Identities
[2010.05.29 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Leadertech
[2008.07.17 15:07:29 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Macromedia
[2012.09.20 10:13:11 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Media Center Programs
[2012.04.27 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Media Player Classic
[2012.08.07 15:00:51 | 000,000,000 | --SD | M] -- C:\Users\zankit\AppData\Roaming\Microsoft
[2009.10.01 08:59:42 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Mozilla
[2012.05.10 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\MusicNet
[2012.07.27 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Need for Speed World
[2009.04.11 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nero
[2010.10.07 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nikon
[2010.06.23 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nokia
[2011.04.19 08:01:08 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Opera
[2010.06.22 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\PC Suite
[2009.10.22 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Peace Craft
[2011.04.19 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\QuickScan
[2012.09.04 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Skype
[2011.05.29 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\skypePM
[2008.12.05 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Spellborn Downloader
[2008.08.02 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\teamspeak2
[2008.07.20 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ulead Systems
[2011.11.14 12:19:01 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Unity
 
< %APPDATA%\*.exe /s >
[2012.09.03 19:32:29 | 000,717,665 | ---- | M] () -- C:\Users\zankit\AppData\Roaming\Ahnenblatt\unins000.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\zankit\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\zankit\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.12.02 11:23:42 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\zankit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.10.07 09:31:39 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\zankit\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2010.10.07 09:32:23 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\zankit\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.11.30 07:19:06 | 000,008,376 | ---- | M] () MD5=68F9AD291B0C16F6B4AAEBFC26960EFA -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avc3.sys
[2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avckf.sys
[2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdfm.sys
[2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdfsfltr.sys
[2010.05.13 16:52:30 | 000,105,808 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdhv.sys
[2011.06.02 18:10:47 | 000,306,320 | ---- | M] (BitDefender S.R.L.) Unable to obtain MD5 -- C:\Windows\system32\drivers\trufos.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 27.09.2012 16:20
Code:
Computer Name: ZANKIT-SERVER
Das fällt mir ja jetzt erst auf, wird das Teil als Server genutzt, privat oder gewerblich? :wtf:

Iknazio 27.09.2012 16:47
nja, als ich den Rechner gekauft hab, damals..., wollte ich ein Heimnetzwerk einrichten und hab mir gedacht "Server" wäre ein guter Name,.. allerdings bin ich kläglich gescheitert.
Dementsprechend wird das Teil einfach nur als Destop-PC genutzt.

cosinus 27.09.2012 16:51
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
[2009.10.01 12:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011.04.06 11:26:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.07 12:08:34 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007.02.08 05:09:56 | 000,000,235 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell\AutoRun\command - "" = I:\DVD-WRITER.exe
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
:Files
C:\ProgramData\deahgmifjhzytbh
C:\ProgramData\eqqivvaivoarqqp
C:\Program Files\iMesh Applications\MediaBar
C:\Users\All Users\deahgmifjhzytbh
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Iknazio 27.09.2012 17:10
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "hxxp://search.myheritage.com/" removed from browser.startup.homepage
Prefs.js: 2 removed from network.proxy.type
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTORUN.INF moved successfully.
File move failed. I:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{015344e4-d855-11e0-8831-001d9296f183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{015344e4-d855-11e0-8831-001d9296f183}\ not found.
File I:\DVD-WRITER.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0574db31-6074-11dd-b0ac-001d9296f183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0574db31-6074-11dd-b0ac-001d9296f183}\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23ffc017-32f6-11de-91ef-001d9296f183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23ffc017-32f6-11de-91ef-001d9296f183}\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
========== FILES ==========
C:\ProgramData\deahgmifjhzytbh folder moved successfully.
C:\ProgramData\eqqivvaivoarqqp moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar folder moved successfully.
File\Folder C:\Users\All Users\deahgmifjhzytbh not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\zankit\Desktop\cmd.bat deleted successfully.
C:\Users\zankit\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 579558 bytes
->Temporary Internet Files folder emptied: 7419879 bytes
->Flash cache emptied: 559 bytes
 
User: kaba
->Temp folder emptied: 1691884 bytes
->Temporary Internet Files folder emptied: 34603772 bytes
->Flash cache emptied: 956 bytes
 
User: Public
 
User: zankit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 411298707 bytes
->Java cache emptied: 7358203 bytes
->FireFox cache emptied: 29193674 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1927837 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 350652910 bytes
RecycleBin emptied: 262144 bytes
 
Total Files Cleaned = 806,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09272012_175817

