Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internet langsam, ganz viel Werbung (https://www.trojaner-board.de/136721-internet-langsam-ganz-viel-werbung.html)

jenn2009 16.06.2013 18:20
Internet langsam, ganz viel Werbung
 
Hallo,

kann mir jemand sagen wieso mein Internet soooooo langsam ist aufeinmal und auf jeder Seite sooo viel unnötige Werbung aufgeht? Bin total genervt...:-(

markusg 16.06.2013 18:21
hi
du warst doch schon mal hier, also müsstest du doch wissen das wir otl berichte sehen wollen.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

jenn2009 16.06.2013 19:39
So auf ein neues...

jenn2009 16.06.2013 19:41
otl.txt lässt sich nicht hochladen

markusg 17.06.2013 14:12
otl.txt fehlt
log einfach reinkopieren

jenn2009 17.06.2013 20:50
OTL Logfile:
Code:
OTL logfile created on: 16.06.2013 20:15:26 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,14% Memory free
6,22 Gb Paging File | 4,95 Gb Available in Paging File | 79,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 208,32 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 112,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 20:12:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\admin\Downloads\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.15 12:43:34 | 001,430,592 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2009.07.07 03:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.11 00:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.06 19:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.08.26 10:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.07 12:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\admin\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013.05.25 08:18:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:31:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009.12.17 17:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.27 05:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.05.23 18:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=BC0D00216383BFCD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {711E92F7-BBEB-41F3-8B2F-4D0B22281AF1}
IE - HKCU\..\SearchScopes\{055B8C8A-9C94-48AA-9000-20124FA2AA33}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=BC0D00216383BFCD
IE - HKCU\..\SearchScopes\{0FD59F66-C1A2-414A-A44B-4A433EFB3911}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{711E92F7-BBEB-41F3-8B2F-4D0B22281AF1}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MOOI_de
IE - HKCU\..\SearchScopes\{80BBD1D5-773C-4DD0-8E1A-819DEA3F2390}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9AB5C664-5E9A-4F0C-B58A-ADE3793DEADF&apn_sauid=7916BA47-1F52-4ED2-A7A9-5012D35841D3
IE - HKCU\..\SearchScopes\{A48D3CFD-DFDA-4976-8056-AFFC41E6B7AB}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{C5117C5C-63FF-487E-A2C9-B526D5F7F8D4}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0
FF - prefs.js..extensions.enabledAddons: YTKaraoke%40DacSoft.org:1.114
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.UtilityChest_49.com/Plugin: C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll (Utility Chest)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\YTKaraoke@DacSoft.org: C:\Program Files\YTKaraoke\FF\ [2013.05.25 07:11:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.17 21:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.05.13 21:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4i11hfol.default\extensions
[2013.05.13 19:10:11 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4i11hfol.default\extensions\amo@dealplyshopping.com
[2013.05.13 19:07:14 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4i11hfol.default\extensions\plugin@yontoo.com
[2013.05.13 19:28:09 | 000,002,403 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4i11hfol.default\searchplugins\askcom.xml
[2013.05.13 19:07:03 | 000,006,505 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4i11hfol.default\searchplugins\babylon.xml
[2013.05.13 19:07:41 | 000,001,294 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4i11hfol.default\searchplugins\delta.xml
[2013.05.25 08:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.25 08:19:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.25 07:11:04 | 000,000,000 | ---D | M] ("Tube Karaoke") -- C:\PROGRAM FILES\YTKARAOKE\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=BC0D00216383BFCD
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110\
 
O1 HOSTS File: ([2013.03.24 23:01:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Programme\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (Tube Karaoke) - {F351B686-F6AF-45F1-9EB9-684C805B25B1} - C:\Programme\YTKaraoke\ytkaraoke.dll (Dacotta SoftEngineering)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B5287FD-1758-45DC-A022-146D4C7ADED6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE6F29D9-E361-477E-8FEA-51180530B193}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: GameXN GO - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: Yontoo Desktop - hkey= - key= - C:\Users\admin\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 20:43:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.05.25 08:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.25 07:12:55 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\EDELBERG
[2013.05.25 07:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\YTKaraoke
[2011.07.15 22:48:45 | 001,900,144 | ---- | C] (Badoo) -- C:\Users\admin\badoo.desktop.installer-1.5.3.exe
[2011.02.10 22:50:17 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\admin\SkypeSetup.exe
[2011.02.05 21:14:26 | 012,734,632 | ---- | C] (ICQ) -- C:\Users\admin\install_icq7.exe
[2011.01.08 23:26:33 | 081,876,264 | ---- | C] (Apple Inc.) -- C:\Users\admin\iTunesSetup.exe
[2010.12.25 11:50:01 | 023,448,640 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\Users\admin\FreeYouTubeToMp3Converter31.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 20:10:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.16 20:03:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 19:34:18 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.16 19:30:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.16 18:58:04 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Tube Karaoke Update.job
[2013.06.16 18:38:23 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 18:38:23 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 18:38:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.16 18:37:42 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.16 18:25:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.16 18:25:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.16 18:25:02 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.16 18:25:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.09 14:17:07 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.06 09:01:18 | 000,007,592 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2013.05.25 17:38:19 | 000,001,826 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Security Essentials.lnk
[2013.05.25 17:37:33 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013.05.25 17:38:19 | 000,001,826 | ---- | C] () -- C:\Users\admin\Desktop\Microsoft Security Essentials.lnk
[2013.05.25 07:11:06 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\Tube Karaoke Update.job
[2011.02.10 22:53:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.07 14:13:24 | 000,006,656 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.28 14:38:31 | 000,007,376 | ---- | C] () -- C:\Users\admin\rechnung_25348857_23280610_8002012461_25012011.pdf
[2011.01.10 08:26:42 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.01.09 21:59:02 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.01.08 10:41:19 | 002,677,072 | ---- | C] () -- C:\Users\admin\Elf_1.12.exe
[2010.12.30 19:53:11 | 000,094,110 | ---- | C] () -- C:\Users\admin\L0SCHI_DEZ10_NEU 17.12.2010.pdf
[2010.12.20 20:10:07 | 000,007,592 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\1&1 Mail & Media GmbH
[2012.12.25 08:32:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Anthropics
[2013.05.13 19:06:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Babylon
[2012.07.02 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013.05.13 19:10:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DealPly
[2013.05.13 19:06:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DSite
[2012.10.20 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
[2012.10.21 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ICQ
[2013.05.13 19:08:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PDF Reader Packages
[2012.12.26 11:30:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PhotoScape
[2013.05.13 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SumatraPDF
[2013.06.09 14:18:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.03.25 21:52:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.21 12:58:45 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.20 20:08:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.06.05 20:43:10 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.12.21 11:29:33 | 000,000,000 | ---D | M] -- C:\Intel
[2011.01.04 09:37:50 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.03.29 21:24:14 | 000,000,000 | ---D | M] -- C:\output
[2010.12.21 12:23:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.25 17:33:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.13 21:55:11 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.20 20:08:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.16 20:20:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.20 20:10:05 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.13 22:05:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 00:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,560 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.25 11:49:00 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 11:49:04 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.03.26 19:40:24 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.13 19:06:32 | 000,000,286 | ---- | C] () -- C:\Windows\Tasks\DSite.job
[2013.05.25 07:11:06 | 000,000,350 | ---- | C] () -- C:\Windows\Tasks\Tube Karaoke Update.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\erdnt\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\erdnt\cache\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\erdnt\cache\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.07.15 22:48:53 | 001,900,144 | ---- | M] (Badoo) -- C:\Users\admin\badoo.desktop.installer-1.5.3.exe
[2011.01.08 10:41:23 | 002,677,072 | ---- | M] () -- C:\Users\admin\Elf_1.12.exe
[2010.12.25 11:50:23 | 023,448,640 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\Users\admin\FreeYouTubeToMp3Converter31.exe
[2011.02.05 21:14:30 | 012,734,632 | ---- | M] (ICQ) -- C:\Users\admin\install_icq7.exe
[2011.01.08 23:26:46 | 081,876,264 | ---- | M] (Apple Inc.) -- C:\Users\admin\iTunesSetup.exe
[2010.12.30 19:53:16 | 000,094,110 | ---- | M] () -- C:\Users\admin\L0SCHI_DEZ10_NEU 17.12.2010.pdf
[2013.06.16 20:30:10 | 002,883,584 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT
[2013.06.16 20:30:10 | 000,262,144 | -H-- | M] () -- C:\Users\admin\ntuser.dat.LOG1
[2012.07.13 15:58:01 | 000,262,144 | -H-- | M] () -- C:\Users\admin\ntuser.dat.LOG2
[2013.06.16 18:36:02 | 000,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.06.16 18:36:02 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 11:33:49 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.12.20 20:10:06 | 000,000,020 | -HS- | M] () -- C:\Users\admin\ntuser.ini
[2011.01.28 14:38:35 | 000,007,376 | ---- | M] () -- C:\Users\admin\rechnung_25348857_23280610_8002012461_25012011.pdf
[2011.02.10 22:50:33 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Users\admin\SkypeSetup.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2013.05.13 19:27:25 | 000,000,000 | ---D | M](C:\ProgramData\??????) -- C:\ProgramData\䄘Ǡ㷀Ǡ捓湡
[2013.05.13 19:27:25 | 000,000,000 | ---D | M](C:\ProgramData\??????) -- C:\ProgramData\䄘Ǡ㷀Ǡ捓湡
(C:\ProgramData\??????) -- C:\ProgramData\䄘Ǡ㷀Ǡ捓湡
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\admin\Documents\Shareaza Downloads:Shareaza.GUID

