Ich habe folgendes Problem, seit ein paar Tagen öffnet sich hin und wieder ein fenster bei meinen mozilla firefox habe auch einen screenshot gemacht und bei directupload hochgeladen um zu zeigen wie das fenster aussieht.
hxxp://s1.directupload.net/file/d/3167/9pet6mcy_jpg.htm

Weiss jemand wie man so etwas entfernen kann es ist sehr nervig.
Habe schon meinen Spybot and Destroy durchlaufen lassen und so findet nichts.

Ich bedanke mich schon im voraus das sich jemand mein problem annimmt

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in CODE-Tags hier in den Thread.

Wow das war eine schnelle antwort ich werde mich gleich dahintersetzten und alles machen was sie mir beschrieben haben

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.112 - Datei am 15/02/2013 um 12:54:25 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Chrisi - CHRISI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chrisi\Downloads\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\searchplugins\MyStart Search.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Chrisi\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Chrisi\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\Chrisi\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Chrisi\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\Smartbar
Ordner Gelöscht : C:\Users\Chrisi\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\59ed6dbb334ee12
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\59ed6dbb334ee12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/anytubedownloader/{FE9B546B-5C04-4B07-83FF-C82F92E2156C} --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\prefs.js

C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT3202918.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT3202918.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3202918.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3202918.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3202918.FirstTime", "true");
Gelöscht : user_pref("CT3202918.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3202918.UserID", "UN34441738832383845");
Gelöscht : user_pref("CT3202918.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3202918.embeddedsData", "[{\"appId\":\"129773064360875682\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3202918.enableAlerts", "never");
Gelöscht : user_pref("CT3202918.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3202918.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3202918.fixUrls", true);
Gelöscht : user_pref("CT3202918.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3202918.isNewTabEnabled", true);
Gelöscht : user_pref("CT3202918.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT3202918.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3202918.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3202918.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRA[...]
Gelöscht : user_pref("CT3202918.search.searchAppId", "129773064360875682");
Gelöscht : user_pref("CT3202918.search.searchCount", "0");
Gelöscht : user_pref("CT3202918.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3202918.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3202918.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3202918.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3202918.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT3202918.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344367737489");
Gelöscht : user_pref("CT3202918.serviceLayer_services_appTracking_lastUpdate", "1344367738574");
Gelöscht : user_pref("CT3202918.serviceLayer_services_appsMetadata_lastUpdate", "1344367737473");
Gelöscht : user_pref("CT3202918.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344367738201");
Gelöscht : user_pref("CT3202918.serviceLayer_services_login_10.10.24.2_lastUpdate", "1344367826086");
Gelöscht : user_pref("CT3202918.serviceLayer_services_menu_434a494ed505ad77ce4cfa879a61a43c_lastUpdate", "13443[...]
Gelöscht : user_pref("CT3202918.serviceLayer_services_menu_a43e6069358144da1b2908ca82c52bd7_lastUpdate", "13443[...]
Gelöscht : user_pref("CT3202918.serviceLayer_services_optimizer_lastUpdate", "1344367738156");
Gelöscht : user_pref("CT3202918.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344367738068");
Gelöscht : user_pref("CT3202918.serviceLayer_services_searchAPI_lastUpdate", "1344367736405");
Gelöscht : user_pref("CT3202918.serviceLayer_services_serviceMap_lastUpdate", "1344367736278");
Gelöscht : user_pref("CT3202918.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344367737972");
Gelöscht : user_pref("CT3202918.serviceLayer_services_toolbarSettings_lastUpdate", "1344367736377");
Gelöscht : user_pref("CT3202918.serviceLayer_services_translation_lastUpdate", "1344367737478");
Gelöscht : user_pref("CT3202918.settingsINI", true);
Gelöscht : user_pref("CT3202918.smartbar.CTID", "CT3202918");
Gelöscht : user_pref("CT3202918.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3202918.smartbar.toolbarName", "FreezbGames ");
Gelöscht : user_pref("CT3202918.toolbarBornServerTime", "7-8-2012");
Gelöscht : user_pref("CT3202918.toolbarCurrentServerTime", "7-8-2012");
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6R8SoSDPXZ&i=26");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 4);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "2882782c000000000000002522dbe937");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15250");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 4);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1023:20:18");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1023:20:18");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=441[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "2882782c000000000000002522dbe937");
Gelöscht : user_pref("extensions.claro.instlDay", "15647");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1018:02:31");
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10643");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "D12D25C858DF86EB640EB01B5A2A4CB8");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "2882782c000000000000002522dbe937");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15730");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:55:16");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "1");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8SoSDPXZ&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6R8SoSDPXZ");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92825807797756667");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:55:16");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "2882782c000000000000002522dbe937");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15730");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "1");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8SoSDPXZ&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8SoSDPXZ");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92825807797756667");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:55:16");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("tfp.abs.CT3202918", true);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Chrisi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [20308 octets] - [15/02/2013 12:53:32]
AdwCleaner[S1].txt - [19562 octets] - [15/02/2013 12:54:25]

########## EOF - C:\AdwCleaner[S1].txt - [19623 octets] ##########
         

--- --- ---

hoffe es passt das ich es hier eingefügt habe.
dazu muss ich noch sagen ich habs auf den anderen computer auch soll ich ihnen von dem auch die Berichte hier einfügen?

Zitat:

dazu muss ich noch sagen ich habs auf den anderen computer auch soll ich ihnen von dem auch die Berichte hier einfügen?

Nein!! Stell dir vor du postest Logs von verschiedenen Computern hier rein, da kommt doch jeder durcheinander welche Anweisung sich auf welchen Rechner genau bezieht!
Mach für jeden Rechnern einen separaten Strang bitte auf

TL logfile created on: 15.02.2013 13:19:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chrisi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,19 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 57,60% Memory free
6,58 Gb Paging File | 5,28 Gb Available in Paging File | 80,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,68 Gb Total Space | 6,47 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
Drive F: | 881,83 Gb Total Space | 289,68 Gb Free Space | 32,85% Space Free | Partition Type: NTFS

Computer Name: CHRISI-PC | User Name: Chrisi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chrisi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe (SteelSeries)
PRC - F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\vdhidwdm.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CTUPnPSv) -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (Mo3Fltr) -- C:\Windows\System32\drivers\Mo3Fltr.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SNP325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{2E0B013F-F488-47C1-BEB6-E3B848E1ADB5}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: aWQzX%40a6z4gWdPu8FF.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chrisi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chrisi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.26 12:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.04 14:42:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 14:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.26 12:17:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\extensions\firejump@firejump.net [2012.02.25 00:48:24 | 000,000,000 | ---D | M]

[2011.09.21 21:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions
[2012.02.25 00:48:24 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions\firejump@firejump.net
[2012.09.26 17:14:56 | 000,003,684 | ---- | M] () (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\firefox\profiles\cin1attw.default\extensions\aWQzX@a6z4gWdPu8FF.com.xpi
[2013.02.14 19:17:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\firefox\profiles\cin1attw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.07 18:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 10:29:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.06 14:49:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 08:49:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe (SteelSeries)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [Facebook Update] "C:\Users\Chrisi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D32D1B-3934-4A7A-A96C-E1F3216F5F5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{530a3b5d-e4e4-11e0-af18-002522dbe937}\Shell - "" = AutoRun
O33 - MountPoints2\{530a3b5d-e4e4-11e0-af18-002522dbe937}\Shell\AutoRun\command - "" = L:\AutoRunLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.15 09:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.15 09:33:24 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.02.15 09:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.02.15 09:13:51 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chrisi\Desktop\HiJackThis.exe
[2013.02.14 08:51:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 08:51:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 08:51:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 08:51:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 08:51:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 08:51:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 08:51:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 08:51:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 17:57:48 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 17:57:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.13 17:57:44 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 17:57:44 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.07 13:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2013.02.07 13:00:36 | 000,000,000 | ---D | C] -- C:\BrickForce
[2013.02.05 19:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.02.05 19:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.03 23:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.02.03 23:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.03 23:10:32 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 23:10:32 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 23:10:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 23:10:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 23:10:19 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 21:46:23 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2013.02.03 21:45:41 | 000,317,440 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2013.01.28 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.28 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.25 18:51:28 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\AppData\Roaming\Little Inferno
[2013.01.25 13:55:12 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.01.25 13:55:12 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.01.25 13:55:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll

========== Files - Modified Within 30 Days ==========

[2013.02.15 13:18:18 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.15 13:18:18 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.15 13:18:18 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.15 13:18:18 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.15 13:11:00 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.15 13:10:58 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 13:10:58 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 13:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 13:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 12:55:31 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.15 11:33:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3644773473-1287165813-3723838049-1000UA.job
[2013.02.15 09:53:06 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.15 09:53:06 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.15 09:33:29 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.15 09:20:17 | 000,234,454 | ---- | M] () -- C:\Users\Chrisi\Desktop\Unbenannt.jpg
[2013.02.15 09:15:36 | 000,318,369 | ---- | M] () -- C:\Users\Chrisi\Desktop\HiJackThis.zip
[2013.02.15 09:13:51 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chrisi\Desktop\HiJackThis.exe
[2013.02.14 23:09:43 | 000,000,574 | ---- | M] () -- C:\Windows\wininit.ini
[2013.02.14 10:44:19 | 000,080,351 | ---- | M] () -- C:\Users\Chrisi\Desktop\425991_10200709951371138_1845902280_n.jpg
[2013.02.14 10:21:03 | 000,031,094 | ---- | M] () -- C:\Users\Chrisi\Desktop\valentinstag5.jpg
[2013.02.14 10:20:25 | 000,045,692 | ---- | M] () -- C:\Users\Chrisi\Desktop\valentinstag7.jpg
[2013.02.14 09:40:55 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.13 23:11:54 | 000,195,072 | ---- | M] () -- C:\Users\Chrisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 14:33:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3644773473-1287165813-3723838049-1000Core.job
[2013.02.09 20:25:33 | 000,719,671 | ---- | M] () -- C:\Users\Chrisi\Desktop\XinZhao_WarringKingdoms_Comic.jpg
[2013.02.09 20:25:23 | 000,837,114 | ---- | M] () -- C:\Users\Chrisi\Desktop\Jarvan_WarringKingdoms_Comic.jpg
[2013.02.08 19:01:59 | 000,147,306 | ---- | M] () -- C:\Users\Chrisi\Desktop\banndurchtribanal.jpg
[2013.02.07 13:14:45 | 000,000,582 | ---- | M] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2013.02.04 14:42:38 | 000,000,851 | ---- | M] () -- C:\Users\Chrisi\Desktop\Free YouTube Download.lnk
[2013.02.03 23:16:19 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.03 23:10:09 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 23:10:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 23:10:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.03 23:10:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 23:10:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 23:10:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 21:46:29 | 000,000,024 | ---- | M] () -- C:\Windows\System32\Kene32.uns
[2013.02.03 21:40:03 | 008,773,687 | ---- | M] () -- C:\Users\Chrisi\Desktop\sim53.zip
[2013.01.25 18:45:49 | 000,000,202 | ---- | M] () -- C:\Users\Chrisi\Desktop\Little Inferno.url
[2013.01.22 21:07:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.22 21:07:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.21 02:21:07 | 000,021,702 | ---- | M] () -- C:\Users\Chrisi\Desktop\filme.ods
[2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013.02.15 12:54:34 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.15 09:33:36 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.15 09:33:35 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.15 09:33:35 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.15 09:33:29 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.15 09:33:29 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.15 09:20:17 | 000,234,454 | ---- | C] () -- C:\Users\Chrisi\Desktop\Unbenannt.jpg
[2013.02.15 09:15:35 | 000,318,369 | ---- | C] () -- C:\Users\Chrisi\Desktop\HiJackThis.zip
[2013.02.14 10:44:19 | 000,080,351 | ---- | C] () -- C:\Users\Chrisi\Desktop\425991_10200709951371138_1845902280_n.jpg
[2013.02.14 10:21:02 | 000,031,094 | ---- | C] () -- C:\Users\Chrisi\Desktop\valentinstag5.jpg
[2013.02.14 10:20:24 | 000,045,692 | ---- | C] () -- C:\Users\Chrisi\Desktop\valentinstag7.jpg
[2013.02.09 20:25:33 | 000,719,671 | ---- | C] () -- C:\Users\Chrisi\Desktop\XinZhao_WarringKingdoms_Comic.jpg
[2013.02.09 20:25:21 | 000,837,114 | ---- | C] () -- C:\Users\Chrisi\Desktop\Jarvan_WarringKingdoms_Comic.jpg
[2013.02.08 19:01:59 | 000,147,306 | ---- | C] () -- C:\Users\Chrisi\Desktop\banndurchtribanal.jpg
[2013.02.07 13:00:44 | 000,000,582 | ---- | C] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2013.02.04 14:42:38 | 000,000,851 | ---- | C] () -- C:\Users\Chrisi\Desktop\Free YouTube Download.lnk
[2013.02.03 23:21:26 | 010,306,912 | ---- | C] () -- C:\Users\Chrisi\Desktop\sim53.swf
[2013.02.03 23:16:19 | 000,000,631 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.03 21:46:29 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Kene32.uns
[2013.02.03 21:39:35 | 008,773,687 | ---- | C] () -- C:\Users\Chrisi\Desktop\sim53.zip
[2013.01.25 18:45:49 | 000,000,202 | ---- | C] () -- C:\Users\Chrisi\Desktop\Little Inferno.url
[2013.01.20 22:54:13 | 000,021,702 | ---- | C] () -- C:\Users\Chrisi\Desktop\filme.ods
[2012.12.09 23:52:12 | 001,527,650 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
[2012.12.09 23:52:12 | 001,527,650 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2012.12.09 23:52:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\avsfilter.dll
[2012.12.09 23:52:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\avisynth_c.dll
[2012.12.09 23:52:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\AvsRecursion.dll
[2012.10.28 00:37:18 | 000,002,292 | ---- | C] () -- C:\Users\Chrisi\AppData\Roaming\ASSDraw3.cfg
[2012.09.25 16:27:32 | 000,000,691 | ---- | C] () -- C:\Users\Chrisi\World of Warcraft.lnk
[2012.08.05 14:38:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.08.05 14:31:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012.07.07 13:56:22 | 000,000,992 | ---- | C] () -- C:\Windows\eReg.dat
[2012.07.04 19:42:09 | 000,000,310 | ---- | C] () -- C:\Users\Chrisi\Öffentlich - Verknüpfung.lnk
[2012.03.19 19:59:46 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.03.19 19:59:45 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2012.03.19 19:59:45 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2012.03.19 19:59:45 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2012.03.19 19:59:44 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2012.03.19 19:59:44 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2012.03.19 19:59:44 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2012.02.25 00:48:25 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.02.05 02:54:24 | 000,000,356 | ---- | C] () -- C:\Users\Chrisi\Download - Verknüpfung (2).lnk
[2012.02.05 02:54:16 | 000,000,356 | ---- | C] () -- C:\Users\Chrisi\Download - Verknüpfung.lnk
[2011.11.04 15:42:43 | 000,000,574 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.03 18:13:42 | 000,001,024 | ---- | C] () -- C:\Users\Chrisi\.rnd
[2011.09.26 12:07:43 | 000,181,733 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011.09.23 12:13:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.23 12:13:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.23 12:13:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.21 23:51:11 | 000,195,072 | ---- | C] () -- C:\Users\Chrisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.21 23:06:44 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Mo3Fltr.sys
[2011.09.21 21:08:03 | 000,001,356 | ---- | C] () -- C:\Users\Chrisi\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Computer Name: CHRISI-PC | User Name: Chrisi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "F:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{572D14CD-E937-4B0A-8A0F-E7B84C991F94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5931C3EA-91DA-4666-8625-A58031182C99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0019B3C3-0BD4-4D3A-A486-66B709EA7064}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{01B83E72-B2C3-4FED-A879-28ED80F59FB1}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{03E91573-1B3E-42F2-8405-D96ED69C7705}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{073DA792-7903-47BA-AF30-388979F5967F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{0978285E-3045-4071-9112-85057DA574E5}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{0A0942A3-ED02-4F09-A76B-6B37C74E8C49}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0EC16D13-3066-4A1A-BBF9-30475DF74EBB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{10C6DE66-3178-44E2-AD38-E61F806729EE}" = protocol=6 | dir=in | app=f:\steam\steamapps\adriano2003\condition zero\hl.exe |
"{11553C9E-A96D-4805-A4A5-24FAA543AB57}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{12BC57D3-BCF0-43C9-A748-9E873C378EB5}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{17D28232-D817-440B-A946-B4F603A2E0C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1D66058B-D46D-4817-8901-5A2E4FF6D786}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1E1B9B6F-360A-4237-BF2A-F47A6C76A2DE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1E74C2CB-9547-4DE9-AC50-3AE6F19C3231}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2224E7C7-A6E7-4F7B-9DCA-55BA76BDCEBD}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{22EDC1C1-1079-418A-854F-CFF444E61082}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2951E3C5-BE57-489F-883E-D2F7D794390C}" = dir=in | app=c:\users\chrisi\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{2C24E2B9-EC85-482A-B20E-C5419B03CE8F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{2D389102-2EB6-4997-8651-AC3AEE4B60AC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{41FBD74D-954B-4950-9A1E-2BC18E3E6D41}" = protocol=17 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{47177E2C-89CA-46E2-9DA9-D6D2D013E55F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{4C01C461-0680-4D21-84AB-D914BC53A73F}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{54F8DAFF-FB57-4681-8D09-1722F56D2BDE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5C22CD21-4F39-404D-AB89-A656D6B6D750}" = protocol=17 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{5C4270F6-92A9-4A27-8191-F5C208A5601B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{61ACC356-DE4C-4C10-808D-21D3B1BF33A7}" = dir=in | app=c:\brickforce\brickforce.exe |