Files\Folders moved on Reboot...
File move failed. I:\Autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 27.09.2012 20:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Iknazio 28.09.2012 08:38
Code:
09:33:33.0518 4768  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:33:33.0565 4768  ============================================================
09:33:33.0565 4768  Current date / time: 2012/09/28 09:33:33.0565
09:33:33.0565 4768  SystemInfo:
09:33:33.0565 4768 
09:33:33.0565 4768  OS Version: 6.0.6002 ServicePack: 2.0
09:33:33.0565 4768  Product type: Workstation
09:33:33.0565 4768  ComputerName: ZANKIT-SERVER
09:33:33.0565 4768  UserName: zankit
09:33:33.0565 4768  Windows directory: C:\Windows
09:33:33.0565 4768  System windows directory: C:\Windows
09:33:33.0566 4768  Processor architecture: Intel x86
09:33:33.0566 4768  Number of processors: 4
09:33:33.0566 4768  Page size: 0x1000
09:33:33.0566 4768  Boot type: Normal boot
09:33:33.0566 4768  ============================================================
09:33:34.0006 4768  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:33:34.0041 4768  ============================================================
09:33:34.0041 4768  \Device\Harddisk0\DR0:
09:33:34.0041 4768  MBR partitions:
09:33:34.0041 4768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B83000
09:33:34.0062 4768  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8383F, BlocksNum 0x2801402
09:33:34.0062 4768  ============================================================
09:33:34.0112 4768  C: <-> \Device\Harddisk0\DR0\Partition1
09:33:34.0130 4768  D: <-> \Device\Harddisk0\DR0\Partition2
09:33:34.0130 4768  ============================================================
09:33:34.0130 4768  Initialize success
09:33:34.0130 4768  ============================================================
09:34:23.0083 4324  ============================================================
09:34:23.0083 4324  Scan started
09:34:23.0083 4324  Mode: Manual; SigCheck; TDLFS;
09:34:23.0083 4324  ============================================================
09:34:23.0756 4324  ================ Scan system memory ========================
09:34:23.0756 4324  System memory - ok
09:34:23.0757 4324  ================ Scan services =============================
09:34:23.0912 4324  [ 651C54AC4EC5C5397C5AFF5D575CA45B ] 3xHybrid        C:\Windows\system32\DRIVERS\3xHybrid.sys
09:34:24.0182 4324  3xHybrid - ok
09:34:24.0247 4324  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:34:24.0274 4324  ACPI - ok
09:34:24.0368 4324  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:34:24.0389 4324  AdobeFlashPlayerUpdateSvc - ok
09:34:24.0465 4324  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
09:34:24.0497 4324  adp94xx - ok
09:34:24.0530 4324  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
09:34:24.0555 4324  adpahci - ok
09:34:24.0575 4324  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:34:24.0602 4324  adpu160m - ok
09:34:24.0631 4324  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
09:34:24.0652 4324  adpu320 - ok
09:34:24.0685 4324  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
09:34:24.0754 4324  AeLookupSvc - ok
09:34:24.0794 4324  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
09:34:24.0877 4324  AFD - ok
09:34:24.0912 4324  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:34:24.0932 4324  agp440 - ok
09:34:24.0969 4324  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
09:34:24.0989 4324  aic78xx - ok
09:34:25.0020 4324  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
09:34:25.0156 4324  ALG - ok
09:34:25.0177 4324  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:34:25.0196 4324  aliide - ok
09:34:25.0237 4324  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:34:25.0257 4324  amdagp - ok
09:34:25.0279 4324  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:34:25.0298 4324  amdide - ok
09:34:25.0346 4324  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
09:34:25.0399 4324  AmdK7 - ok
09:34:25.0440 4324  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
09:34:25.0476 4324  AmdK8 - ok
09:34:25.0573 4324  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
09:34:25.0635 4324  Appinfo - ok
09:34:25.0749 4324  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:34:25.0767 4324  Apple Mobile Device - ok
09:34:25.0791 4324  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
09:34:25.0812 4324  arc - ok
09:34:25.0850 4324  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:34:25.0870 4324  arcsas - ok
09:34:25.0920 4324  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:25.0958 4324  AsyncMac - ok
09:34:26.0004 4324  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi          C:\Windows\system32\drivers\atapi.sys
09:34:26.0023 4324  atapi - ok
09:34:26.0083 4324  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:34:26.0127 4324  AudioEndpointBuilder - ok
09:34:26.0149 4324  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:34:26.0179 4324  Audiosrv - ok
09:34:26.0236 4324  [ D5FB1AB93FD6C42B0EA1929995E9DE51 ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
09:34:26.0278 4324  avc3 - ok
09:34:26.0317 4324  [ 04FE75E4ECBE2C964735F7F4503F40D2 ] avckf          C:\Windows\system32\DRIVERS\avckf.sys
09:34:26.0369 4324  avckf - ok
09:34:26.0418 4324  [ 8D4EFC5C378BFFE34C298C92F37D3B14 ] bdfm            C:\Windows\system32\DRIVERS\bdfm.sys
09:34:26.0439 4324  bdfm - ok
09:34:26.0483 4324  [ 817FC12BC93A70B0449EBEFAA4D6F4D2 ] Bdfndisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
09:34:26.0501 4324  Bdfndisf - ok
09:34:26.0524 4324  [ C3E025D46368E3D18085EEF26EF6F6A1 ] bdfsfltr        C:\Windows\system32\DRIVERS\bdfsfltr.sys
09:34:26.0550 4324  bdfsfltr - ok
09:34:26.0554 4324  [ C23A8547D5EA6D0C3589961BFB7FF6D3 ] Bdftdif        C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
09:34:26.0574 4324  Bdftdif - ok
09:34:26.0630 4324  [ 2DAA9E807C11B4677CAFC1E43A98F8CE ] bdselfpr        C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
09:34:26.0650 4324  bdselfpr - ok
09:34:26.0678 4324  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:34:26.0742 4324  Beep - ok
09:34:26.0831 4324  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
09:34:26.0890 4324  BFE - ok
09:34:26.0959 4324  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
09:34:27.0058 4324  BITS - ok
09:34:27.0097 4324  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:34:27.0129 4324  blbdrive - ok
09:34:27.0190 4324  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:34:27.0213 4324  Bonjour Service - ok
09:34:27.0236 4324  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:34:27.0275 4324  bowser - ok
09:34:27.0319 4324  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:34:27.0362 4324  BrFiltLo - ok
09:34:27.0381 4324  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:34:27.0445 4324  BrFiltUp - ok
09:34:27.0472 4324  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
09:34:27.0519 4324  Browser - ok
09:34:27.0559 4324  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
09:34:27.0721 4324  Brserid - ok
09:34:27.0760 4324  [ 56F59A4011F503149AE4DE826982CA4F ] BrSerIf        C:\Windows\system32\Drivers\BrSerIf.sys
09:34:27.0793 4324  BrSerIf - ok
09:34:27.0846 4324  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:34:27.0894 4324  BrSerWdm - ok
09:34:27.0912 4324  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:34:27.0974 4324  BrUsbMdm - ok
09:34:27.0991 4324  [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer        C:\Windows\system32\Drivers\BrUsbSer.sys
09:34:28.0010 4324  BrUsbSer - ok
09:34:28.0047 4324  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:34:28.0125 4324  BTHMODEM - ok
09:34:28.0161 4324  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:34:28.0201 4324  cdfs - ok
09:34:28.0242 4324  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
09:34:28.0285 4324  cdrom - ok
09:34:28.0345 4324  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
09:34:28.0397 4324  CertPropSvc - ok
09:34:28.0417 4324  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
09:34:28.0455 4324  circlass - ok
09:34:28.0484 4324  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
09:34:28.0509 4324  CLFS - ok
09:34:28.0581 4324  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:34:28.0601 4324  clr_optimization_v2.0.50727_32 - ok
09:34:28.0699 4324  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:34:28.0776 4324  clr_optimization_v4.0.30319_32 - ok
09:34:28.0811 4324  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:34:28.0830 4324  cmdide - ok
09:34:28.0848 4324  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:34:28.0868 4324  Compbatt - ok
09:34:28.0871 4324  COMSysApp - ok
09:34:28.0887 4324  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
09:34:28.0907 4324  crcdisk - ok
09:34:28.0931 4324  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:34:28.0964 4324  Crusoe - ok
09:34:28.0999 4324  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:34:29.0052 4324  CryptSvc - ok
09:34:29.0093 4324  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:34:29.0173 4324  DcomLaunch - ok
09:34:29.0202 4324  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:34:29.0251 4324  DfsC - ok
09:34:29.0344 4324  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
09:34:29.0497 4324  DFSR - ok
09:34:29.0551 4324  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:34:29.0596 4324  Dhcp - ok
09:34:29.0650 4324  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
09:34:29.0671 4324  disk - ok
09:34:29.0744 4324  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:34:29.0782 4324  Dnscache - ok
09:34:29.0808 4324  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
09:34:29.0852 4324  dot3svc - ok
09:34:29.0908 4324  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
09:34:29.0941 4324  DPS - ok
09:34:29.0992 4324  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