< End of report >
--- --- ---

markusg 18.06.2013 11:52
Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

jenn2009 18.06.2013 20:40
ok hat geklappt...

markusg 18.06.2013 20:43
log is leer, programm schließen, falls nicht getan und mal log öffnen, gucken obs leer ist, wenn nicht,, posten oder anhängen

jenn2009 18.06.2013 21:16
Log ist leer.

markusg 18.06.2013 21:17
dann büdde noch mal

jenn2009 20.06.2013 17:52
tddskiller.exe

18:41:24.0078 4892 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:41:26.0092 4892 ============================================================
18:41:26.0092 4892 Current date / time: 2013/06/20 18:41:26.0092
18:41:26.0092 4892 SystemInfo:
18:41:26.0092 4892
18:41:26.0092 4892 OS Version: 6.0.6002 ServicePack: 2.0
18:41:26.0092 4892 Product type: Workstation
18:41:26.0092 4892 ComputerName: ADMIN-PC
18:41:26.0092 4892 UserName: admin
18:41:26.0092 4892 Windows directory: C:\Windows
18:41:26.0092 4892 System windows directory: C:\Windows
18:41:26.0092 4892 Processor architecture: Intel x86
18:41:26.0092 4892 Number of processors: 2
18:41:26.0092 4892 Page size: 0x1000
18:41:26.0092 4892 Boot type: Normal boot
18:41:26.0093 4892 ============================================================
18:41:28.0257 4892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:41:28.0259 4892 ============================================================
18:41:28.0259 4892 \Device\Harddisk0\DR0:
18:41:28.0259 4892 MBR partitions:
18:41:28.0259 4892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
18:41:28.0259 4892 ============================================================
18:41:28.0272 4892 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:28.0272 4892 ============================================================
18:41:28.0272 4892 Initialize success
18:41:28.0272 4892 ============================================================
18:41:52.0184 0668 ============================================================
18:41:52.0184 0668 Scan started
18:41:52.0184 0668 Mode: Manual; SigCheck; TDLFS;
18:41:52.0184 0668 ============================================================
18:41:53.0138 0668 ================ Scan system memory ========================
18:41:53.0138 0668 System memory - ok
18:41:53.0139 0668 ================ Scan services =============================
18:41:54.0131 0668 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:41:54.0314 0668 ACPI - ok
18:41:54.0607 0668 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:54.0646 0668 AdobeARMservice - ok
18:41:54.0718 0668 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:41:54.0738 0668 AdobeFlashPlayerUpdateSvc - ok
18:41:54.0786 0668 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:41:54.0815 0668 adp94xx - ok
18:41:54.0953 0668 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:41:54.0991 0668 adpahci - ok
18:41:55.0024 0668 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:41:55.0045 0668 adpu160m - ok
18:41:55.0099 0668 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:41:55.0145 0668 adpu320 - ok
18:41:55.0181 0668 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:41:55.0308 0668 AeLookupSvc - ok
18:41:55.0419 0668 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:41:55.0478 0668 AFD - ok
18:41:55.0535 0668 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:41:55.0569 0668 agp440 - ok
18:41:55.0684 0668 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:41:55.0734 0668 aic78xx - ok
18:41:55.0824 0668 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:41:55.0947 0668 ALG - ok
18:41:55.0974 0668 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:41:56.0022 0668 aliide - ok
18:41:56.0146 0668 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:41:56.0217 0668 amdagp - ok
18:41:56.0263 0668 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:41:56.0304 0668 amdide - ok
18:41:56.0337 0668 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:41:56.0525 0668 AmdK7 - ok
18:41:56.0556 0668 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:41:56.0615 0668 AmdK8 - ok
18:41:56.0682 0668 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:41:56.0741 0668 Appinfo - ok
18:41:56.0872 0668 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:56.0884 0668 Apple Mobile Device - ok
18:41:56.0940 0668 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:41:56.0957 0668 arc - ok
18:41:56.0972 0668 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:41:56.0986 0668 arcsas - ok
18:41:57.0027 0668 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:57.0066 0668 AsyncMac - ok
18:41:57.0138 0668 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:41:57.0152 0668 atapi - ok
18:41:57.0331 0668 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:41:57.0431 0668 athr - ok
18:41:57.0556 0668 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:41:57.0620 0668 AudioEndpointBuilder - ok
18:41:57.0629 0668 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:41:57.0658 0668 Audiosrv - ok
18:41:57.0702 0668 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:41:57.0748 0668 Beep - ok
18:41:57.0902 0668 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:41:57.0975 0668 BFE - ok
18:41:58.0048 0668 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:41:58.0201 0668 BITS - ok
18:41:58.0210 0668 blbdrive - ok
18:41:58.0272 0668 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:41:58.0369 0668 bowser - ok
18:41:58.0421 0668 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:41:58.0497 0668 BrFiltLo - ok
18:41:58.0516 0668 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:41:58.0591 0668 BrFiltUp - ok
18:41:58.0617 0668 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:41:58.0676 0668 Browser - ok
18:41:58.0719 0668 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:41:58.0795 0668 Brserid - ok
18:41:58.0834 0668 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:41:58.0920 0668 BrSerWdm - ok
18:41:58.0937 0668 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:41:59.0029 0668 BrUsbMdm - ok
18:41:59.0058 0668 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:41:59.0119 0668 BrUsbSer - ok
18:41:59.0157 0668 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:41:59.0210 0668 BTHMODEM - ok
18:41:59.0446 0668 catchme - ok
18:41:59.0523 0668 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:41:59.0596 0668 cdfs - ok
18:41:59.0689 0668 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:41:59.0734 0668 cdrom - ok
18:41:59.0799 0668 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:41:59.0847 0668 CertPropSvc - ok
18:41:59.0896 0668 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:41:59.0962 0668 circlass - ok
18:42:00.0041 0668 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:42:00.0069 0668 CLFS - ok
18:42:00.0193 0668 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:00.0221 0668 clr_optimization_v2.0.50727_32 - ok
18:42:00.0362 0668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:00.0403 0668 clr_optimization_v4.0.30319_32 - ok
18:42:00.0454 0668 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:00.0545 0668 CmBatt - ok
18:42:00.0579 0668 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:42:00.0602 0668 cmdide - ok
18:42:00.0668 0668 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:42:00.0701 0668 Compbatt - ok
18:42:00.0709 0668 COMSysApp - ok
18:42:00.0724 0668 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:42:00.0750 0668 crcdisk - ok
18:42:00.0794 0668 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:42:00.0876 0668 Crusoe - ok
18:42:00.0927 0668 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:42:00.0989 0668 CryptSvc - ok
18:42:01.0039 0668 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:42:01.0091 0668 DcomLaunch - ok
18:42:01.0167 0668 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:42:01.0231 0668 DfsC - ok
18:42:01.0294 0668 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:42:01.0482 0668 DFSR - ok
18:42:01.0541 0668 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:42:01.0568 0668 Dhcp - ok
18:42:01.0637 0668 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:42:01.0664 0668 disk - ok
18:42:01.0711 0668 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:42:01.0788 0668 Dnscache - ok
18:42:01.0828 0668 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:42:01.0908 0668 dot3svc - ok
18:42:01.0952 0668 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:42:02.0041 0668 DPS - ok
18:42:02.0078 0668 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:42:02.0127 0668 drmkaud - ok
18:42:02.0280 0668 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:42:02.0344 0668 DXGKrnl - ok
18:42:02.0386 0668 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:42:02.0498 0668 E1G60 - ok
18:42:02.0529 0668 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:42:02.0571 0668 EapHost - ok
18:42:02.0637 0668 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:42:02.0670 0668 Ecache - ok
18:42:02.0748 0668 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:42:02.0787 0668 ehRecvr - ok
18:42:02.0811 0668 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:42:02.0892 0668 ehSched - ok
18:42:02.0905 0668 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:42:02.0942 0668 ehstart - ok
18:42:03.0048 0668 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:42:03.0082 0668 elxstor - ok
18:42:03.0146 0668 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:42:03.0277 0668 EMDMgmt - ok
18:42:03.0391 0668 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:42:03.0466 0668 EventSystem - ok
18:42:03.0509 0668 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:42:03.0758 0668 exfat - ok
18:42:03.0848 0668 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:42:03.0900 0668 fastfat - ok
18:42:03.0948 0668 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:42:04.0034 0668 fdc - ok
18:42:04.0072 0668 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:42:04.0103 0668 fdPHost - ok
18:42:04.0177 0668 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:42:04.0230 0668 FDResPub - ok
18:42:04.0268 0668 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:42:04.0301 0668 FileInfo - ok
18:42:04.0323 0668 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:42:04.0354 0668 Filetrace - ok