"{638DC779-D0AF-45C1-93D9-EEA608D6607F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{64D5C01B-59FE-4CBE-883A-37183DA99578}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{6B75A8C1-014F-49E2-B9A2-3EB68FFC34D0}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{6ED1FD8B-2592-4F9A-A9B7-57291EA6AB90}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{734976DD-0D51-4FBE-A112-36BE21078637}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{739A4824-3EB4-47EF-9BF5-2DC3F5943CF4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{865533CE-1B92-4DC0-A18D-BEAFE331F7F3}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{87704A5B-0285-4F19-BCCE-F8EE15D5EA18}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8DFB3EBB-53B2-4CC5-9C7D-95A903B0688F}" = protocol=6 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{8FF47138-6B3D-4067-B2AC-EC31590D9638}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{90BD7CB6-AFC1-4AC0-8D3E-AAB09A946BE1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{92147873-706D-4A8D-B36C-389E8C5FA42F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{92CC7B23-6153-46F9-9E2F-601BF6BC7734}" = protocol=6 | dir=in | app=f:\steam\steamapps\sephiroth19\condition zero\hl.exe |
"{92ED2C0D-B592-4DB9-AFF5-BE414208497A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\little inferno beta\little inferno.exe |
"{93EE909A-452C-4E18-AA0D-10F234433BA3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{963F2FE4-0DD4-46D7-B6E5-04E9EC861EE7}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{976A3818-4B13-4A4B-8825-D89083C4F744}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9ED2FFFC-6645-4134-865B-90998822A41F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A418CCA1-BD51-4C1D-92B9-222E3653859A}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{A4FA24D6-9DA6-42AB-A2D7-C1810BF0F40B}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{AACC63A8-C109-492E-80AB-4CE78EC02757}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AD63EDE2-E6A0-4AFA-8BA6-DBAF93CF13D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B06CE38C-ECDD-4E09-9754-3970F7F0772C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B09D88E0-0DB5-4BFF-ABE7-35C9C617BD37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{B3CACB23-85C6-4BFB-A8DF-E5DF1E2EB677}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B4E663F3-E848-4D29-BA4D-DD634B036E40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C2FD8B3D-168B-4BCB-A98B-D2A3F33C7FE2}" = protocol=17 | dir=in | app=f:\steam\steamapps\adriano2003\condition zero\hl.exe |
"{C4DC6E1A-6108-4DA0-8279-FA9D16E74E2F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C7921031-1201-4047-8EAF-021E3BD58B23}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C89DBF20-B5AB-4D89-BB67-D9F4A6D69056}" = protocol=6 | dir=in | app=f:\steam\steamapps\sephiroth19\counter-strike\hl.exe |
"{CACC782D-35E6-4EA9-9F2B-EA2BC7FCC070}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D1AD840F-1B98-4BCB-96C3-9E186DE6D1FE}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\little inferno beta\little inferno.exe |
"{D5CACE7F-BC7E-4989-AE94-2EC7FE892C40}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wormsxhd\launcher.exe |
"{D5F8CE7D-060A-4ABF-AFA1-D003D8953B0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8D2F0DB-5322-42C7-981E-FA7CD7FCD4ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DC12E4A3-9260-43C3-AC66-A729D550A2A9}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{E809E3E5-EDC0-4C9E-9D10-ADDA9ADDD7B7}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{E9E1CEBB-5CBF-454D-BDC3-C3643AAFC2BB}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{EE48E056-62C5-433F-AC22-F35E808B770D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{EF62A453-D30A-4999-A642-867D0AA901EC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F24D840E-499F-4132-A5D7-D92C15AE443C}" = protocol=17 | dir=in | app=f:\steam\steamapps\sephiroth19\counter-strike\hl.exe |
"{FE585DC4-42AA-4CA2-99CE-BC0E71B86050}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"TCP Query User{0A39492D-2791-49E4-958F-DF48DCF889E4}C:\users\chrisi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chrisi\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1553C54D-A429-4CC1-8F64-460513429D4D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{2359F5B9-CC9F-4204-B190-299BBECB8C8C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{41B09284-2838-498E-BB2A-9E6DA33E12CA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{60C94F26-3FB3-4AD4-A90A-A577EA9CD763}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{64F8B2D6-E14D-432E-94B2-224E8E8AC5B6}J:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=j:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe |
"TCP Query User{705040F4-72CF-4197-BD03-E500B919A18A}F:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=f:\program files\tera\tera-launcher.exe |
"TCP Query User{9FDA3360-2303-4C02-921B-EC5097ADC185}F:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{DCC26EC0-5EB1-4435-91BC-9A3D384BE76B}F:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii.exe |
"TCP Query User{EF165D6F-0349-4D58-BD49-A65E3E863DE7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{17DDABEF-F235-4CB7-8887-71765895A195}J:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=j:\kernis ordner\netzwerk\spiele\quake iii arena\quake3.exe |
"UDP Query User{50697E30-03CA-410F-8C35-AF5CD02E8327}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6ADDD2A2-BE1B-4F1B-A978-9750668B7746}C:\users\chrisi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chrisi\appdata\roaming\spotify\spotify.exe |
"UDP Query User{8009AE83-EE37-4610-9A06-655E5DA2CD95}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{81920079-D706-44AE-8C8D-505DCD80F9D7}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{A5FE8325-F0DB-44E7-8977-AA4B6E97A410}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{D777427A-882F-4315-981E-724334E62E3E}F:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{F1D60C1A-651C-424D-A57B-E928D9B20DA0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FA2689BC-FABE-4F3A-AF35-6D0AE59CBFC1}F:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii.exe |
"UDP Query User{FF5C06D4-A7D1-4DD2-820B-D54ED167BD10}F:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=f:\program files\tera\tera-launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.9
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}" = World of Warcraft MMO Gaming Mouse
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(TM)
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 325 USB PC Camera
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.4.1
"Brick-Force" = Brick-Force
"Cosplay Alien_is1" = Cosplay Alien
"Creative Centrale" = Creative Centrale
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.2.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.15.706
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MKVToolNix" = MKVToolNix 5.5.0
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Recuva" = Recuva
"Sachabenteuer_is1" = Toggolino - Sachabenteuer
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 221260" = Little Inferno
"Steam App 440" = Team Fortress 2
"Steam App 65800" = Dungeon Defenders
"Steam App 70600" = Worms Ultimate Mayhem
"Steam App 80" = Counter-Strike: Condition Zero
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0
"ZENSTYLESERIESUG" = Creative ZEN Style Series Dokumentation

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.02.2013 18:55:58 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 03:44:30 | Computer Name = Chrisi-PC | Source = MsiInstaller | ID = 11609
Description =

Error - 14.02.2013 03:45:42 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 04:41:31 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 10:22:27 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 11:32:09 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.02.2013 18:12:41 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2013 03:26:18 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2013 04:53:19 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2013 08:11:34 | Computer Name = Chrisi-PC | Source = WinMgmt | ID = 10
Description =

[ Spybot - Search and Destroy Events ]
Error - 15.02.2013 04:51:29 | Computer Name = Chrisi-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 15.02.2013 05:21:16 | Computer Name = Chrisi-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 15.02.2013 08:23:39 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:45 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:45 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:51 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:51 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:56 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:57 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:58 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:58 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15.02.2013 08:23:58 | Computer Name = Chrisi-PC | Source = Service Control Manager | ID = 7001
Description =


So habe alles gemacht wie sie mir beschrieben haben leider kommt aber dieses fenster noch immer auf.

ok gut ich habe jetzt nur von einen computer die Logfiles kopiert und eingefügt muss aber dazusagen das ich es gut finde das sie mir die programme geraten haben den es ist vieles weggekommen

Zitat:

So habe alles gemacht wie sie mir beschrieben haben leider kommt aber dieses fenster noch immer auf.