09:34:30.0044 4324  drmkaud - ok
09:34:30.0087 4324  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
09:34:30.0134 4324  DXGKrnl - ok
09:34:30.0192 4324  [ 2DB565612E74E0C01780670270A6FD7F ] e1express      C:\Windows\system32\DRIVERS\e1e6032.sys
09:34:30.0214 4324  e1express - ok
09:34:30.0255 4324  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
09:34:30.0321 4324  E1G60 - ok
09:34:30.0354 4324  EagleXNt - ok
09:34:30.0383 4324  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
09:34:30.0425 4324  EapHost - ok
09:34:30.0488 4324  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:34:30.0510 4324  Ecache - ok
09:34:30.0551 4324  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
09:34:30.0618 4324  ehRecvr - ok
09:34:30.0636 4324  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
09:34:30.0664 4324  ehSched - ok
09:34:30.0674 4324  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
09:34:30.0702 4324  ehstart - ok
09:34:30.0743 4324  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
09:34:30.0771 4324  elxstor - ok
09:34:30.0844 4324  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
09:34:30.0957 4324  EMDMgmt - ok
09:34:30.0998 4324  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:34:31.0044 4324  ErrDev - ok
09:34:31.0078 4324  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
09:34:31.0120 4324  EventSystem - ok
09:34:31.0170 4324  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
09:34:31.0244 4324  exfat - ok
09:34:31.0280 4324  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
09:34:31.0323 4324  fastfat - ok
09:34:31.0360 4324  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
09:34:31.0406 4324  fdc - ok
09:34:31.0417 4324  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
09:34:31.0449 4324  fdPHost - ok
09:34:31.0460 4324  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:34:31.0522 4324  FDResPub - ok
09:34:31.0547 4324  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:34:31.0567 4324  FileInfo - ok
09:34:31.0609 4324  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
09:34:31.0643 4324  Filetrace - ok
09:34:31.0800 4324  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe
09:34:31.0908 4324  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
09:34:31.0908 4324  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
09:34:31.0927 4324  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:31.0996 4324  flpydisk - ok
09:34:32.0027 4324  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:34:32.0050 4324  FltMgr - ok
09:34:32.0134 4324  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
09:34:32.0210 4324  FontCache - ok
09:34:32.0289 4324  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:34:32.0326 4324  FontCache3.0.0.0 - ok
09:34:32.0348 4324  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:34:32.0387 4324  Fs_Rec - ok
09:34:32.0405 4324  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:34:32.0425 4324  gagp30kx - ok
09:34:32.0478 4324  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:34:32.0495 4324  GEARAspiWDM - ok
09:34:32.0558 4324  [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper  C:\Program Files\NOS\bin\getPlus_Helper.dll
09:34:32.0574 4324  getPlusHelper - ok
09:34:32.0720 4324  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:34:32.0737 4324  GoogleDesktopManager-051210-111108 - ok
09:34:32.0771 4324  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
09:34:32.0851 4324  gpsvc - ok
09:34:32.0907 4324  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
09:34:32.0924 4324  gupdate - ok
09:34:32.0940 4324  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:34:32.0957 4324  gupdatem - ok
09:34:33.0001 4324  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:34:33.0022 4324  gusvc - ok
09:34:33.0079 4324  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:34:33.0139 4324  HdAudAddService - ok
09:34:33.0169 4324  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:34:33.0219 4324  HDAudBus - ok
09:34:33.0236 4324  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:34:33.0298 4324  HidBth - ok
09:34:33.0315 4324  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
09:34:33.0379 4324  HidIr - ok
09:34:33.0403 4324  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
09:34:33.0455 4324  hidserv - ok
09:34:33.0472 4324  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:34:33.0513 4324  HidUsb - ok
09:34:33.0547 4324  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:34:33.0580 4324  hkmsvc - ok
09:34:33.0594 4324  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
09:34:33.0614 4324  HpCISSs - ok
09:34:33.0654 4324  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:34:33.0747 4324  HTTP - ok
09:34:33.0776 4324  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
09:34:33.0796 4324  i2omp - ok
09:34:33.0834 4324  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:34:33.0874 4324  i8042prt - ok
09:34:33.0974 4324  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:34:34.0000 4324  IAANTMON - ok
09:34:34.0044 4324  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:34:34.0065 4324  iaStor - ok
09:34:34.0086 4324  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
09:34:34.0110 4324  iaStorV - ok
09:34:34.0196 4324  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:34:34.0207 4324  IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:34:34.0207 4324  IDriverT - detected UnsignedFile.Multi.Generic (1)
09:34:34.0275 4324  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:34:34.0321 4324  idsvc - ok
09:34:34.0350 4324  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
09:34:34.0368 4324  iirsp - ok
09:34:34.0426 4324  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:34:34.0488 4324  IKEEXT - ok
09:34:34.0553 4324  [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:34:34.0638 4324  IntcAzAudAddService - ok
09:34:34.0712 4324  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:34:34.0731 4324  intelide - ok
09:34:34.0746 4324  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:34:34.0782 4324  intelppm - ok
09:34:34.0806 4324  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
09:34:34.0852 4324  IPBusEnum - ok
09:34:34.0870 4324  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:34.0908 4324  IpFilterDriver - ok
09:34:34.0932 4324  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:34:34.0973 4324  iphlpsvc - ok
09:34:34.0976 4324  IpInIp - ok
09:34:34.0996 4324  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
09:34:35.0028 4324  IPMIDRV - ok
09:34:35.0040 4324  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
09:34:35.0085 4324  IPNAT - ok
09:34:35.0125 4324  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:34:35.0170 4324  iPod Service - ok
09:34:35.0209 4324  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:34:35.0240 4324  IRENUM - ok
09:34:35.0259 4324  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:34:35.0279 4324  isapnp - ok
09:34:35.0318 4324  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:34:35.0341 4324  iScsiPrt - ok
09:34:35.0359 4324  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:34:35.0379 4324  iteatapi - ok
09:34:35.0493 4324  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
09:34:35.0511 4324  iteraid - ok
09:34:35.0527 4324  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:35.0547 4324  kbdclass - ok
09:34:35.0621 4324  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:35.0670 4324  kbdhid - ok
09:34:35.0706 4324  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
09:34:35.0762 4324  KeyIso - ok
09:34:35.0804 4324  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:34:35.0836 4324  KSecDD - ok
09:34:35.0914 4324  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
09:34:35.0987 4324  KtmRm - ok
09:34:36.0010 4324  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:34:36.0042 4324  LanmanServer - ok
09:34:36.0064 4324  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:34:36.0113 4324  LanmanWorkstation - ok
09:34:36.0144 4324  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:34:36.0204 4324  lltdio - ok
09:34:36.0245 4324  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
09:34:36.0301 4324  lltdsvc - ok
09:34:36.0317 4324  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
09:34:36.0365 4324  lmhosts - ok
09:34:36.0381 4324  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:34:36.0402 4324  LSI_FC - ok
09:34:36.0419 4324  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
09:34:36.0440 4324  LSI_SAS - ok
09:34:36.0453 4324  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:34:36.0474 4324  LSI_SCSI - ok
09:34:36.0479 4324  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
09:34:36.0522 4324  luafv - ok
09:34:36.0576 4324  [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
09:34:36.0594 4324  LVPr2Mon - ok
09:34:36.0670 4324  [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:34:36.0689 4324  LVPrcSrv - ok
09:34:36.0707 4324  [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
09:34:36.0729 4324  LVRS - ok
09:34:36.0744 4324  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\Windows\system32\drivers\LVUSBSta.sys
09:34:36.0762 4324  LVUSBSta - ok
09:34:36.0781 4324  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
09:34:36.0819 4324  Mcx2Svc - ok
09:34:36.0851 4324  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
09:34:36.0871 4324  megasas - ok
09:34:36.0889 4324  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:34:36.0918 4324  MegaSR - ok
09:34:36.0951 4324  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
09:34:36.0993 4324  MMCSS - ok
09:34:37.0015 4324  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
09:34:37.0062 4324  Modem - ok
09:34:37.0099 4324  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
09:34:37.0131 4324  monitor - ok
09:34:37.0162 4324  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:34:37.0181 4324  mouclass - ok