18:42:04.0409 0668 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:04.0489 0668 flpydisk - ok
18:42:04.0605 0668 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:42:04.0647 0668 FltMgr - ok
18:42:04.0844 0668 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:42:04.0917 0668 FontCache - ok
18:42:05.0079 0668 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:42:05.0119 0668 FontCache3.0.0.0 - ok
18:42:05.0177 0668 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:42:05.0244 0668 Fs_Rec - ok
18:42:05.0278 0668 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:42:05.0322 0668 gagp30kx - ok
18:42:05.0415 0668 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:42:05.0493 0668 gpsvc - ok
18:42:05.0632 0668 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:42:05.0662 0668 gupdate - ok
18:42:05.0695 0668 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:42:05.0716 0668 gupdatem - ok
18:42:05.0802 0668 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:42:05.0846 0668 gusvc - ok
18:42:05.0923 0668 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:42:06.0019 0668 HdAudAddService - ok
18:42:06.0217 0668 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:06.0347 0668 HDAudBus - ok
18:42:06.0415 0668 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:42:06.0573 0668 HidBth - ok
18:42:06.0590 0668 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:42:06.0673 0668 HidIr - ok
18:42:06.0702 0668 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:42:06.0718 0668 hidserv - ok
18:42:06.0743 0668 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:42:06.0810 0668 HidUsb - ok
18:42:06.0859 0668 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:42:06.0918 0668 hkmsvc - ok
18:42:06.0939 0668 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:42:06.0969 0668 HpCISSs - ok
18:42:07.0007 0668 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:42:07.0062 0668 HTTP - ok
18:42:07.0097 0668 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:42:07.0112 0668 i2omp - ok
18:42:07.0218 0668 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:42:07.0280 0668 i8042prt - ok
18:42:07.0347 0668 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:42:07.0376 0668 iaStorV - ok
18:42:07.0474 0668 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:42:07.0526 0668 idsvc - ok
18:42:07.0559 0668 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:42:07.0597 0668 iirsp - ok
18:42:07.0629 0668 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:42:07.0677 0668 IKEEXT - ok
18:42:07.0727 0668 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:42:07.0761 0668 intelide - ok
18:42:07.0800 0668 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:42:07.0851 0668 intelppm - ok
18:42:07.0905 0668 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:42:07.0982 0668 IPBusEnum - ok
18:42:08.0029 0668 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:08.0068 0668 IpFilterDriver - ok
18:42:08.0106 0668 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:42:08.0158 0668 iphlpsvc - ok
18:42:08.0166 0668 IpInIp - ok
18:42:08.0218 0668 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:42:08.0295 0668 IPMIDRV - ok
18:42:08.0351 0668 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:42:08.0399 0668 IPNAT - ok
18:42:08.0420 0668 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:42:08.0493 0668 IRENUM - ok
18:42:08.0542 0668 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:42:08.0561 0668 isapnp - ok
18:42:08.0600 0668 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:42:08.0637 0668 iScsiPrt - ok
18:42:08.0660 0668 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:42:08.0678 0668 iteatapi - ok
18:42:08.0697 0668 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:42:08.0717 0668 iteraid - ok
18:42:08.0752 0668 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:08.0773 0668 kbdclass - ok
18:42:08.0796 0668 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:42:08.0862 0668 kbdhid - ok
18:42:08.0897 0668 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:42:08.0943 0668 KeyIso - ok
18:42:09.0009 0668 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
18:42:09.0061 0668 KMDFMEMIO - ok
18:42:09.0219 0668 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:42:09.0279 0668 KSecDD - ok
18:42:09.0332 0668 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:42:09.0479 0668 KtmRm - ok
18:42:09.0519 0668 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:42:09.0593 0668 LanmanServer - ok
18:42:09.0648 0668 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:42:09.0703 0668 LanmanWorkstation - ok
18:42:09.0732 0668 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:42:09.0823 0668 lltdio - ok
18:42:09.0889 0668 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:42:09.0982 0668 lltdsvc - ok
18:42:10.0008 0668 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:42:10.0099 0668 lmhosts - ok
18:42:10.0185 0668 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:42:10.0216 0668 LSI_FC - ok
18:42:10.0237 0668 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:42:10.0263 0668 LSI_SAS - ok
18:42:10.0286 0668 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:42:10.0312 0668 LSI_SCSI - ok
18:42:10.0382 0668 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:42:10.0463 0668 luafv - ok
18:42:10.0512 0668 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:42:10.0549 0668 MBAMProtector - ok
18:42:10.0620 0668 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:42:10.0671 0668 MBAMScheduler - ok
18:42:10.0703 0668 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:42:10.0760 0668 MBAMService - ok
18:42:10.0840 0668 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
18:42:10.0870 0668 McComponentHostService - ok
18:42:10.0910 0668 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:42:10.0986 0668 Mcx2Svc - ok
18:42:11.0036 0668 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:42:11.0061 0668 megasas - ok
18:42:11.0218 0668 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:42:11.0250 0668 Microsoft Office Groove Audit Service - ok
18:42:11.0317 0668 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:42:11.0381 0668 MMCSS - ok
18:42:11.0406 0668 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:42:11.0476 0668 Modem - ok
18:42:11.0512 0668 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:42:11.0574 0668 monitor - ok
18:42:11.0643 0668 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:42:11.0731 0668 mouclass - ok
18:42:11.0796 0668 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
18:42:11.0882 0668 mouhid - ok
18:42:11.0940 0668 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:42:11.0967 0668 MountMgr - ok
18:42:12.0003 0668 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:42:12.0040 0668 MozillaMaintenance - ok
18:42:12.0147 0668 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:42:12.0216 0668 MpFilter - ok
18:42:12.0240 0668 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:42:12.0292 0668 mpio - ok
18:42:12.0591 0668 [ A69630D039C38018689190234F866D77 ] MpKsl386c368f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A1E68CB-B282-484C-9AB5-5B872295272E}\MpKsl386c368f.sys
18:42:12.0612 0668 MpKsl386c368f - ok
18:42:12.0680 0668 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:42:12.0721 0668 mpsdrv - ok
18:42:12.0808 0668 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:42:12.0890 0668 MpsSvc - ok
18:42:12.0992 0668 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:42:13.0034 0668 Mraid35x - ok
18:42:13.0075 0668 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:42:13.0138 0668 MRxDAV - ok
18:42:13.0207 0668 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:13.0280 0668 mrxsmb - ok
18:42:13.0318 0668 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:13.0355 0668 mrxsmb10 - ok
18:42:13.0373 0668 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:13.0402 0668 mrxsmb20 - ok
18:42:13.0457 0668 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
18:42:13.0503 0668 msahci - ok
18:42:13.0529 0668 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:42:13.0556 0668 msdsm - ok
18:42:13.0613 0668 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:42:13.0684 0668 MSDTC - ok
18:42:13.0730 0668 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:42:13.0780 0668 Msfs - ok
18:42:13.0813 0668 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:42:13.0839 0668 msisadrv - ok
18:42:13.0926 0668 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:42:13.0984 0668 MSiSCSI - ok
18:42:13.0991 0668 msiserver - ok
18:42:14.0032 0668 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:42:14.0083 0668 MSKSSRV - ok
18:42:14.0206 0668 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:42:14.0238 0668 MsMpSvc - ok
18:42:14.0285 0668 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:14.0345 0668 MSPCLOCK - ok
18:42:14.0378 0668 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:42:14.0468 0668 MSPQM - ok
18:42:14.0578 0668 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:42:14.0625 0668 MsRPC - ok
18:42:14.0713 0668 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:14.0767 0668 mssmbios - ok
18:42:14.0820 0668 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:42:14.0885 0668 MSTEE - ok
18:42:14.0969 0668 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:42:15.0022 0668 Mup - ok
18:42:15.0179 0668 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:42:15.0243 0668 napagent - ok
18:42:15.0281 0668 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:42:15.0359 0668 NativeWifiP - ok
18:42:15.0410 0668 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:42:15.0458 0668 NDIS - ok
18:42:15.0499 0668 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:15.0549 0668 NdisTapi - ok
18:42:15.0561 0668 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:15.0596 0668 Ndisuio - ok
18:42:15.0616 0668 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:15.0660 0668 NdisWan - ok
18:42:15.0688 0668 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:42:15.0714 0668 NDProxy - ok
18:42:15.0732 0668 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:42:15.0779 0668 NetBIOS - ok