Ich hab auch nirgendwo geschrieben, dass wir nur nach adwCleaner und OTL schon fertig sind!

Die nächsten Logs bitte in CODE-Tags posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 15:32:50
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5 ST31000333AS rev.SD15 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Chrisi\AppData\Local\Temp\kxdirpod.sys


---- User IAT/EAT - GMER 2.0 ----

IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [735A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [735EB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [735ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7359F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [735A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7359E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [735D73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [735ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7359FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7359FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [735971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7362CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [735CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7359D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73596853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7359687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [735A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 2.0 ----
         

Achso dachte es wäre schon fertig, bin mit solchen programmen nicht vertraut aber gut das es solche programme gibt

Was ist mit dem anderen Tool?

mbar ergebnis war negativ also 0 resultate

Die Logs bitte trotzdem immer posten

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chrisi :: CHRISI-PC [administrator]

15.02.2013 15:46:13
mbar-log-2013-02-15 (15-46-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29091
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

bitte schön

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-17 00:34:27
-----------------------------
00:34:27.489    OS Version: Windows 6.0.6002 Service Pack 2
00:34:27.489    Number of processors: 4 586 0x170A
00:34:27.489    ComputerName: CHRISI-PC  UserName: Chrisi
00:34:38.942    Initialize success
00:36:45.021    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7
00:36:45.023    Disk 0 Vendor: ST31000333AS SD15 Size: 953869MB BusType: 3
00:36:45.035    Disk 0 MBR read successfully
00:36:45.037    Disk 0 MBR scan
00:36:45.039    Disk 0 Windows VISTA default MBR code
00:36:45.049    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        50868 MB offset 2048
00:36:45.059    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       902999 MB offset 104179712
00:36:45.074    Disk 0 scanning sectors +1953521664
00:36:45.184    Disk 0 scanning C:\Windows\system32\drivers
00:36:50.956    Service scanning
00:37:00.351    Modules scanning
00:37:06.220    Disk 0 trace - called modules:
00:37:06.227    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
00:37:06.227    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858bc5f8]
00:37:06.228    3 CLASSPNP.SYS[8b0558b3] -> nt!IofCallDriver -> [0x847dc918]
00:37:06.229    5 acpi.sys[8aa516bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0x85602b98]
00:37:06.229    Scan finished successfully
00:37:24.642    Disk 0 MBR has been saved successfully to "C:\Users\Chrisi\Downloads\MBR.dat"
00:37:24.649    The log file has been saved successfully to "C:\Users\Chrisi\Downloads\aswMBR.txt"
         