09:34:37.0201 4324  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:34:37.0232 4324  mouhid - ok
09:34:37.0261 4324  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:34:37.0281 4324  MountMgr - ok
09:34:37.0323 4324  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:34:37.0345 4324  mpio - ok
09:34:37.0365 4324  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:34:37.0403 4324  mpsdrv - ok
09:34:37.0433 4324  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:34:37.0493 4324  MpsSvc - ok
09:34:37.0529 4324  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:34:37.0547 4324  Mraid35x - ok
09:34:37.0575 4324  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:34:37.0609 4324  MRxDAV - ok
09:34:37.0646 4324  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:37.0705 4324  mrxsmb - ok
09:34:37.0741 4324  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:37.0773 4324  mrxsmb10 - ok
09:34:37.0778 4324  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:37.0800 4324  mrxsmb20 - ok
09:34:37.0835 4324  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
09:34:37.0854 4324  msahci - ok
09:34:37.0874 4324  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
09:34:37.0895 4324  msdsm - ok
09:34:37.0922 4324  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
09:34:37.0971 4324  MSDTC - ok
09:34:37.0991 4324  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:34:38.0023 4324  Msfs - ok
09:34:38.0041 4324  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:34:38.0060 4324  msisadrv - ok
09:34:38.0115 4324  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
09:34:38.0155 4324  MSiSCSI - ok
09:34:38.0159 4324  msiserver - ok
09:34:38.0199 4324  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
09:34:38.0256 4324  MSKSSRV - ok
09:34:38.0304 4324  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:38.0335 4324  MSPCLOCK - ok
09:34:38.0354 4324  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
09:34:38.0385 4324  MSPQM - ok
09:34:38.0404 4324  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
09:34:38.0426 4324  MsRPC - ok
09:34:38.0440 4324  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:34:38.0458 4324  mssmbios - ok
09:34:38.0471 4324  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
09:34:38.0511 4324  MSTEE - ok
09:34:38.0516 4324  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
09:34:38.0536 4324  Mup - ok
09:34:38.0570 4324  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
09:34:38.0643 4324  napagent - ok
09:34:38.0689 4324  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
09:34:38.0714 4324  NativeWifiP - ok
09:34:38.0770 4324  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:34:38.0801 4324  NDIS - ok
09:34:38.0816 4324  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:38.0857 4324  NdisTapi - ok
09:34:38.0876 4324  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:38.0907 4324  Ndisuio - ok
09:34:38.0931 4324  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:38.0970 4324  NdisWan - ok
09:34:38.0975 4324  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
09:34:39.0002 4324  NDProxy - ok
09:34:39.0099 4324  [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
09:34:39.0169 4324  Nero BackItUp Scheduler 3 - ok
09:34:39.0184 4324  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
09:34:39.0216 4324  NetBIOS - ok
09:34:39.0245 4324  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
09:34:39.0287 4324  netbt - ok
09:34:39.0300 4324  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
09:34:39.0322 4324  Netlogon - ok
09:34:39.0352 4324  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:34:39.0400 4324  Netman - ok
09:34:39.0421 4324  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:34:39.0458 4324  netprofm - ok
09:34:39.0493 4324  [ DF938648626332E830A9BD153110AA75 ] netr28u        C:\Windows\system32\DRIVERS\netr28u.sys
09:34:39.0550 4324  netr28u - ok
09:34:39.0574 4324  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:34:39.0594 4324  NetTcpPortSharing - ok
09:34:39.0626 4324  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
09:34:39.0644 4324  nfrd960 - ok
09:34:39.0664 4324  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:34:39.0709 4324  NlaSvc - ok
09:34:39.0769 4324  [ 37A39E3271842BAE754540FE004D9CB5 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
09:34:39.0794 4324  NMIndexingService - ok
09:34:39.0829 4324  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:34:39.0856 4324  Npfs - ok
09:34:39.0912 4324  [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo      C:\Windows\system32\drivers\npf_devolo.sys
09:34:39.0922 4324  NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
09:34:39.0922 4324  NPF_devolo - detected UnsignedFile.Multi.Generic (1)
09:34:39.0937 4324  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
09:34:39.0984 4324  nsi - ok
09:34:39.0994 4324  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:34:40.0025 4324  nsiproxy - ok
09:34:40.0057 4324  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:34:40.0096 4324  Ntfs - ok
09:34:40.0125 4324  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
09:34:40.0172 4324  ntrigdigi - ok
09:34:40.0176 4324  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:34:40.0229 4324  Null - ok
09:34:40.0526 4324  [ C8CB6135884CBC2A10225C4C3CEF0F95 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:34:40.0942 4324  nvlddmkm - ok
09:34:41.0001 4324  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:34:41.0022 4324  nvraid - ok
09:34:41.0035 4324  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:34:41.0054 4324  nvstor - ok
09:34:41.0074 4324  [ C1303870D5F9EAD4BEB68559AAB7A87B ] nvsvc          C:\Windows\system32\nvvsvc.exe
09:34:41.0095 4324  nvsvc - ok
09:34:41.0112 4324  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:34:41.0134 4324  nv_agp - ok
09:34:41.0138 4324  NwlnkFlt - ok
09:34:41.0142 4324  NwlnkFwd - ok
09:34:41.0265 4324  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:34:41.0295 4324  odserv - ok
09:34:41.0337 4324  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:34:41.0371 4324  ohci1394 - ok
09:34:41.0399 4324  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:34:41.0419 4324  ose - ok
09:34:41.0458 4324  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:34:41.0545 4324  p2pimsvc - ok
09:34:41.0555 4324  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:34:41.0586 4324  p2psvc - ok
09:34:41.0607 4324  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
09:34:41.0656 4324  Parport - ok
09:34:41.0678 4324  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
09:34:41.0698 4324  partmgr - ok
09:34:41.0713 4324  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:34:41.0786 4324  Parvdm - ok
09:34:41.0808 4324  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:34:41.0858 4324  PcaSvc - ok
09:34:41.0903 4324  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:34:41.0952 4324  pccsmcfd - ok
09:34:41.0981 4324  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
09:34:42.0004 4324  pci - ok
09:34:42.0016 4324  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
09:34:42.0036 4324  pciide - ok
09:34:42.0053 4324  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:34:42.0074 4324  pcmcia - ok
09:34:42.0129 4324  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:34:42.0204 4324  PEAUTH - ok
09:34:42.0282 4324  [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter      C:\Windows\system32\DRIVERS\lv302af.sys
09:34:42.0300 4324  pepifilter - ok
09:34:42.0383 4324  [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V32.SYS
09:34:42.0512 4324  PID_PEPI - ok
09:34:42.0585 4324  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
09:34:42.0675 4324  pla - ok
09:34:42.0717 4324  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
09:34:42.0748 4324  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
09:34:42.0748 4324  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
09:34:42.0776 4324  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:34:42.0826 4324  PlugPlay - ok
09:34:42.0867 4324  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
09:34:42.0898 4324  PNRPAutoReg - ok
09:34:42.0945 4324  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
09:34:42.0975 4324  PNRPsvc - ok
09:34:43.0025 4324  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
09:34:43.0102 4324  PolicyAgent - ok
09:34:43.0149 4324  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:34:43.0191 4324  PptpMiniport - ok
09:34:43.0211 4324  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
09:34:43.0262 4324  Processor - ok
09:34:43.0290 4324  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
09:34:43.0321 4324  ProfSvc - ok
09:34:43.0327 4324  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:34:43.0349 4324  ProtectedStorage - ok
09:34:43.0373 4324  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:34:43.0417 4324  PSched - ok
09:34:43.0482 4324  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:34:43.0547 4324  ql2300 - ok
09:34:43.0582 4324  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:34:43.0603 4324  ql40xx - ok
09:34:43.0656 4324  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
09:34:43.0692 4324  QWAVE - ok
09:34:43.0710 4324  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:34:43.0733 4324  QWAVEdrv - ok
09:34:43.0864 4324  [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
09:34:43.0888 4324  RapportCerberus_42020 - ok
09:34:43.0953 4324  [ 224C195B31F19CC67DFCDDA6FFE403AE ] RapportEI      C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:34:43.0972 4324  RapportEI - ok
09:34:44.0041 4324  [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso    c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
09:34:44.0060 4324  RapportIaso - ok
09:34:44.0095 4324  [ BEF9A6B068C2D0882D88A9B688457726 ] RapportKELL    C:\Windows\system32\Drivers\RapportKELL.sys