18:42:15.0926 0668 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:42:15.0970 0668 netbt - ok
18:42:16.0008 0668 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:42:16.0025 0668 Netlogon - ok
18:42:16.0103 0668 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:42:16.0165 0668 Netman - ok
18:42:16.0210 0668 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:42:16.0265 0668 netprofm - ok
18:42:16.0308 0668 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:16.0336 0668 NetTcpPortSharing - ok
18:42:16.0376 0668 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:42:16.0396 0668 nfrd960 - ok
18:42:16.0435 0668 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:42:16.0479 0668 NisDrv - ok
18:42:16.0528 0668 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:42:16.0559 0668 NisSrv - ok
18:42:16.0603 0668 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:42:16.0678 0668 NlaSvc - ok
18:42:16.0721 0668 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:42:16.0812 0668 Npfs - ok
18:42:16.0898 0668 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:42:16.0999 0668 nsi - ok
18:42:17.0061 0668 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:42:17.0155 0668 nsiproxy - ok
18:42:17.0291 0668 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:42:17.0373 0668 Ntfs - ok
18:42:17.0436 0668 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:42:17.0535 0668 ntrigdigi - ok
18:42:17.0595 0668 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:42:17.0636 0668 Null - ok
18:42:18.0238 0668 [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:42:18.0706 0668 nvlddmkm - ok
18:42:18.0780 0668 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:42:18.0814 0668 nvraid - ok
18:42:18.0845 0668 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:42:18.0889 0668 nvstor - ok
18:42:18.0979 0668 [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:42:19.0034 0668 nvsvc - ok
18:42:19.0070 0668 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:42:19.0113 0668 nv_agp - ok
18:42:19.0120 0668 NwlnkFlt - ok
18:42:19.0131 0668 NwlnkFwd - ok
18:42:19.0226 0668 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:42:19.0265 0668 odserv - ok
18:42:19.0320 0668 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:42:19.0431 0668 ohci1394 - ok
18:42:19.0504 0668 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:19.0530 0668 ose - ok
18:42:19.0586 0668 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:42:19.0676 0668 p2pimsvc - ok
18:42:19.0695 0668 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:42:19.0741 0668 p2psvc - ok
18:42:19.0792 0668 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:42:19.0846 0668 Parport - ok
18:42:19.0909 0668 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:42:19.0946 0668 partmgr - ok
18:42:19.0968 0668 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:42:20.0024 0668 Parvdm - ok
18:42:20.0071 0668 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:42:20.0140 0668 PcaSvc - ok
18:42:20.0159 0668 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:42:20.0178 0668 pci - ok
18:42:20.0187 0668 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:42:20.0204 0668 pciide - ok
18:42:20.0251 0668 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:42:20.0270 0668 pcmcia - ok
18:42:20.0468 0668 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:42:20.0609 0668 PEAUTH - ok
18:42:20.0946 0668 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:42:21.0069 0668 pla - ok
18:42:21.0174 0668 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:42:21.0253 0668 PlugPlay - ok
18:42:21.0519 0668 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:42:21.0589 0668 PNRPAutoReg - ok
18:42:21.0975 0668 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:42:22.0303 0668 PNRPsvc - ok
18:42:23.0011 0668 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:42:23.0135 0668 PolicyAgent - ok
18:42:23.0226 0668 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:42:23.0281 0668 PptpMiniport - ok
18:42:23.0333 0668 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:42:23.0453 0668 Processor - ok
18:42:23.0588 0668 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:42:23.0681 0668 ProfSvc - ok
18:42:23.0696 0668 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:42:23.0711 0668 ProtectedStorage - ok
18:42:23.0756 0668 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:42:23.0802 0668 PSched - ok
18:42:23.0838 0668 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:42:23.0907 0668 ql2300 - ok
18:42:23.0981 0668 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:42:24.0019 0668 ql40xx - ok
18:42:24.0052 0668 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:42:24.0085 0668 QWAVE - ok
18:42:24.0117 0668 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:42:24.0131 0668 QWAVEdrv - ok
18:42:24.0202 0668 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:42:24.0228 0668 RasAcd - ok
18:42:24.0292 0668 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:42:24.0368 0668 RasAuto - ok
18:42:24.0399 0668 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:24.0442 0668 Rasl2tp - ok
18:42:24.0542 0668 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:42:24.0617 0668 RasMan - ok
18:42:24.0647 0668 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:24.0716 0668 RasPppoe - ok
18:42:24.0726 0668 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:42:24.0776 0668 RasSstp - ok
18:42:24.0878 0668 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:42:24.0945 0668 rdbss - ok
18:42:24.0978 0668 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:25.0033 0668 RDPCDD - ok
18:42:25.0132 0668 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:42:25.0232 0668 rdpdr - ok
18:42:25.0289 0668 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:42:25.0365 0668 RDPENCDD - ok
18:42:25.0417 0668 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:42:25.0453 0668 RDPWD - ok
18:42:25.0505 0668 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:42:25.0589 0668 RemoteAccess - ok
18:42:25.0641 0668 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:42:25.0710 0668 RemoteRegistry - ok
18:42:25.0754 0668 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:42:25.0840 0668 RpcLocator - ok
18:42:25.0862 0668 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:42:25.0920 0668 RpcSs - ok
18:42:25.0968 0668 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:42:26.0087 0668 rspndr - ok
18:42:26.0118 0668 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:42:26.0147 0668 SamSs - ok
18:42:26.0212 0668 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:42:26.0245 0668 sbp2port - ok
18:42:26.0279 0668 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:42:26.0339 0668 SCardSvr - ok
18:42:26.0505 0668 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:42:26.0585 0668 Schedule - ok
18:42:26.0598 0668 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:42:26.0619 0668 SCPolicySvc - ok
18:42:26.0663 0668 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:42:26.0693 0668 SDRSVC - ok
18:42:26.0713 0668 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:42:26.0774 0668 secdrv - ok
18:42:26.0855 0668 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:42:26.0908 0668 seclogon - ok
18:42:26.0985 0668 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:42:27.0071 0668 SENS - ok
18:42:27.0092 0668 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:42:27.0167 0668 Serenum - ok
18:42:27.0218 0668 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:42:27.0311 0668 Serial - ok
18:42:27.0365 0668 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:42:27.0402 0668 sermouse - ok
18:42:27.0445 0668 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:42:27.0511 0668 SessionEnv - ok
18:42:27.0560 0668 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:42:27.0644 0668 sffdisk - ok
18:42:27.0672 0668 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:42:27.0753 0668 sffp_mmc - ok
18:42:27.0774 0668 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:42:27.0887 0668 sffp_sd - ok
18:42:27.0905 0668 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:42:28.0011 0668 sfloppy - ok
18:42:28.0074 0668 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:42:28.0136 0668 SharedAccess - ok
18:42:28.0243 0668 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:42:28.0318 0668 ShellHWDetection - ok
18:42:28.0361 0668 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:42:28.0387 0668 sisagp - ok
18:42:28.0435 0668 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:42:28.0459 0668 SiSRaid2 - ok
18:42:28.0480 0668 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:42:28.0505 0668 SiSRaid4 - ok
18:42:29.0062 0668 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:42:29.0322 0668 slsvc - ok
18:42:29.0389 0668 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:42:29.0437 0668 SLUINotify - ok
18:42:29.0449 0668 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:42:29.0507 0668 Smb - ok
18:42:29.0583 0668 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:42:29.0613 0668 SNMPTRAP - ok
18:42:29.0685 0668 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:42:29.0737 0668 spldr - ok
18:42:29.0788 0668 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:42:29.0862 0668 Spooler - ok
18:42:29.0976 0668 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:42:30.0021 0668 srv - ok
18:42:30.0085 0668 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:42:30.0141 0668 srv2 - ok
18:42:30.0208 0668 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:42:30.0247 0668 srvnet - ok
18:42:30.0273 0668 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:42:30.0329 0668 SSDPSRV - ok
18:42:30.0393 0668 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:42:30.0442 0668 SstpSvc - ok
18:42:30.0663 0668 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:42:30.0712 0668 stisvc - ok
18:42:30.0776 0668 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:42:30.0796 0668 swenum - ok
18:42:30.0950 0668 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:42:31.0031 0668 swprv - ok
18:42:31.0097 0668 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:42:31.0129 0668 Symc8xx - ok
18:42:31.0156 0668 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:42:31.0180 0668 Sym_hi - ok