Code: Alles auswählenAufklappen

ATTFilter

00:39:12.0574 5560  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:39:12.0638 5560  ============================================================
00:39:12.0638 5560  Current date / time: 2013/02/17 00:39:12.0638
00:39:12.0638 5560  SystemInfo:
00:39:12.0638 5560  
00:39:12.0638 5560  OS Version: 6.0.6002 ServicePack: 2.0
00:39:12.0638 5560  Product type: Workstation
00:39:12.0638 5560  ComputerName: CHRISI-PC
00:39:12.0638 5560  UserName: Chrisi
00:39:12.0638 5560  Windows directory: C:\Windows
00:39:12.0638 5560  System windows directory: C:\Windows
00:39:12.0638 5560  Processor architecture: Intel x86
00:39:12.0638 5560  Number of processors: 4
00:39:12.0638 5560  Page size: 0x1000
00:39:12.0638 5560  Boot type: Normal boot
00:39:12.0638 5560  ============================================================
00:39:13.0376 5560  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:39:13.0401 5560  Drive \Device\Harddisk2\DR2 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:39:13.0431 5560  Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:39:13.0446 5560  ============================================================
00:39:13.0446 5560  \Device\Harddisk0\DR0:
00:39:13.0447 5560  MBR partitions:
00:39:13.0447 5560  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x635A000
00:39:13.0447 5560  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x635A800, BlocksNum 0x6E3AB800
00:39:13.0447 5560  \Device\Harddisk2\DR2:
00:39:13.0458 5560  MBR partitions:
00:39:13.0458 5560  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
00:39:13.0458 5560  \Device\Harddisk4\DR4:
00:39:13.0458 5560  MBR partitions:
00:39:13.0458 5560  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
00:39:13.0458 5560  ============================================================
00:39:13.0482 5560  C: <-> \Device\Harddisk0\DR0\Partition1
00:39:13.0521 5560  F: <-> \Device\Harddisk0\DR0\Partition2
00:39:13.0562 5560  K: <-> \Device\Harddisk4\DR4\Partition1
00:39:13.0563 5560  ============================================================
00:39:13.0563 5560  Initialize success
00:39:13.0563 5560  ============================================================
00:39:23.0805 1876  ============================================================
00:39:23.0805 1876  Scan started
00:39:23.0805 1876  Mode: Manual; 
00:39:23.0805 1876  ============================================================
00:39:24.0426 1876  ================ Scan system memory ========================
00:39:24.0426 1876  System memory - ok
00:39:24.0427 1876  ================ Scan services =============================
00:39:24.0535 1876  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
00:39:24.0539 1876  ACPI - ok
00:39:24.0608 1876  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:39:24.0610 1876  AdobeARMservice - ok
00:39:24.0641 1876  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:39:24.0645 1876  AdobeFlashPlayerUpdateSvc - ok
00:39:24.0674 1876  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:39:24.0680 1876  adp94xx - ok
00:39:24.0699 1876  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:39:24.0703 1876  adpahci - ok
00:39:24.0718 1876  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
00:39:24.0719 1876  adpu160m - ok
00:39:24.0725 1876  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:39:24.0728 1876  adpu320 - ok
00:39:24.0760 1876  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:39:24.0761 1876  AeLookupSvc - ok
00:39:24.0790 1876  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
00:39:24.0794 1876  AFD - ok
00:39:24.0811 1876  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:39:24.0813 1876  agp440 - ok
00:39:24.0823 1876  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
00:39:24.0825 1876  aic78xx - ok
00:39:24.0833 1876  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
00:39:24.0835 1876  ALG - ok
00:39:24.0850 1876  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:39:24.0851 1876  aliide - ok
00:39:24.0861 1876  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:39:24.0863 1876  amdagp - ok
00:39:24.0877 1876  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:39:24.0877 1876  amdide - ok
00:39:24.0885 1876  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
00:39:24.0887 1876  AmdK7 - ok
00:39:24.0894 1876  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:39:24.0920 1876  AmdK8 - ok
00:39:24.0933 1876  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
00:39:24.0935 1876  Appinfo - ok
00:39:24.0945 1876  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
00:39:24.0947 1876  arc - ok
00:39:24.0967 1876  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:39:24.0968 1876  arcsas - ok
00:39:24.0980 1876  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:39:24.0981 1876  AsyncMac - ok
00:39:24.0986 1876  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:39:24.0987 1876  atapi - ok
00:39:25.0029 1876  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:39:25.0035 1876  AudioEndpointBuilder - ok
00:39:25.0042 1876  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:39:25.0044 1876  Audiosrv - ok
00:39:25.0058 1876  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:39:25.0059 1876  Beep - ok
00:39:25.0084 1876  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
00:39:25.0090 1876  BFE - ok
00:39:25.0125 1876  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
00:39:25.0141 1876  BITS - ok
00:39:25.0153 1876  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
00:39:25.0153 1876  blbdrive - ok
00:39:25.0166 1876  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:39:25.0167 1876  bowser - ok
00:39:25.0177 1876  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
00:39:25.0178 1876  BrFiltLo - ok
00:39:25.0192 1876  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
00:39:25.0192 1876  BrFiltUp - ok
00:39:25.0201 1876  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
00:39:25.0203 1876  Browser - ok
00:39:25.0216 1876  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
00:39:25.0217 1876  Brserid - ok
00:39:25.0223 1876  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
00:39:25.0224 1876  BrSerWdm - ok
00:39:25.0240 1876  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
00:39:25.0240 1876  BrUsbMdm - ok
00:39:25.0252 1876  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
00:39:25.0253 1876  BrUsbSer - ok
00:39:25.0257 1876  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:39:25.0258 1876  BTHMODEM - ok
00:39:25.0269 1876  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:39:25.0270 1876  cdfs - ok
00:39:25.0295 1876  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:39:25.0296 1876  cdrom - ok
00:39:25.0312 1876  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:39:25.0313 1876  CertPropSvc - ok
00:39:25.0332 1876  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
00:39:25.0334 1876  circlass - ok
00:39:25.0349 1876  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
00:39:25.0353 1876  CLFS - ok
00:39:25.0395 1876  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:39:25.0398 1876  clr_optimization_v2.0.50727_32 - ok
00:39:25.0450 1876  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:39:25.0453 1876  clr_optimization_v4.0.30319_32 - ok
00:39:25.0467 1876  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:39:25.0468 1876  cmdide - ok
00:39:25.0473 1876  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:39:25.0474 1876  Compbatt - ok
00:39:25.0479 1876  COMSysApp - ok
00:39:25.0493 1876  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:39:25.0494 1876  crcdisk - ok
00:39:25.0507 1876  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
00:39:25.0509 1876  Crusoe - ok
00:39:25.0536 1876  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:39:25.0539 1876  CryptSvc - ok
00:39:25.0572 1876  [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
00:39:25.0574 1876  CTDevice_Srv - ok
00:39:25.0584 1876  [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv        C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
00:39:25.0585 1876  CTUPnPSv - ok
00:39:25.0606 1876  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:39:25.0623 1876  DcomLaunch - ok
00:39:25.0636 1876  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:39:25.0637 1876  DfsC - ok
00:39:25.0684 1876  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
00:39:25.0726 1876  DFSR - ok
00:39:25.0755 1876  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
00:39:25.0758 1876  Dhcp - ok
00:39:25.0764 1876  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
00:39:25.0765 1876  disk - ok
00:39:25.0793 1876  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:39:25.0796 1876  Dnscache - ok
00:39:25.0810 1876  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:39:25.0814 1876  dot3svc - ok
00:39:25.0844 1876  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
00:39:25.0846 1876  Dot4 - ok
00:39:25.0857 1876  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:39:25.0857 1876  Dot4Print - ok
00:39:25.0880 1876  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
00:39:25.0881 1876  dot4usb - ok
00:39:25.0913 1876  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
00:39:25.0918 1876  DPS - ok
00:39:25.0955 1876  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:39:25.0955 1876  drmkaud - ok
00:39:25.0984 1876  [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:39:25.0987 1876  dtsoftbus01 - ok
00:39:26.0023 1876  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:39:26.0040 1876  DXGKrnl - ok
00:39:26.0050 1876  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
00:39:26.0052 1876  E1G60 - ok
00:39:26.0069 1876  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
00:39:26.0071 1876  EapHost - ok
00:39:26.0082 1876  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
00:39:26.0084 1876  Ecache - ok
00:39:26.0128 1876  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:39:26.0132 1876  ehRecvr - ok
00:39:26.0147 1876  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
00:39:26.0149 1876  ehSched - ok
00:39:26.0159 1876  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
00:39:26.0161 1876  ehstart - ok
00:39:26.0172 1876  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:39:26.0177 1876  elxstor - ok
00:39:26.0213 1876  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
00:39:26.0229 1876  EMDMgmt - ok
00:39:26.0239 1876  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:39:26.0239 1876  ErrDev - ok
00:39:26.0255 1876  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
00:39:26.0259 1876  EventSystem - ok
00:39:26.0263 1876  EverestDriver - ok
00:39:26.0286 1876  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
00:39:26.0289 1876  exfat - ok
00:39:26.0304 1876  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:39:26.0308 1876  fastfat - ok
00:39:26.0317 1876  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:39:26.0319 1876  fdc - ok
00:39:26.0336 1876  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:39:26.0337 1876  fdPHost - ok
00:39:26.0345 1876  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:39:26.0347 1876  FDResPub - ok