09:34:44.0115 4324  RapportKELL - ok
09:34:44.0167 4324  [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:34:44.0214 4324  RapportMgmtService - ok
09:34:44.0307 4324  [ C8FD0209314FB599AB305584873F5915 ] RapportPG      C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:34:44.0328 4324  RapportPG - ok
09:34:44.0343 4324  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:34:44.0385 4324  RasAcd - ok
09:34:44.0398 4324  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
09:34:44.0441 4324  RasAuto - ok
09:34:44.0459 4324  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:44.0501 4324  Rasl2tp - ok
09:34:44.0531 4324  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
09:34:44.0574 4324  RasMan - ok
09:34:44.0615 4324  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:44.0651 4324  RasPppoe - ok
09:34:44.0667 4324  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
09:34:44.0690 4324  RasSstp - ok
09:34:44.0718 4324  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
09:34:44.0749 4324  rdbss - ok
09:34:44.0761 4324  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:44.0799 4324  RDPCDD - ok
09:34:44.0822 4324  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
09:34:44.0858 4324  rdpdr - ok
09:34:44.0863 4324  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:34:44.0898 4324  RDPENCDD - ok
09:34:44.0940 4324  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
09:34:44.0976 4324  RDPWD - ok
09:34:45.0028 4324  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:34:45.0083 4324  RemoteAccess - ok
09:34:45.0110 4324  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:34:45.0156 4324  RemoteRegistry - ok
09:34:45.0227 4324  [ BCE6C43C6FA11FA3C3A8DDCADC426587 ] RichVideo      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
09:34:45.0251 4324  RichVideo ( UnsignedFile.Multi.Generic ) - warning
09:34:45.0251 4324  RichVideo - detected UnsignedFile.Multi.Generic (1)
09:34:45.0289 4324  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:34:45.0311 4324  RpcLocator - ok
09:34:45.0345 4324  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
09:34:45.0379 4324  RpcSs - ok
09:34:45.0392 4324  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:34:45.0437 4324  rspndr - ok
09:34:45.0442 4324  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
09:34:45.0463 4324  SamSs - ok
09:34:45.0490 4324  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:34:45.0509 4324  sbp2port - ok
09:34:45.0549 4324  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:34:45.0578 4324  SCardSvr - ok
09:34:45.0623 4324  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
09:34:45.0715 4324  Schedule - ok
09:34:45.0740 4324  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
09:34:45.0768 4324  SCPolicySvc - ok
09:34:45.0805 4324  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:34:45.0853 4324  SDRSVC - ok
09:34:45.0863 4324  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:34:45.0910 4324  secdrv - ok
09:34:45.0919 4324  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:34:45.0965 4324  seclogon - ok
09:34:45.0983 4324  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
09:34:46.0030 4324  SENS - ok
09:34:46.0050 4324  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
09:34:46.0082 4324  Serenum - ok
09:34:46.0097 4324  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:34:46.0145 4324  Serial - ok
09:34:46.0160 4324  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:34:46.0192 4324  sermouse - ok
09:34:46.0277 4324  [ D0D2FF6132DB177A5192891A8CC9578C ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
09:34:46.0315 4324  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
09:34:46.0315 4324  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
09:34:46.0359 4324  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:34:46.0392 4324  SessionEnv - ok
09:34:46.0414 4324  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
09:34:46.0442 4324  sffdisk - ok
09:34:46.0458 4324  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:34:46.0491 4324  sffp_mmc - ok
09:34:46.0502 4324  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
09:34:46.0542 4324  sffp_sd - ok
09:34:46.0560 4324  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
09:34:46.0621 4324  sfloppy - ok
09:34:46.0653 4324  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:34:46.0690 4324  SharedAccess - ok
09:34:46.0725 4324  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:34:46.0770 4324  ShellHWDetection - ok
09:34:46.0803 4324  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:34:46.0823 4324  sisagp - ok
09:34:46.0844 4324  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:34:46.0864 4324  SiSRaid2 - ok
09:34:46.0917 4324  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:34:46.0938 4324  SiSRaid4 - ok
09:34:47.0002 4324  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
09:34:47.0021 4324  SkypeUpdate - ok
09:34:47.0119 4324  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
09:34:47.0257 4324  slsvc - ok
09:34:47.0319 4324  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:34:47.0358 4324  SLUINotify - ok
09:34:47.0384 4324  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
09:34:47.0434 4324  Smb - ok
09:34:47.0464 4324  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:34:47.0486 4324  SNMPTRAP - ok
09:34:47.0493 4324  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
09:34:47.0512 4324  spldr - ok
09:34:47.0535 4324  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
09:34:47.0588 4324  Spooler - ok
09:34:47.0654 4324  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
09:34:47.0705 4324  srv - ok
09:34:47.0730 4324  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:34:47.0786 4324  srv2 - ok
09:34:47.0819 4324  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:34:47.0849 4324  srvnet - ok
09:34:47.0865 4324  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
09:34:47.0913 4324  SSDPSRV - ok
09:34:47.0954 4324  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
09:34:47.0978 4324  SstpSvc - ok
09:34:48.0038 4324  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
09:34:48.0103 4324  stisvc - ok
09:34:48.0122 4324  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:34:48.0142 4324  swenum - ok
09:34:48.0172 4324  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
09:34:48.0217 4324  swprv - ok
09:34:48.0233 4324  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
09:34:48.0252 4324  Symc8xx - ok
09:34:48.0283 4324  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:34:48.0302 4324  Sym_hi - ok
09:34:48.0332 4324  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:34:48.0352 4324  Sym_u3 - ok
09:34:48.0392 4324  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
09:34:48.0486 4324  SysMain - ok
09:34:48.0513 4324  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:34:48.0554 4324  TabletInputService - ok
09:34:48.0596 4324  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
09:34:48.0628 4324  TapiSrv - ok
09:34:48.0662 4324  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
09:34:48.0706 4324  TBS - ok
09:34:48.0750 4324  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
09:34:48.0813 4324  Tcpip - ok
09:34:48.0843 4324  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:34:48.0888 4324  Tcpip6 - ok
09:34:48.0918 4324  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:34:48.0951 4324  tcpipreg - ok
09:34:48.0969 4324  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:34:49.0015 4324  TDPIPE - ok
09:34:49.0037 4324  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
09:34:49.0069 4324  TDTCP - ok
09:34:49.0087 4324  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
09:34:49.0115 4324  tdx - ok
09:34:49.0126 4324  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:34:49.0147 4324  TermDD - ok
09:34:49.0167 4324  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
09:34:49.0226 4324  TermService - ok
09:34:49.0255 4324  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
09:34:49.0280 4324  Themes - ok
09:34:49.0288 4324  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
09:34:49.0321 4324  THREADORDER - ok
09:34:49.0342 4324  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:34:49.0394 4324  TrkWks - ok
09:34:49.0427 4324  [ A919775C03303D0E0690B315D26A5E1D ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
09:34:49.0455 4324  Trufos ( UnsignedFile.Multi.Generic ) - warning
09:34:49.0455 4324  Trufos - detected UnsignedFile.Multi.Generic (1)
09:34:49.0492 4324  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:34:49.0518 4324  TrustedInstaller - ok
09:34:49.0535 4324  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:49.0574 4324  tssecsrv - ok
09:34:49.0618 4324  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
09:34:49.0649 4324  tunmp - ok
09:34:49.0677 4324  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:34:49.0699 4324  tunnel - ok
09:34:49.0802 4324  [ 2E5D83D83E7CAEF75755DF8A129B55FC ] TVECapSvc      C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
09:34:49.0818 4324  TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
09:34:49.0818 4324  TVECapSvc - detected UnsignedFile.Multi.Generic (1)
09:34:49.0831 4324  [ 138C9116607D98F52C7B1729D22B5B90 ] TVESched        C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
09:34:49.0844 4324  TVESched ( UnsignedFile.Multi.Generic ) - warning
09:34:49.0844 4324  TVESched - detected UnsignedFile.Multi.Generic (1)
09:34:49.0891 4324  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:34:49.0911 4324  uagp35 - ok
09:34:49.0939 4324  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:34:49.0969 4324  udfs - ok
09:34:49.0995 4324  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
09:34:50.0032 4324  UI0Detect - ok
09:34:50.0041 4324  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:34:50.0062 4324  uliagpkx - ok