18:42:31.0252 0668 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:42:31.0277 0668 Sym_u3 - ok
18:42:31.0336 0668 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:42:31.0404 0668 SysMain - ok
18:42:31.0486 0668 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:42:31.0555 0668 TabletInputService - ok
18:42:31.0611 0668 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:42:31.0665 0668 TapiSrv - ok
18:42:31.0720 0668 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:42:31.0810 0668 TBS - ok
18:42:31.0982 0668 [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:42:32.0051 0668 Tcpip - ok
18:42:32.0112 0668 [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:42:32.0214 0668 Tcpip6 - ok
18:42:32.0296 0668 [ 4C11A1820DDC37FA653913AD680ACCAE ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:42:32.0358 0668 tcpipreg - ok
18:42:32.0434 0668 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:42:32.0492 0668 TDPIPE - ok
18:42:32.0520 0668 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:42:32.0589 0668 TDTCP - ok
18:42:32.0624 0668 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:42:32.0705 0668 tdx - ok
18:42:32.0738 0668 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:42:32.0784 0668 TermDD - ok
18:42:32.0849 0668 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:42:32.0991 0668 TermService - ok
18:42:33.0065 0668 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:42:33.0099 0668 Themes - ok
18:42:33.0115 0668 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:42:33.0168 0668 THREADORDER - ok
18:42:33.0258 0668 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:42:33.0313 0668 TrkWks - ok
18:42:33.0447 0668 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:42:33.0510 0668 TrustedInstaller - ok
18:42:33.0554 0668 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:33.0613 0668 tssecsrv - ok
18:42:33.0677 0668 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:42:33.0732 0668 tunmp - ok
18:42:33.0786 0668 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:42:33.0813 0668 tunnel - ok
18:42:33.0875 0668 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:42:33.0909 0668 uagp35 - ok
18:42:33.0981 0668 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:42:34.0083 0668 udfs - ok
18:42:34.0172 0668 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:42:34.0226 0668 UI0Detect - ok
18:42:34.0300 0668 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:42:34.0340 0668 uliagpkx - ok
18:42:34.0388 0668 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:42:34.0420 0668 uliahci - ok
18:42:34.0448 0668 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:42:34.0475 0668 UlSata - ok
18:42:34.0496 0668 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:42:34.0524 0668 ulsata2 - ok
18:42:34.0562 0668 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:42:34.0637 0668 umbus - ok
18:42:34.0697 0668 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:42:34.0758 0668 upnphost - ok
18:42:34.0821 0668 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:42:34.0889 0668 USBAAPL - ok
18:42:34.0924 0668 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:34.0985 0668 usbccgp - ok
18:42:35.0027 0668 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:42:35.0116 0668 usbcir - ok
18:42:35.0149 0668 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:42:35.0229 0668 usbehci - ok
18:42:35.0277 0668 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:42:35.0346 0668 usbhub - ok
18:42:35.0408 0668 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:42:35.0534 0668 usbohci - ok
18:42:35.0601 0668 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:42:35.0675 0668 usbprint - ok
18:42:35.0723 0668 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:35.0776 0668 USBSTOR - ok
18:42:35.0819 0668 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:35.0903 0668 usbuhci - ok
18:42:35.0967 0668 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:42:36.0028 0668 usbvideo - ok
18:42:36.0146 0668 [ 622FCF264119F7DF127BE353F796B319 ] UtilityChest_49Service C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe
18:42:36.0191 0668 UtilityChest_49Service - ok
18:42:36.0225 0668 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:42:36.0285 0668 UxSms - ok
18:42:36.0358 0668 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:42:36.0468 0668 vds - ok
18:42:36.0510 0668 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:36.0615 0668 vga - ok
18:42:36.0634 0668 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:42:36.0711 0668 VgaSave - ok
18:42:36.0731 0668 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:42:36.0757 0668 viaagp - ok
18:42:36.0812 0668 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:42:36.0869 0668 ViaC7 - ok
18:42:36.0903 0668 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:42:36.0940 0668 viaide - ok
18:42:36.0954 0668 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:42:36.0969 0668 volmgr - ok
18:42:36.0985 0668 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:42:37.0006 0668 volmgrx - ok
18:42:37.0105 0668 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:42:37.0133 0668 volsnap - ok
18:42:37.0180 0668 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:42:37.0214 0668 vsmraid - ok
18:42:37.0259 0668 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:42:37.0327 0668 VSS - ok
18:42:37.0408 0668 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:42:37.0478 0668 W32Time - ok
18:42:37.0514 0668 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:42:37.0610 0668 WacomPen - ok
18:42:37.0646 0668 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:42:37.0694 0668 Wanarp - ok
18:42:37.0700 0668 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:42:37.0732 0668 Wanarpv6 - ok
18:42:37.0785 0668 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:42:37.0853 0668 wcncsvc - ok
18:42:37.0900 0668 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:42:37.0944 0668 WcsPlugInService - ok
18:42:38.0028 0668 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:42:38.0051 0668 Wd - ok
18:42:38.0281 0668 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:42:38.0340 0668 Wdf01000 - ok
18:42:38.0411 0668 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:42:38.0478 0668 WdiServiceHost - ok
18:42:38.0500 0668 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:42:38.0557 0668 WdiSystemHost - ok
18:42:38.0640 0668 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:42:38.0693 0668 WebClient - ok
18:42:38.0749 0668 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:42:38.0790 0668 Wecsvc - ok
18:42:38.0836 0668 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:42:38.0881 0668 wercplsupport - ok
18:42:38.0920 0668 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:42:38.0967 0668 WerSvc - ok
18:42:39.0077 0668 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:42:39.0132 0668 WinDefend - ok
18:42:39.0144 0668 WinHttpAutoProxySvc - ok
18:42:39.0224 0668 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:42:39.0247 0668 Winmgmt - ok
18:42:39.0558 0668 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:42:39.0605 0668 WinRM - ok
18:42:39.0694 0668 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:42:39.0736 0668 Wlansvc - ok
18:42:39.0784 0668 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:42:39.0841 0668 WmiAcpi - ok
18:42:39.0880 0668 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:42:39.0907 0668 wmiApSrv - ok
18:42:39.0971 0668 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:42:40.0029 0668 WMPNetworkSvc - ok
18:42:40.0059 0668 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:42:40.0092 0668 WPCSvc - ok
18:42:40.0189 0668 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:42:40.0260 0668 WPDBusEnum - ok
18:42:40.0312 0668 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:42:40.0334 0668 WpdUsb - ok
18:42:40.0724 0668 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:42:40.0772 0668 WPFFontCache_v0400 - ok
18:42:40.0828 0668 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:42:40.0865 0668 ws2ifsl - ok
18:42:40.0911 0668 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:42:40.0936 0668 wscsvc - ok
18:42:40.0943 0668 WSearch - ok
18:42:41.0030 0668 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:42:41.0193 0668 wuauserv - ok
18:42:41.0243 0668 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:42:41.0283 0668 WudfPf - ok
18:42:41.0316 0668 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:41.0347 0668 WUDFRd - ok
18:42:41.0389 0668 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:42:41.0422 0668 wudfsvc - ok
18:42:41.0495 0668 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
18:42:41.0504 0668 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
18:42:41.0504 0668 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
18:42:41.0583 0668 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:42:41.0729 0668 yukonwlh - ok
18:42:41.0744 0668 ================ Scan global ===============================
18:42:41.0827 0668 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:42:41.0868 0668 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:42:41.0892 0668 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:42:41.0935 0668 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:42:41.0940 0668 [Global] - ok
18:42:41.0940 0668 ================ Scan MBR ==================================
18:42:41.0952 0668 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
18:42:43.0646 0668 \Device\Harddisk0\DR0 - ok
18:42:43.0647 0668 ================ Scan VBR ==================================
18:42:43.0653 0668 [ 5B5295712D3F44CABCC165689C784432 ] \Device\Harddisk0\DR0\Partition1
18:42:43.0665 0668 \Device\Harddisk0\DR0\Partition1 - ok
18:42:43.0665 0668 ============================================================
18:42:43.0667 0668 Scan finished
18:42:43.0667 0668 ============================================================
18:42:43.0697 3956 Detected object count: 1
18:42:43.0697 3956 Actual detected object count: 1
18:47:46.0184 3956 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
18:47:46.0184 3956 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:00.0597 4880 Deinitialize success