00:39:26.0354 1876  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:39:26.0355 1876  FileInfo - ok
00:39:26.0367 1876  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:39:26.0368 1876  Filetrace - ok
00:39:26.0381 1876  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:39:26.0382 1876  flpydisk - ok
00:39:26.0392 1876  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:39:26.0395 1876  FltMgr - ok
00:39:26.0442 1876  [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache       C:\Windows\system32\FntCache.dll
00:39:26.0460 1876  FontCache - ok
00:39:26.0472 1876  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:39:26.0474 1876  FontCache3.0.0.0 - ok
00:39:26.0500 1876  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:39:26.0501 1876  Fs_Rec - ok
00:39:26.0512 1876  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:39:26.0514 1876  gagp30kx - ok
00:39:26.0539 1876  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:39:26.0555 1876  gpsvc - ok
00:39:26.0587 1876  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:39:26.0590 1876  HdAudAddService - ok
00:39:26.0617 1876  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:39:26.0625 1876  HDAudBus - ok
00:39:26.0643 1876  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:39:26.0645 1876  HidBth - ok
00:39:26.0659 1876  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:39:26.0660 1876  HidIr - ok
00:39:26.0671 1876  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
00:39:26.0674 1876  hidserv - ok
00:39:26.0680 1876  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:39:26.0681 1876  HidUsb - ok
00:39:26.0703 1876  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:39:26.0706 1876  hkmsvc - ok
00:39:26.0720 1876  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
00:39:26.0722 1876  HpCISSs - ok
00:39:26.0793 1876  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:39:26.0802 1876  hpqcxs08 - ok
00:39:26.0820 1876  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:39:26.0823 1876  hpqddsvc - ok
00:39:26.0844 1876  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:39:26.0851 1876  HTTP - ok
00:39:26.0860 1876  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
00:39:26.0861 1876  i2omp - ok
00:39:26.0887 1876  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:39:26.0889 1876  i8042prt - ok
00:39:26.0918 1876  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
00:39:26.0922 1876  iaStorV - ok
00:39:26.0958 1876  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:39:26.0974 1876  idsvc - ok
00:39:26.0984 1876  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:39:26.0986 1876  iirsp - ok
00:39:27.0008 1876  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:39:27.0016 1876  IKEEXT - ok
00:39:27.0073 1876  [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:39:27.0105 1876  IntcAzAudAddService - ok
00:39:27.0113 1876  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:39:27.0114 1876  intelide - ok
00:39:27.0124 1876  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:39:27.0125 1876  intelppm - ok
00:39:27.0135 1876  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:39:27.0138 1876  IPBusEnum - ok
00:39:27.0149 1876  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:39:27.0151 1876  IpFilterDriver - ok
00:39:27.0171 1876  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:39:27.0175 1876  iphlpsvc - ok
00:39:27.0180 1876  IpInIp - ok
00:39:27.0192 1876  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
00:39:27.0192 1876  IPMIDRV - ok
00:39:27.0209 1876  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
00:39:27.0217 1876  IPNAT - ok
00:39:27.0235 1876  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:39:27.0236 1876  IRENUM - ok
00:39:27.0252 1876  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:39:27.0253 1876  isapnp - ok
00:39:27.0269 1876  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:39:27.0272 1876  iScsiPrt - ok
00:39:27.0280 1876  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
00:39:27.0281 1876  iteatapi - ok
00:39:27.0292 1876  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
00:39:27.0293 1876  iteraid - ok
00:39:27.0306 1876  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:39:27.0308 1876  kbdclass - ok
00:39:27.0316 1876  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:39:27.0318 1876  kbdhid - ok
00:39:27.0338 1876  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
00:39:27.0340 1876  KeyIso - ok
00:39:27.0364 1876  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:39:27.0370 1876  KSecDD - ok
00:39:27.0384 1876  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:39:27.0391 1876  KtmRm - ok
00:39:27.0417 1876  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:39:27.0420 1876  LanmanServer - ok
00:39:27.0484 1876  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:39:27.0499 1876  LanmanWorkstation - ok
00:39:27.0533 1876  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:39:27.0566 1876  lltdio - ok
00:39:27.0601 1876  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:39:27.0649 1876  lltdsvc - ok
00:39:27.0671 1876  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:39:27.0674 1876  lmhosts - ok
00:39:27.0694 1876  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:39:27.0695 1876  LSI_FC - ok
00:39:27.0706 1876  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:39:27.0708 1876  LSI_SAS - ok
00:39:27.0723 1876  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:39:27.0756 1876  LSI_SCSI - ok
00:39:27.0804 1876  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
00:39:27.0837 1876  luafv - ok
00:39:27.0855 1876  massfilter - ok
00:39:27.0876 1876  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:39:27.0876 1876  MBAMProtector - ok
00:39:27.0991 1876  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:39:28.0008 1876  MBAMScheduler - ok
00:39:28.0056 1876  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:39:28.0074 1876  MBAMService - ok
00:39:28.0101 1876  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:39:28.0104 1876  Mcx2Svc - ok
00:39:28.0120 1876  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:39:28.0122 1876  megasas - ok
00:39:28.0138 1876  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
00:39:28.0144 1876  MegaSR - ok
00:39:28.0155 1876  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
00:39:28.0158 1876  MMCSS - ok
00:39:28.0189 1876  [ 282A1DF4D948968487DDD2E2F2F2A7BE ] Mo3Fltr         C:\Windows\system32\drivers\Mo3Fltr.sys
00:39:28.0190 1876  Mo3Fltr - ok
00:39:28.0203 1876  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
00:39:28.0204 1876  Modem - ok
00:39:28.0216 1876  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:39:28.0216 1876  monitor - ok
00:39:28.0231 1876  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:39:28.0232 1876  mouclass - ok
00:39:28.0242 1876  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:39:28.0244 1876  mouhid - ok
00:39:28.0259 1876  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
00:39:28.0259 1876  MountMgr - ok
00:39:28.0291 1876  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:39:28.0294 1876  MozillaMaintenance - ok
00:39:28.0303 1876  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:39:28.0304 1876  mpio - ok
00:39:28.0317 1876  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:39:28.0318 1876  mpsdrv - ok
00:39:28.0354 1876  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:39:28.0361 1876  MpsSvc - ok
00:39:28.0374 1876  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
00:39:28.0375 1876  Mraid35x - ok
00:39:28.0402 1876  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:39:28.0403 1876  MRxDAV - ok
00:39:28.0415 1876  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:39:28.0415 1876  mrxsmb - ok
00:39:28.0431 1876  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:39:28.0434 1876  mrxsmb10 - ok
00:39:28.0453 1876  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:39:28.0455 1876  mrxsmb20 - ok
00:39:28.0464 1876  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
00:39:28.0465 1876  msahci - ok
00:39:28.0517 1876  [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
00:39:28.0522 1876  MSCamSvc - ok
00:39:28.0528 1876  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:39:28.0529 1876  msdsm - ok
00:39:28.0538 1876  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
00:39:28.0541 1876  MSDTC - ok
00:39:28.0560 1876  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:39:28.0561 1876  Msfs - ok
00:39:28.0581 1876  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:39:28.0581 1876  msisadrv - ok
00:39:28.0598 1876  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:39:28.0601 1876  MSiSCSI - ok
00:39:28.0605 1876  msiserver - ok
00:39:28.0611 1876  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:39:28.0612 1876  MSKSSRV - ok
00:39:28.0622 1876  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:39:28.0622 1876  MSPCLOCK - ok
00:39:28.0635 1876  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:39:28.0636 1876  MSPQM - ok
00:39:28.0661 1876  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:39:28.0663 1876  MsRPC - ok
00:39:28.0694 1876  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:39:28.0694 1876  mssmbios - ok
00:39:28.0706 1876  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:39:28.0706 1876  MSTEE - ok
00:39:28.0712 1876  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
00:39:28.0713 1876  Mup - ok
00:39:28.0745 1876  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
00:39:28.0750 1876  napagent - ok
00:39:28.0787 1876  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:39:28.0789 1876  NativeWifiP - ok
00:39:28.0827 1876  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:39:28.0834 1876  NDIS - ok
00:39:28.0839 1876  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:39:28.0840 1876  NdisTapi - ok
00:39:28.0848 1876  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:39:28.0850 1876  Ndisuio - ok
00:39:28.0869 1876  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:39:28.0871 1876  NdisWan - ok
00:39:28.0879 1876  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:39:28.0879 1876  NDProxy - ok
00:39:28.0939 1876  [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
00:39:28.0956 1876  Nero BackItUp Scheduler 3 - ok
00:39:28.0977 1876  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:39:28.0979 1876  Net Driver HPZ12 - ok
00:39:28.0985 1876  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:39:28.0986 1876  NetBIOS - ok
00:39:29.0008 1876  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
00:39:29.0011 1876  netbt - ok
00:39:29.0016 1876  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
00:39:29.0017 1876  Netlogon - ok
00:39:29.0039 1876  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
00:39:29.0045 1876  Netman - ok
00:39:29.0060 1876  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
00:39:29.0066 1876  netprofm - ok
00:39:29.0081 1876  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:39:29.0084 1876  NetTcpPortSharing - ok
00:39:29.0099 1876  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:39:29.0100 1876  nfrd960 - ok