09:34:50.0084 4324  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
09:34:50.0109 4324  uliahci - ok
09:34:50.0131 4324  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:34:50.0151 4324  UlSata - ok
09:34:50.0178 4324  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
09:34:50.0199 4324  ulsata2 - ok
09:34:50.0219 4324  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
09:34:50.0251 4324  umbus - ok
09:34:50.0322 4324  [ 97AF0BFAC3AB8343E37E19C551E7D9FA ] Update Server  C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
09:34:50.0347 4324  Update Server - ok
09:34:50.0408 4324  [ 170CA3CFF192F21062776DEF52047FC4 ] Updatesrv      C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
09:34:50.0426 4324  Updatesrv - ok
09:34:50.0441 4324  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:34:50.0484 4324  upnphost - ok
09:34:50.0521 4324  upperdev - ok
09:34:50.0575 4324  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
09:34:50.0610 4324  USBAAPL - ok
09:34:50.0673 4324  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:34:50.0719 4324  usbaudio - ok
09:34:50.0749 4324  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
09:34:50.0789 4324  usbccgp - ok
09:34:50.0815 4324  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:34:50.0875 4324  usbcir - ok
09:34:50.0929 4324  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
09:34:50.0965 4324  usbehci - ok
09:34:50.0993 4324  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:34:51.0023 4324  usbhub - ok
09:34:51.0040 4324  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
09:34:51.0094 4324  usbohci - ok
09:34:51.0124 4324  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:34:51.0156 4324  usbprint - ok
09:34:51.0174 4324  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
09:34:51.0222 4324  usbscan - ok
09:34:51.0276 4324  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\drivers\usbser.sys
09:34:51.0304 4324  usbser - ok
09:34:51.0308 4324  UsbserFilt - ok
09:34:51.0341 4324  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:34:51.0370 4324  USBSTOR - ok
09:34:51.0383 4324  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
09:34:51.0424 4324  usbuhci - ok
09:34:51.0452 4324  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
09:34:51.0493 4324  UxSms - ok
09:34:51.0530 4324  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
09:34:51.0607 4324  vds - ok
09:34:51.0628 4324  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
09:34:51.0679 4324  vga - ok
09:34:51.0698 4324  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
09:34:51.0743 4324  VgaSave - ok
09:34:51.0764 4324  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:34:51.0784 4324  viaagp - ok
09:34:51.0797 4324  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
09:34:51.0830 4324  ViaC7 - ok
09:34:51.0843 4324  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:34:51.0862 4324  viaide - ok
09:34:51.0868 4324  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:34:51.0888 4324  volmgr - ok
09:34:51.0921 4324  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
09:34:51.0947 4324  volmgrx - ok
09:34:51.0983 4324  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
09:34:52.0007 4324  volsnap - ok
09:34:52.0045 4324  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
09:34:52.0067 4324  vsmraid - ok
09:34:52.0118 4324  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
09:34:52.0214 4324  VSS - ok
09:34:52.0218 4324  VSSERV - ok
09:34:52.0247 4324  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
09:34:52.0280 4324  W32Time - ok
09:34:52.0314 4324  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:34:52.0374 4324  WacomPen - ok
09:34:52.0385 4324  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:34:52.0417 4324  Wanarp - ok
09:34:52.0421 4324  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:34:52.0449 4324  Wanarpv6 - ok
09:34:52.0478 4324  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
09:34:52.0510 4324  wcncsvc - ok
09:34:52.0536 4324  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:34:52.0565 4324  WcsPlugInService - ok
09:34:52.0605 4324  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
09:34:52.0626 4324  Wd - ok
09:34:52.0660 4324  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:34:52.0714 4324  Wdf01000 - ok
09:34:52.0746 4324  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:34:52.0826 4324  WdiServiceHost - ok
09:34:52.0831 4324  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
09:34:52.0865 4324  WdiSystemHost - ok
09:34:52.0918 4324  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
09:34:52.0958 4324  WebClient - ok
09:34:52.0994 4324  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:34:53.0031 4324  Wecsvc - ok
09:34:53.0046 4324  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
09:34:53.0075 4324  wercplsupport - ok
09:34:53.0110 4324  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:34:53.0140 4324  WerSvc - ok
09:34:53.0190 4324  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
09:34:53.0215 4324  WinDefend - ok
09:34:53.0222 4324  WinHttpAutoProxySvc - ok
09:34:53.0259 4324  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
09:34:53.0288 4324  Winmgmt - ok
09:34:53.0344 4324  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
09:34:53.0455 4324  WinRM - ok
09:34:53.0494 4324  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
09:34:53.0565 4324  Wlansvc - ok
09:34:53.0630 4324  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
09:34:53.0668 4324  WmiAcpi - ok
09:34:53.0700 4324  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:34:53.0758 4324  wmiApSrv - ok
09:34:53.0795 4324  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
09:34:53.0847 4324  WMPNetworkSvc - ok
09:34:53.0876 4324  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:34:53.0913 4324  WPCSvc - ok
09:34:53.0941 4324  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:34:53.0985 4324  WPDBusEnum - ok
09:34:54.0029 4324  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:34:54.0052 4324  WpdUsb - ok
09:34:54.0146 4324  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:34:54.0230 4324  WPFFontCache_v0400 - ok
09:34:54.0288 4324  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
09:34:54.0338 4324  ws2ifsl - ok
09:34:54.0398 4324  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
09:34:54.0428 4324  wscsvc - ok
09:34:54.0433 4324  WSearch - ok
09:34:54.0501 4324  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:34:54.0589 4324  wuauserv - ok
09:34:54.0628 4324  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:34:54.0661 4324  WUDFRd - ok
09:34:54.0722 4324  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
09:34:54.0755 4324  wudfsvc - ok
09:34:54.0802 4324  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
09:34:54.0821 4324  X10Hid - ok
09:34:54.0877 4324  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
09:34:54.0887 4324  x10nets ( UnsignedFile.Multi.Generic ) - warning
09:34:54.0887 4324  x10nets - detected UnsignedFile.Multi.Generic (1)
09:34:54.0935 4324  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
09:34:54.0953 4324  XUIF - ok
09:34:54.0959 4324  ================ Scan global ===============================
09:34:54.0981 4324  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:34:55.0013 4324  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:34:55.0036 4324  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:34:55.0061 4324  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:34:55.0066 4324  [Global] - ok
09:34:55.0066 4324  ================ Scan MBR ==================================
09:34:55.0082 4324  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:34:55.0488 4324  \Device\Harddisk0\DR0 - ok
09:34:55.0488 4324  ================ Scan VBR ==================================
09:34:55.0517 4324  [ D4652EC56796BFA8B6C4C3904E3FB926 ] \Device\Harddisk0\DR0\Partition1
09:34:55.0519 4324  \Device\Harddisk0\DR0\Partition1 - ok
09:34:55.0548 4324  [ 1C5DE1D592E9DD1F0B6DAD3DBB2B77AD ] \Device\Harddisk0\DR0\Partition2
09:34:55.0549 4324  \Device\Harddisk0\DR0\Partition2 - ok
09:34:55.0550 4324  ============================================================
09:34:55.0550 4324  Scan finished
09:34:55.0550 4324  ============================================================
09:34:55.0559 2104  Detected object count: 10
09:34:55.0559 2104  Actual detected object count: 10
09:35:34.0386 2104  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0386 2104  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0387 2104  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0387 2104  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0389 2104  NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0389 2104  NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0390 2104  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0390 2104  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0391 2104  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0391 2104  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0392 2104  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0392 2104  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0393 2104  Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0393 2104  Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0394 2104  TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0394 2104  TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0395 2104  TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0395 2104  TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0395 2104  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0396 2104  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 28.09.2012 13:13
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Iknazio 28.09.2012 17:15
hmm scheint irgendwie zu hängen der cf...
läuft seit 3Stunden und zeigt an Fertiggestellt Stufe_45
und cursor blinkt...