schrauber 21.06.2013 10:02
Hi,

Markus ist im Urlaub. Gibt es noch irgendwelche Probleme mit dem System?

jenn2009 23.06.2013 20:14
ja es geht weiterhin ganz viel werbung auf wenn ich im internet bin und es ist total langsam.

schrauber 23.06.2013 20:58
Das bekommen wir hin :)

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

jenn2009 23.06.2013 21:13
FRST.txt und Addition.txt

schrauber 24.06.2013 07:18
Hi,

Logs bitte in den Thread posten.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Und ein frisches FRST LOg bitte.

jenn2009 25.06.2013 21:14
Code:
# AdwCleaner v2.303 - Datei am 25/06/2013 um 22:05:12 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\DealPly
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\extensions\49ffxtbr@UtilityChest_49.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\extensions\amo@dealplyshopping.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Yontoo

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\955de8de76ee843
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\Software\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^fox000^YY^&ptb=7972C7E0-BADF-43F0-A90F-DF287B021990 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\prefs.js

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "My Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "My Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=7972C7E0-BADF-43F[...]
Gelöscht : user_pref("extensions.delta.bbDpng", "13");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.hdrMd5", "");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "");
Gelöscht : user_pref("extensions.delta.sg", "er");
Gelöscht : user_pref("extensions.delta.smplGrp", "er");
Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.trace_log", "1368464833893 - onFlagInfoReceived - JSON Received: {\"uniq[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "6BB67AB009C1BB6F64B3061413432EE5");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.26");
Gelöscht : user_pref("extentions.y2layers.installId", "F332ED8C-085A-7C18-92DE-4446E75209B5");
Gelöscht : user_pref("extentions.y2layers.installId_backup", "F332ED8C-085A-7C18-92DE-4446E75209B5");
Gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7972C7E0[...]