00:39:29.0113 1876  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:39:29.0117 1876  NlaSvc - ok
00:39:29.0155 1876  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
00:39:29.0171 1876  NMIndexingService - ok
00:39:29.0194 1876  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:39:29.0195 1876  Npfs - ok
00:39:29.0205 1876  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
00:39:29.0206 1876  nsi - ok
00:39:29.0214 1876  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:39:29.0214 1876  nsiproxy - ok
00:39:29.0246 1876  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:39:29.0263 1876  Ntfs - ok
00:39:29.0278 1876  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
00:39:29.0279 1876  ntrigdigi - ok
00:39:29.0288 1876  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
00:39:29.0288 1876  Null - ok
00:39:29.0332 1876  [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
00:39:29.0335 1876  NVHDA - ok
00:39:29.0503 1876  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:39:29.0642 1876  nvlddmkm - ok
00:39:29.0658 1876  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:39:29.0660 1876  nvraid - ok
00:39:29.0667 1876  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:39:29.0669 1876  nvstor - ok
00:39:29.0692 1876  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
00:39:29.0708 1876  nvsvc - ok
00:39:29.0760 1876  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:39:29.0785 1876  nvUpdatusService - ok
00:39:29.0801 1876  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:39:29.0803 1876  nv_agp - ok
00:39:29.0808 1876  NwlnkFlt - ok
00:39:29.0814 1876  NwlnkFwd - ok
00:39:29.0827 1876  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:39:29.0828 1876  ohci1394 - ok
00:39:29.0862 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
00:39:29.0878 1876  p2pimsvc - ok
00:39:29.0896 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:39:29.0901 1876  p2psvc - ok
00:39:29.0934 1876  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:39:29.0936 1876  Parport - ok
00:39:29.0949 1876  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:39:29.0950 1876  partmgr - ok
00:39:29.0962 1876  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
00:39:29.0963 1876  Parvdm - ok
00:39:29.0973 1876  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:39:29.0975 1876  PcaSvc - ok
00:39:29.0997 1876  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
00:39:29.0999 1876  pci - ok
00:39:30.0012 1876  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
00:39:30.0012 1876  pciide - ok
00:39:30.0021 1876  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:39:30.0024 1876  pcmcia - ok
00:39:30.0051 1876  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:39:30.0068 1876  PEAUTH - ok
00:39:30.0114 1876  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
00:39:30.0139 1876  pla - ok
00:39:30.0166 1876  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
00:39:30.0169 1876  PLFlash DeviceIoControl Service - ok
00:39:30.0200 1876  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:39:30.0205 1876  PlugPlay - ok
00:39:30.0220 1876  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:39:30.0223 1876  Pml Driver HPZ12 - ok
00:39:30.0245 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
00:39:30.0251 1876  PNRPAutoReg - ok
00:39:30.0270 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
00:39:30.0276 1876  PNRPsvc - ok
00:39:30.0296 1876  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:39:30.0303 1876  PolicyAgent - ok
00:39:30.0318 1876  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:39:30.0320 1876  PptpMiniport - ok
00:39:30.0330 1876  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
00:39:30.0332 1876  Processor - ok
00:39:30.0347 1876  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:39:30.0352 1876  ProfSvc - ok
00:39:30.0361 1876  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:39:30.0363 1876  ProtectedStorage - ok
00:39:30.0385 1876  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
00:39:30.0387 1876  PSched - ok
00:39:30.0422 1876  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:39:30.0447 1876  ql2300 - ok
00:39:30.0454 1876  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:39:30.0455 1876  ql40xx - ok
00:39:30.0488 1876  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
00:39:30.0493 1876  QWAVE - ok
00:39:30.0506 1876  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:39:30.0507 1876  QWAVEdrv - ok
00:39:30.0514 1876  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:39:30.0514 1876  RasAcd - ok
00:39:30.0525 1876  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
00:39:30.0530 1876  RasAuto - ok
00:39:30.0540 1876  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:39:30.0542 1876  Rasl2tp - ok
00:39:30.0574 1876  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
00:39:30.0578 1876  RasMan - ok
00:39:30.0610 1876  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:39:30.0612 1876  RasPppoe - ok
00:39:30.0622 1876  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:39:30.0624 1876  RasSstp - ok
00:39:30.0634 1876  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:39:30.0637 1876  rdbss - ok
00:39:30.0647 1876  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:39:30.0648 1876  RDPCDD - ok
00:39:30.0665 1876  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
00:39:30.0668 1876  rdpdr - ok
00:39:30.0673 1876  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:39:30.0674 1876  RDPENCDD - ok
00:39:30.0713 1876  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:39:30.0716 1876  RDPWD - ok
00:39:30.0746 1876  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:39:30.0750 1876  RemoteAccess - ok
00:39:30.0776 1876  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:39:30.0780 1876  RemoteRegistry - ok
00:39:30.0785 1876  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
00:39:30.0787 1876  RpcLocator - ok
00:39:30.0802 1876  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
00:39:30.0807 1876  RpcSs - ok
00:39:30.0817 1876  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:39:30.0818 1876  rspndr - ok
00:39:30.0851 1876  [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
00:39:30.0853 1876  RTL8169 - ok
00:39:30.0861 1876  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
00:39:30.0862 1876  SamSs - ok
00:39:30.0877 1876  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:39:30.0878 1876  sbp2port - ok
00:39:30.0890 1876  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:39:30.0924 1876  SCardSvr - ok
00:39:30.0951 1876  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
00:39:30.0961 1876  Schedule - ok
00:39:30.0973 1876  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:39:30.0974 1876  SCPolicySvc - ok
00:39:30.0991 1876  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:39:30.0995 1876  SDRSVC - ok
00:39:31.0045 1876  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
00:39:31.0071 1876  SDScannerService - ok
00:39:31.0100 1876  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:39:31.0124 1876  SDUpdateService - ok
00:39:31.0140 1876  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
00:39:31.0143 1876  SDWSCService - ok
00:39:31.0153 1876  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:39:31.0153 1876  secdrv - ok
00:39:31.0160 1876  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
00:39:31.0163 1876  seclogon - ok
00:39:31.0177 1876  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
00:39:31.0180 1876  SENS - ok
00:39:31.0193 1876  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:39:31.0193 1876  Serenum - ok
00:39:31.0199 1876  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:39:31.0200 1876  Serial - ok
00:39:31.0215 1876  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:39:31.0216 1876  sermouse - ok
00:39:31.0238 1876  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:39:31.0241 1876  SessionEnv - ok
00:39:31.0252 1876  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:39:31.0252 1876  sffdisk - ok
00:39:31.0259 1876  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:39:31.0259 1876  sffp_mmc - ok
00:39:31.0272 1876  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:39:31.0273 1876  sffp_sd - ok
00:39:31.0278 1876  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:39:31.0279 1876  sfloppy - ok
00:39:31.0297 1876  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:39:31.0303 1876  SharedAccess - ok
00:39:31.0324 1876  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:39:31.0329 1876  ShellHWDetection - ok
00:39:31.0345 1876  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:39:31.0347 1876  sisagp - ok
00:39:31.0357 1876  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
00:39:31.0360 1876  SiSRaid2 - ok
00:39:31.0370 1876  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:39:31.0372 1876  SiSRaid4 - ok
00:39:31.0522 1876  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:39:31.0572 1876  Skype C2C Service - ok
00:39:31.0596 1876  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
00:39:31.0600 1876  SkypeUpdate - ok
00:39:31.0674 1876  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
00:39:31.0723 1876  slsvc - ok
00:39:31.0760 1876  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
00:39:31.0764 1876  SLUINotify - ok
00:39:31.0787 1876  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:39:31.0789 1876  Smb - ok
00:39:31.0808 1876  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:39:31.0811 1876  SNMPTRAP - ok
00:39:31.0995 1876  [ 8C95862274F2E06F3A6936313E388B2B ] SNP325          C:\Windows\system32\DRIVERS\snp325.sys
00:39:32.0149 1876  SNP325 - ok
00:39:32.0164 1876  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
00:39:32.0165 1876  spldr - ok
00:39:32.0191 1876  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
00:39:32.0195 1876  Spooler - ok
00:39:32.0218 1876  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:39:32.0222 1876  srv - ok
00:39:32.0252 1876  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:39:32.0254 1876  srv2 - ok
00:39:32.0275 1876  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:39:32.0277 1876  srvnet - ok
00:39:32.0287 1876  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:39:32.0292 1876  SSDPSRV - ok
00:39:32.0314 1876  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:39:32.0319 1876  SstpSvc - ok
00:39:32.0327 1876  Steam Client Service - ok
00:39:32.0363 1876  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:39:32.0368 1876  Stereo Service - ok
00:39:32.0401 1876  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
00:39:32.0408 1876  stisvc - ok
00:39:32.0420 1876  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:39:32.0421 1876  swenum - ok
00:39:32.0457 1876  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
00:39:32.0463 1876  swprv - ok
00:39:32.0473 1876  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
00:39:32.0474 1876  Symc8xx - ok
00:39:32.0484 1876  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
00:39:32.0486 1876  Sym_hi - ok
00:39:32.0500 1876  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
00:39:32.0501 1876  Sym_u3 - ok