soll ich nochmal starten oder warten?
oder was?

also es läuft noch,...
jetzt isser bei Stufe_47

zu Beginn des Scans meinte dasProgramm, dass im Normalfall der Scan so 10min.
dauert, in stark verseuchten Fällen auch mal doppelt so lange,... lol,.. was isn dann bei 4 Stunden mit meinem Rechner los,.. hehe,.. Brutstätte :stirn:

Iknazio 01.10.2012 16:52
also er hing dann stundenlang bei stufe48, cursor blinkte aber es ging nix weiter. ich hab den rechner dann runtergefahren und das ganze prozedere heute nochmal probiert... mit exakt dem gleichen ergebnis.
nach stunden war er bei stufe 48 angelangt, wo er jetzt auch schon wieder seit 2 stunden hängt,...:headbang:

Was soll ich machen?
Tips? Anregungen?

WOW! Was lange wärt wird endlich gut.
Das Baby ist die Nacht durchgerattert und eben tatsächlich zum Ende gelangt.
Jetzt gibt es auch die heiss ersehnte log-datei:

Combofix Logfile:
Code:
ComboFix 12-09-30.01 - zankit 01.10.2012  10:12:18.2.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.43.1031.18.3069.1861 [GMT 2:00]
ausgeführt von:: c:\users\zankit\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WindowsUpdate.log . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-02 bis 2012-10-02  ))))))))))))))))))))))))))))))
.
.
2012-10-02 08:50 . 2012-10-02 09:03        --------        d-----w-        c:\users\zankit\AppData\Local\temp
2012-10-02 08:50 . 2012-10-02 08:50        --------        d-----w-        c:\users\kaba\AppData\Local\temp
2012-09-27 15:58 . 2012-09-27 15:58        --------        d-----w-        C:\_OTL
2012-09-26 16:11 . 2008-03-17 13:45        1414440        ----a-w-        c:\windows\system32\ShellManager310E2D762.dll
2012-09-20 08:13 . 2012-09-20 08:13        --------        d-----w-        c:\users\zankit\AppData\Roaming\Malwarebytes
2012-09-20 08:13 . 2012-09-20 08:49        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-09-20 08:13 . 2012-09-20 08:13        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-20 08:13 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-13 14:27 . 2012-09-13 14:26        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-07 09:07 . 2012-09-07 09:07        65848        ----a-w-        c:\windows\system32\drivers\RapportKELL.sys
2012-09-03 17:32 . 2012-09-04 12:50        --------        d-----w-        c:\users\zankit\AppData\Roaming\Ahnenblatt
2012-09-03 17:32 . 2012-09-03 17:32        --------        d-----w-        c:\program files\Ahnenblatt
2012-09-03 17:29 . 2000-05-22 14:58        608448        ----a-w-        c:\windows\system32\comctl32.ocx
2012-09-03 17:29 . 1998-06-23 22:00        137000        ----a-w-        c:\windows\system32\msmapi32.ocx
2012-09-03 17:29 . 2012-09-04 08:50        --------        d-----w-        c:\program files\MyHeritage
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 16:20 . 2012-05-22 06:56        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-26 16:20 . 2011-11-30 10:18        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 14:26 . 2011-08-29 07:11        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-04 14:02 . 2012-08-17 06:45        2047488        ----a-w-        c:\windows\system32\win32k.sys
2010-07-08 08:37 . 2010-07-08 08:37        101544        ----a-w-        c:\program files\Common Files\LinkInstaller.exe
2011-08-12 06:13 . 2011-08-26 09:34        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-14 08:41 . 2010-02-09 12:49        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-11 1451928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
.
c:\users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-14 08:41        30192        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33        421776        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57        1451520        ----a-w-        c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
bdx        REG_MULTI_SZ          sysagent
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 16:20]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:53]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page = hxxp://search.myheritage.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-02 11:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5524)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\BROWSEUI.dll
c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\dbghelp.dll
c:\program files\BitDefender\BitDefender 2011\pchook32.dll
c:\windows\system32\timedate.cpl
c:\windows\System32\NaturalLanguage6.dll
c:\windows\system32\stobject.dll
c:\windows\System32\npmproxy.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\System32\srchadmin.dll
c:\windows\system32\wscntfy.dll
c:\windows\system32\WSCAPI.dll
c:\windows\System32\QAgent.dll
c:\windows\System32\davclnt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\BitDefender\BitDefender 2011\vsserv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
c:\windows\system32\CLWatson.exe
c:\program files\BitDefender\BitDefender 2011\updatesrv.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
c:\windows\system32\CLWatson.exe
c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-02  11:13:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-02 09:13
.
Vor Suchlauf: 8 Verzeichnis(se), 319.389.745.152 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 321.821.179.904 Bytes frei
.
- - End Of File - - 43E3829B56E68A5C8C666183B7D71D33
--- --- ---

cosinus 02.10.2012 13:04
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Iknazio 02.10.2012 19:49
im anhang osam log und aswMBR.txt

das gmer log hab ich auch, aber das is n 178 seiten .txt file,.. mit über 800kb und lässt sich deshalb nicht anhängen und auch nicht einfügen...

cosinus 02.10.2012 20:45
Warum im Anhang? Du sollst doch alle Logs nach Möglichkeit direkt posten und in CODE-Tags

Iknazio 03.10.2012 11:32
sorry, dachte wenn du die *.txt Datei haben willst, möchtest du einen Anhang,..
hier also als Code tags:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:38:25 on 02.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.64