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [10888 octets] - [25/06/2013 22:05:12]

########## EOF - C:\AdwCleaner[S1].txt - [10949 octets] ##########
Code:
# AdwCleaner v2.303 - Datei am 25/06/2013 um 22:05:12 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\DealPly
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\extensions\49ffxtbr@UtilityChest_49.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\extensions\amo@dealplyshopping.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Yontoo

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\955de8de76ee843
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\Software\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^fox000^YY^&ptb=7972C7E0-BADF-43F0-A90F-DF287B021990 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\prefs.js

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "My Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "My Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=7972C7E0-BADF-43F[...]
Gelöscht : user_pref("extensions.delta.bbDpng", "13");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.hdrMd5", "");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "");
Gelöscht : user_pref("extensions.delta.sg", "er");
Gelöscht : user_pref("extensions.delta.smplGrp", "er");
Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.trace_log", "1368464833893 - onFlagInfoReceived - JSON Received: {\"uniq[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "6BB67AB009C1BB6F64B3061413432EE5");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.26");
Gelöscht : user_pref("extentions.y2layers.installId", "F332ED8C-085A-7C18-92DE-4446E75209B5");
Gelöscht : user_pref("extentions.y2layers.installId_backup", "F332ED8C-085A-7C18-92DE-4446E75209B5");
Gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7972C7E0[...]

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [10888 octets] - [25/06/2013 22:05:12]

########## EOF - C:\AdwCleaner[S1].txt - [10949 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by admin on 25.06.2013 at 22:16:37,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utility chest search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utilitychest_49 browser plugin loader



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\word\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80BBD1D5-773C-4DD0-8E1A-819DEA3F2390}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}



~~~ Files

Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\admin\appdata\local\utilitychest_49"
Successfully deleted: [Folder] "C:\Users\admin\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\admin\appdata\locallow\utilitychest_49"
Failed to delete: [Folder] "C:\Program Files\utilitychest_49"



~~~ FireFox

Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4i11hfol.default\invalidprefs.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com
Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4i11hfol.default\prefs.js

user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013061821");
user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^fox000^YY^");
user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "7972C7E0-BADF-43F0-A90F-DF287B021990");
user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1372190418615");
user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "=\n=\n");
user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "utilitychest@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7972C7E0-BADF-43F0-A90F-DF287B021990&n=77fce2bd&ind=2013061821&p2=^ZO^fox000^YY^&se
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4i11hfol.default\minidumps [20 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\admin\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.06.2013 at 22:18:22,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-06-2013
Ran by admin (administrator) on 25-06-2013 22:30:11
Running from C:\Users\admin\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(COMPANYVERS_NAME) C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13548064 2008-07-27] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-07-27] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-07] (CANON INC.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MailCheck IE Broker] "C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [1430592 2013-03-15] (1und1 Mail und Media GmbH)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-25] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll No File
HKCU SearchScopes: DefaultScope {711E92F7-BBEB-41F3-8B2F-4D0B22281AF1} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MOOI_deDE411
SearchScopes: HKCU - {055B8C8A-9C94-48AA-9000-20124FA2AA33} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {0FD59F66-C1A2-414A-A44B-4A433EFB3911} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {711E92F7-BBEB-41F3-8B2F-4D0B22281AF1} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MOOI_deDE411
SearchScopes: HKCU - {A48D3CFD-DFDA-4976-8056-AFFC41E6B7AB} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C5117C5C-63FF-487E-A2C9-B526D5F7F8D4} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Tube Karaoke - {F351B686-F6AF-45F1-9EB9-684C805B25B1} - C:\Program Files\YTKaraoke\ytkaraoke.dll (Dacotta SoftEngineering)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU -Utility Chest - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i11hfol.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @ei.UtilityChest_49.com/Plugin - C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll (Utility Chest)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @UtilityChest_49.com/Plugin - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-06-18] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 22:26 - 2013-06-25 22:26 - 00448512 ____A (OldTimer Tools) C:\Users\admin\Downloads\TFC(1).exe
2013-06-25 22:25 - 2013-06-25 22:26 - 00448512 ____A (OldTimer Tools) C:\Users\admin\Downloads\TFC.exe
2013-06-25 22:18 - 2013-06-25 22:18 - 00004936 ____A C:\Users\admin\Desktop\JRT.txt
2013-06-25 22:15 - 2013-06-25 22:15 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\admin\Downloads\JRT.exe
2013-06-25 22:15 - 2013-06-25 22:15 - 00000000 ____D C:\JRT
2013-06-25 22:05 - 2013-06-25 22:05 - 00011019 ____A C:\AdwCleaner[S1].txt
2013-06-25 22:03 - 2013-06-25 22:04 - 00648201 ____A C:\Users\admin\Downloads\adwcleaner.exe
2013-06-23 22:09 - 2013-06-23 22:09 - 00019397 ____A C:\Users\admin\Downloads\Addition.txt
2013-06-23 22:07 - 2013-06-23 22:07 - 01369655 ____A (Farbar) C:\Users\admin\Downloads\FRST.exe
2013-06-23 22:07 - 2013-06-23 22:07 - 00000000 ____D C:\FRST
2013-06-18 21:19 - 2013-06-18 21:19 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller(1).exe
2013-06-18 21:18 - 2013-06-18 21:19 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2013-06-18 21:18 - 2013-06-18 21:18 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-18 21:17 - 2013-06-18 21:17 - 03778944 ____A (Utility Chest) C:\Users\admin\Downloads\UtilityChestSetup2.5.12.0.^ZO^fox000^YY^.exe
2013-06-17 21:10 - 2013-06-24 21:12 - 00000005 ____A C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2013-06-16 20:33 - 2013-06-16 20:36 - 00045772 ____A C:\Users\admin\Downloads\Extras.Txt
2013-06-16 20:31 - 2013-06-16 20:36 - 00101248 ____A C:\Users\admin\Downloads\OTL.Txt
2013-06-16 20:14 - 2013-06-16 20:14 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL(1).exe
2013-06-16 20:12 - 2013-06-16 20:12 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2013-06-16 18:56 - 2013-06-16 18:56 - 00607368 ____A C:\Users\admin\Downloads\Firefox_Setup_21.0.exe
2013-06-16 18:56 - 2013-06-16 18:56 - 00607368 ____A C:\Users\admin\Downloads\Firefox_Setup_21.0(1).exe
2013-06-15 19:52 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 19:52 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 19:52 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-15 19:52 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-15 19:52 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 19:52 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-15 19:52 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-15 19:52 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-15 19:52 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-15 19:52 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-15 19:52 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-15 19:52 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-15 19:52 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 19:52 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-15 19:52 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 19:52 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 22:09 - 2013-05-08 05:40 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 22:09 - 2013-05-08 03:58 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-06-13 22:09 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 22:09 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-13 22:09 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 22:09 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 22:09 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 22:09 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 22:09 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 22:08 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 22:08 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 22:08 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-05 20:43 - 2013-06-05 20:43 - 00000000 __SHD C:\found.000
2013-06-03 22:02 - 2013-06-03 22:02 - 00419072 ____A C:\Users\admin\Downloads\Setup.exe
2013-05-28 19:55 - 2013-05-28 19:55 - 00000165 ___AH C:\Users\admin\Desktop\~$fixkosten übersicht.xlsx
2013-05-26 10:55 - 2013-05-26 10:55 - 00009108 ____A C:\Users\admin\Desktop\fixkosten übersicht.xlsx