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avc3" (avc3) - "BitDefender" - C:\Windows\System32\DRIVERS\avc3.sys
"avckf" (avckf) - "BitDefender" - C:\Windows\System32\DRIVERS\avckf.sys
"BDFM" (bdfm) - "BitDefender S.R.L. Bucharest, ROMANIA" - C:\Windows\System32\DRIVERS\bdfm.sys
"bdfsfltr" (bdfsfltr) - "BitDefender" - C:\Windows\System32\DRIVERS\bdfsfltr.sys
"bdftdif" (Bdftdif) - "BitDefender LLC" - C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
"bdselfpr" (bdselfpr) - "BitDefender LLC" - C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
"catchme" (catchme) - ? - C:\Users\zankit\AppData\Local\Temp\catchme.sys  (File not found)
"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwddauog" (kwddauog) - ? - C:\Users\zankit\AppData\Local\Temp\kwddauog.sys  (Hidden registry entry, rootkit activity | File not found)
"mbr" (mbr) - ? - C:\Users\zankit\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\system32\drivers\npf_devolo.sys
"RapportCerberus_42020" (RapportCerberus_42020) - ? - C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys  (File found, but it contains no detailed information)
"RapportEI" (RapportEI) - "Trusteer Ltd." - C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
"RapportIaso" (RapportIaso) - "Trusteer Ltd." - c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
"RapportKELL" (RapportKELL) - "Trusteer Ltd." - C:\Windows\System32\Drivers\RapportKELL.sys
"RapportPG" (RapportPG) - "Trusteer Ltd." - C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
"Trufos" (Trufos) - "BitDefender S.R.L." - C:\Windows\System32\DRIVERS\Trufos.sys
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"UsbserFilt" (UsbserFilt) - ? - C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_278.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{381FFDE8-2394-4F90-B10D-FC6124A40F8C} "Bitdefender Toolbar" - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BDAgent" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
"BitDefender Antiphishing Helper" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BitDefender Desktop Update Service" (Updatesrv) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
"BitDefender Update Server v2" (Update Server) - "BitDefender" - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
"BitDefender Virus Shield" (VSSERV) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Rapport Management Service" (RapportMgmtService) - "Trusteer Ltd." - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code]


Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 18:40:24
-----------------------------
18:40:24.864    OS Version: Windows 6.0.6002 Service Pack 2
18:40:24.864    Number of processors: 4 586 0xF0B
18:40:24.866    ComputerName: ZANKIT-SERVER  UserName: zankit
18:40:28.435    Initialize success
18:42:20.423    AVAST engine defs: 12100200
18:42:43.192    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:42:43.194    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:42:43.374    Disk 0 MBR read successfully
18:42:43.376    Disk 0 MBR scan
18:42:43.383    Disk 0 Windows VISTA default MBR code
18:42:43.488    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      456454 MB offset 2048
18:42:43.495    Disk 0 Partition - 00    0F Extended LBA            20482 MB offset 934819840
18:42:43.625    Disk 0 Partition 2 00    0B        FAT32 MSDOS5.0    20482 MB offset 934819903
18:42:43.745    Disk 0 scanning sectors +976768065
18:42:44.248    Disk 0 scanning C:\Windows\system32\drivers
18:44:28.334    Service scanning
18:44:52.664    Modules scanning
18:46:22.838    Disk 0 trace - called modules:
18:46:22.890    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:46:22.895    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x891e4208]
18:46:22.900    3 CLASSPNP.SYS[8d9b28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x88599028]
18:46:23.996    AVAST engine scan C:\Windows
18:49:11.567    AVAST engine scan C:\Windows\system32
19:03:56.260    AVAST engine scan C:\Windows\system32\drivers
19:08:35.499    AVAST engine scan C:\Users\zankit
20:12:11.224    AVAST engine scan C:\ProgramData
20:34:23.050    Disk 0 MBR has been saved successfully to "C:\Users\zankit\Desktop\MBR.dat"
20:34:23.083    The log file has been saved successfully to "C:\Users\zankit\Desktop\aswMBR.txt"
das gmer-log ist natürlich auch dafür zu groß...

cosinus 03.10.2012 18:54
Zu große Logs kann man zippen und dann anhängen
Das aber wirklich nur dann machen wenn die Logs zu große sind

Iknazio 04.10.2012 09:59
ahja zip, genau, gute idee :stirn:

cosinus 04.10.2012 10:44
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Iknazio 04.10.2012 15:29
malware hat nix gefunden...
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.04.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
zankit :: ZANKIT-SERVER [Administrator]

04.10.2012 12:23:36
mbam-log-2012-10-04 (12-23-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415547
Laufzeit: 1 Stunde(n), 21 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SASW allerdings schon...:headbang:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/04/2012 at 03:26 PM

Application Version : 5.5.1022

Core Rules Database Version : 9338
Trace Rules Database Version: 7150

Scan type      : Complete Scan
Total Scan Time : 00:43:38

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 826
Memory threats detected  : 0
Registry items scanned    : 39477
Registry threats detected : 0
File items scanned        : 39739
File threats detected    : 28

Adware.Tracking Cookie
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@casalemedia[2].txt [ Cookie:kaba@casalemedia.com/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@advertising[1].txt [ Cookie:kaba@advertising.com/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@www.etracker[2].txt [ Cookie:kaba@www.etracker.de/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@mediaplex[2].txt [ Cookie:kaba@mediaplex.com/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@adopt.euroclick[1].txt [ Cookie:kaba@adopt.euroclick.com/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@atdmt[2].txt [ Cookie:kaba@atdmt.com/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@msnportal.112.2o7[1].txt [ Cookie:kaba@msnportal.112.2o7.net/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@adtech[1].txt [ Cookie:kaba@adtech.de/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@zanox-affiliate[1].txt [ Cookie:kaba@zanox-affiliate.de/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@www.googleadservices[1].txt [ Cookie:kaba@www.googleadservices.com/pagead/conversion/1068705194/ ]
        C:\USERS\KABA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaba@doubleclick[2].txt [ Cookie:kaba@doubleclick.net/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\AGC8KZI1.txt [ Cookie:zankit@crazyxxx3dworld.com/free/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGF2CGKC.txt [ Cookie:zankit@comicsxxxs.com/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\LTKJCDRI.txt [ Cookie:zankit@crazyxxx3dworld.com/free/archives/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\CF84RXA4.txt [ Cookie:zankit@crazyxxx3dworld.org/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\IONZBLYP.txt [ Cookie:zankit@crazyxxx3dworld.net/free/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\PY6JB0G1.txt [ Cookie:zankit@crazyxxx3dworld.org/free/g.php/3D/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YTD9WOI.txt [ Cookie:zankit@hentaicounter.com/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\T2Y4EF05.txt [ Cookie:zankit@avatraffic.com/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\PBOBUMNB.txt [ Cookie:zankit@porncomics3d.com/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\HAZKET40.txt [ Cookie:zankit@crazyxxx3dworld.org/free/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\YP09FSU8.txt [ Cookie:zankit@crazyxxx3dworld.com/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\BIR400T3.txt [ Cookie:zankit@3dadultonly.com/ ]
        C:\USERS\ZANKIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YQ3M10O.txt [ Cookie:zankit@crazyxxx3dworld.com/preview05/ ]
        C:\USERS\KABA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KABA@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\KABA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KABA@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
        C:\USERS\KABA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KABA@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]

Trojan.Agent/Gen-Refroso
        C:\USERS\ZANKIT\DESKTOP\PROGRAMME\BITDEFENDER\BITDEFENDER_ISECURITY.EXE
Was soll ich jetzt mit dem Fund machen?
-remove threats?

cosinus 04.10.2012 15:50
Sieht ok aus, da wurden nur Cookies gefunden, das andere ist ein Fehlalarm.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Iknazio 04.10.2012 16:19
scheint als wäre alles OK,.. der rechner will irgendiwe morgens nicht so richtig angehen, aber das könnte auch am netzteil liegen oder so....

wenn's das war dann danke ich dir recht herzlich, hast dir nen ehrenplatz auf meiner wall of fame verdient :-)

kan ich die ganzen programme jetzt wieder deinstallieren?

gibt's tips wie ich sowas in Zukunft vermeiden kann? Is ja nicht so als hätte ich nicht n (teures) Antivirenprogramm....

Und ich werde jetzt mal den Laptop checken, der hat sicher auch was, nachdem ich öftre Daten vom einen zum anderen schiebe....

oder was?

1000grazie

Iknazio

cosinus 04.10.2012 16:22
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Iknazio 04.10.2012 16:24
Bist mein Held, hab dich lieb :bussi:


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19