==================== One Month Modified Files and Folders ========

2013-06-25 22:30 - 2013-03-26 19:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 22:26 - 2013-06-25 22:26 - 00448512 ____A (OldTimer Tools) C:\Users\admin\Downloads\TFC(1).exe
2013-06-25 22:26 - 2013-06-25 22:25 - 00448512 ____A (OldTimer Tools) C:\Users\admin\Downloads\TFC.exe
2013-06-25 22:19 - 2006-11-02 14:52 - 01319783 ____A C:\Windows\WindowsUpdate.log
2013-06-25 22:18 - 2013-06-25 22:18 - 00004936 ____A C:\Users\admin\Desktop\JRT.txt
2013-06-25 22:16 - 2013-04-03 21:59 - 00000000 ____D C:\Windows\ERUNT
2013-06-25 22:15 - 2013-06-25 22:15 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\admin\Downloads\JRT.exe
2013-06-25 22:15 - 2013-06-25 22:15 - 00000000 ____D C:\JRT
2013-06-25 22:07 - 2013-05-25 07:11 - 00000350 ____A C:\Windows\Tasks\Tube Karaoke Update.job
2013-06-25 22:06 - 2010-12-25 11:49 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 22:06 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 22:06 - 2006-11-02 14:47 - 00004496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 22:06 - 2006-11-02 14:47 - 00004496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 22:05 - 2013-06-25 22:05 - 00011019 ____A C:\AdwCleaner[S1].txt
2013-06-25 22:05 - 2010-12-25 11:50 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-06-25 22:05 - 2006-11-02 15:01 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-25 22:04 - 2013-06-25 22:03 - 00648201 ____A C:\Users\admin\Downloads\adwcleaner.exe
2013-06-24 21:53 - 2013-05-25 07:12 - 00000000 ____D C:\Users\admin\Documents\EDELBERG
2013-06-24 21:34 - 2010-12-25 11:49 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 21:12 - 2013-06-17 21:10 - 00000005 ____A C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2013-06-23 22:09 - 2013-06-23 22:09 - 00019397 ____A C:\Users\admin\Downloads\Addition.txt
2013-06-23 22:07 - 2013-06-23 22:07 - 01369655 ____A (Farbar) C:\Users\admin\Downloads\FRST.exe
2013-06-23 22:07 - 2013-06-23 22:07 - 00000000 ____D C:\FRST
2013-06-23 21:33 - 2006-11-02 12:33 - 01445116 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 21:31 - 2010-12-21 11:34 - 00049912 ____A C:\Windows\PFRO.log
2013-06-18 21:19 - 2013-06-18 21:19 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller(1).exe
2013-06-18 21:19 - 2013-06-18 21:18 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2013-06-18 21:18 - 2013-06-18 21:18 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-18 21:17 - 2013-06-18 21:17 - 03778944 ____A (Utility Chest) C:\Users\admin\Downloads\UtilityChestSetup2.5.12.0.^ZO^fox000^YY^.exe
2013-06-16 20:36 - 2013-06-16 20:33 - 00045772 ____A C:\Users\admin\Downloads\Extras.Txt
2013-06-16 20:36 - 2013-06-16 20:31 - 00101248 ____A C:\Users\admin\Downloads\OTL.Txt
2013-06-16 20:14 - 2013-06-16 20:14 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL(1).exe
2013-06-16 20:12 - 2013-06-16 20:12 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2013-06-16 18:56 - 2013-06-16 18:56 - 00607368 ____A C:\Users\admin\Downloads\Firefox_Setup_21.0.exe
2013-06-16 18:56 - 2013-06-16 18:56 - 00607368 ____A C:\Users\admin\Downloads\Firefox_Setup_21.0(1).exe
2013-06-15 20:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-15 20:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-15 19:54 - 2011-01-04 09:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-15 19:49 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-09 14:17 - 2011-01-10 08:26 - 00027839 ____A C:\ProgramData\nvModes.001
2013-06-06 09:01 - 2010-12-20 20:10 - 00007592 ____A C:\Users\admin\AppData\Local\d3d9caps.dat
2013-06-05 20:43 - 2013-06-05 20:43 - 00000000 __SHD C:\found.000
2013-06-03 22:02 - 2013-06-03 22:02 - 00419072 ____A C:\Users\admin\Downloads\Setup.exe
2013-05-28 19:55 - 2013-05-28 19:55 - 00000165 ___AH C:\Users\admin\Desktop\~$fixkosten übersicht.xlsx
2013-05-26 10:55 - 2013-05-26 10:55 - 00009108 ____A C:\Users\admin\Desktop\fixkosten übersicht.xlsx
2013-05-26 09:13 - 2011-01-04 09:38 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2013-05-26 09:00 - 2012-05-08 18:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-26 09:00 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\LiveKernelReports

Files to move or delete:
====================
C:\Users\admin\badoo.desktop.installer-1.5.3.exe
C:\Users\admin\Elf_1.12.exe
C:\Users\admin\FreeYouTubeToMp3Converter31.exe
C:\Users\admin\install_icq7.exe
C:\Users\admin\iTunesSetup.exe
C:\Users\admin\SkypeSetup.exe
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-25 22:14

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 26.06.2013 08:38

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?

jenn2009 29.06.2013 21:47
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c62f34ec9c33d9468bbeba43efcaaa40
# engine=13475
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-25 07:24:56
# local_time=2013-03-25 08:24:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 22025 201729024 0 0
# scanned=130408
# found=7
# cleaned=0
# scan_time=4018
sh=A403C2625627FD9F00CEE62607B789B57390A64E ft=1 fh=8c40a8a7724b152b vn="a variant of Win32/Kryptik.AXDB trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=5D06C4CFC94E42BD6B5B3ADCEA9F9C7B098A6101 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="C:\Users\admin\Documents\BearShare\sonstiges\(RingTones)-handy kingeltöne.mp3"
sh=325E37485AAD7A1703B9EBE8FC5EA9CA4578B7FB ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="C:\Users\admin\Documents\BearShare\sonstiges\David Guetta and Chris Willis vs Tocadisco - Tomorrow Can Wait (Sharam remix Dgedit).mp3"
sh=0B5135604D3752B2EC182F9461B260897C26D3D9 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="C:\Users\admin\Documents\BearShare\sonstiges\David Guetta featuring  Tara Mcdonald - Delirious (Laidback Luke remix).mp3"
sh=3F352975A2C493AFF7D7F9C21F0074405E46AA53 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="C:\Users\admin\Documents\Shareaza Downloads\clubbanger dee the young (REMIX).mp3"
sh=F2FF8450388C038B92F5C831392ADB3D4DB18DFA ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="C:\Users\admin\Documents\Shareaza Downloads\august09\(Fusion) pitbull room service  _uncensored_.mp3"
sh=6CEB90FE42401B9BA37D592AC6FC093EC9CBE884 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="C:\Users\admin\Documents\Shareaza Downloads\sonstiges\TOPHIT 100 -handy kingeltöne.mp3"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c62f34ec9c33d9468bbeba43efcaaa40
# engine=14191
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-28 07:00:22
# local_time=2013-06-28 09:00:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 7126050 209978750 0 0
# scanned=109120
# found=0
# cleaned=0
# scan_time=3586

schrauber 29.06.2013 21:49
Und weiter :)

jenn2009 29.06.2013 22:10
Code:
Results of screen317's Security Check version 0.99.68 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player        11.7.700.202 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (For.)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

schrauber 30.06.2013 07:26
Java und Adobe updaten. Frisches FRST Log bitte. Noch Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131