00:39:32.0530 1876  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
00:39:32.0548 1876  SysMain - ok
00:39:32.0564 1876  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:39:32.0568 1876  TabletInputService - ok
00:39:32.0594 1876  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:39:32.0600 1876  TapiSrv - ok
00:39:32.0609 1876  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
00:39:32.0618 1876  TBS - ok
00:39:32.0657 1876  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:39:32.0709 1876  Tcpip - ok
00:39:32.0777 1876  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
00:39:32.0781 1876  Tcpip6 - ok
00:39:32.0790 1876  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:39:32.0791 1876  tcpipreg - ok
00:39:32.0801 1876  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:39:32.0801 1876  TDPIPE - ok
00:39:32.0814 1876  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:39:32.0816 1876  TDTCP - ok
00:39:32.0842 1876  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:39:32.0843 1876  tdx - ok
00:39:32.0864 1876  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:39:32.0866 1876  TermDD - ok
00:39:32.0879 1876  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
00:39:32.0887 1876  TermService - ok
00:39:32.0898 1876  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
00:39:32.0901 1876  Themes - ok
00:39:32.0909 1876  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:39:32.0911 1876  THREADORDER - ok
00:39:32.0926 1876  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
00:39:32.0930 1876  TrkWks - ok
00:39:32.0974 1876  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:39:32.0975 1876  TrustedInstaller - ok
00:39:32.0988 1876  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:39:32.0988 1876  tssecsrv - ok
00:39:33.0003 1876  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
00:39:33.0005 1876  tunmp - ok
00:39:33.0024 1876  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:39:33.0026 1876  tunnel - ok
00:39:33.0035 1876  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:39:33.0037 1876  uagp35 - ok
00:39:33.0049 1876  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:39:33.0052 1876  udfs - ok
00:39:33.0072 1876  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:39:33.0074 1876  UI0Detect - ok
00:39:33.0090 1876  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:39:33.0092 1876  uliagpkx - ok
00:39:33.0109 1876  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
00:39:33.0111 1876  uliahci - ok
00:39:33.0120 1876  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
00:39:33.0122 1876  UlSata - ok
00:39:33.0132 1876  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
00:39:33.0134 1876  ulsata2 - ok
00:39:33.0145 1876  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:39:33.0147 1876  umbus - ok
00:39:33.0183 1876  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
00:39:33.0189 1876  upnphost - ok
00:39:33.0221 1876  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:39:33.0222 1876  usbaudio - ok
00:39:33.0244 1876  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:39:33.0245 1876  usbccgp - ok
00:39:33.0259 1876  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:39:33.0259 1876  usbcir - ok
00:39:33.0285 1876  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:39:33.0286 1876  usbehci - ok
00:39:33.0301 1876  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:39:33.0304 1876  usbhub - ok
00:39:33.0316 1876  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:39:33.0316 1876  usbohci - ok
00:39:33.0322 1876  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:39:33.0323 1876  usbprint - ok
00:39:33.0338 1876  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:39:33.0339 1876  usbscan - ok
00:39:33.0352 1876  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:39:33.0353 1876  USBSTOR - ok
00:39:33.0362 1876  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:39:33.0362 1876  usbuhci - ok
00:39:33.0387 1876  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
00:39:33.0390 1876  UxSms - ok
00:39:33.0421 1876  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
00:39:33.0429 1876  vds - ok
00:39:33.0439 1876  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:39:33.0440 1876  vga - ok
00:39:33.0444 1876  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:39:33.0445 1876  VgaSave - ok
00:39:33.0457 1876  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:39:33.0459 1876  viaagp - ok
00:39:33.0472 1876  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
00:39:33.0473 1876  ViaC7 - ok
00:39:33.0481 1876  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
00:39:33.0482 1876  viaide - ok
00:39:33.0487 1876  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:39:33.0488 1876  volmgr - ok
00:39:33.0520 1876  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:39:33.0525 1876  volmgrx - ok
00:39:33.0550 1876  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:39:33.0553 1876  volsnap - ok
00:39:33.0565 1876  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:39:33.0567 1876  vsmraid - ok
00:39:33.0597 1876  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
00:39:33.0621 1876  VSS - ok
00:39:33.0690 1876  [ 2FBF9E882FC28A315A86AA1F831C144E ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
00:39:33.0722 1876  VX1000 - ok
00:39:33.0736 1876  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
00:39:33.0743 1876  W32Time - ok
00:39:33.0759 1876  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:39:33.0760 1876  WacomPen - ok
00:39:33.0775 1876  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:39:33.0776 1876  Wanarp - ok
00:39:33.0780 1876  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:39:33.0780 1876  Wanarpv6 - ok
00:39:33.0798 1876  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:39:33.0807 1876  wcncsvc - ok
00:39:33.0817 1876  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:39:33.0819 1876  WcsPlugInService - ok
00:39:33.0829 1876  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
00:39:33.0830 1876  Wd - ok
00:39:33.0872 1876  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:39:33.0882 1876  Wdf01000 - ok
00:39:33.0892 1876  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:39:33.0926 1876  WdiServiceHost - ok
00:39:33.0932 1876  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:39:33.0935 1876  WdiSystemHost - ok
00:39:33.0962 1876  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
00:39:33.0968 1876  WebClient - ok
00:39:33.0980 1876  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:39:33.0984 1876  Wecsvc - ok
00:39:33.0999 1876  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:39:34.0003 1876  wercplsupport - ok
00:39:34.0013 1876  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:39:34.0017 1876  WerSvc - ok
00:39:34.0056 1876  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
00:39:34.0061 1876  WinDefend - ok
00:39:34.0066 1876  WinHttpAutoProxySvc - ok
00:39:34.0102 1876  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:39:34.0106 1876  Winmgmt - ok
00:39:34.0124 1876  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:39:34.0141 1876  WinRM - ok
00:39:34.0167 1876  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
00:39:34.0168 1876  WinUSB - ok
00:39:34.0198 1876  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:39:34.0216 1876  Wlansvc - ok
00:39:34.0299 1876  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:39:34.0323 1876  wlidsvc - ok
00:39:34.0339 1876  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:39:34.0340 1876  WmiAcpi - ok
00:39:34.0357 1876  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:39:34.0359 1876  wmiApSrv - ok
00:39:34.0385 1876  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
00:39:34.0409 1876  WMPNetworkSvc - ok
00:39:34.0416 1876  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:39:34.0420 1876  WPCSvc - ok
00:39:34.0444 1876  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:39:34.0451 1876  WPDBusEnum - ok
00:39:34.0499 1876  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:39:34.0516 1876  WPFFontCache_v0400 - ok
00:39:34.0531 1876  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:39:34.0532 1876  ws2ifsl - ok
00:39:34.0538 1876  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
00:39:34.0541 1876  wscsvc - ok
00:39:34.0546 1876  WSearch - ok
00:39:34.0600 1876  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
00:39:34.0633 1876  wuauserv - ok
00:39:34.0655 1876  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:39:34.0657 1876  WudfPf - ok
00:39:34.0677 1876  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:39:34.0679 1876  WUDFRd - ok
00:39:34.0693 1876  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:39:34.0697 1876  wudfsvc - ok
00:39:34.0718 1876  XDva401 - ok
00:39:34.0732 1876  ZTEusbmdm6k - ok
00:39:34.0738 1876  ZTEusbnmea - ok
00:39:34.0745 1876  ZTEusbser6k - ok
00:39:34.0749 1876  ================ Scan global ===============================
00:39:34.0769 1876  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:39:34.0798 1876  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:39:34.0812 1876  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:39:34.0845 1876  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:39:34.0851 1876  [Global] - ok
00:39:34.0851 1876  ================ Scan MBR ==================================
00:39:34.0861 1876  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:39:35.0021 1876  \Device\Harddisk0\DR0 - ok
00:39:35.0033 1876  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
00:39:35.0077 1876  \Device\Harddisk2\DR2 - ok
00:39:35.0095 1876  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
00:39:35.0100 1876  \Device\Harddisk4\DR4 - ok
00:39:35.0100 1876  ================ Scan VBR ==================================
00:39:35.0103 1876  [ EB63669316E5305108975A8A642CD3E2 ] \Device\Harddisk0\DR0\Partition1
00:39:35.0105 1876  \Device\Harddisk0\DR0\Partition1 - ok
00:39:35.0120 1876  [ C96E07B94041BB2CCE1875F032F72225 ] \Device\Harddisk0\DR0\Partition2
00:39:35.0122 1876  \Device\Harddisk0\DR0\Partition2 - ok
00:39:35.0138 1876  [ 084E04461073EEEB66F009F48B4AE4E3 ] \Device\Harddisk2\DR2\Partition1
00:39:35.0147 1876  \Device\Harddisk2\DR2\Partition1 - ok
00:39:35.0150 1876  [ 21886C0DF85D585C0965D7B529422F89 ] \Device\Harddisk4\DR4\Partition1
00:39:35.0151 1876  \Device\Harddisk4\DR4\Partition1 - ok
00:39:35.0152 1876  ============================================================
00:39:35.0152 1876  Scan finished
00:39:35.0152 1876  ============================================================
00:39:35.0167 6128  Detected object count: 0
00:39:35.0167 6128  Actual detected object count: 0
         

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in CODE-Tags hier in den Thread.

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.112 - Datei am 18/02/2013 um 21:48:45 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Chrisi - CHRISI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chrisi\Downloads\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\adawaretb
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Users\Chrisi\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\adawaretb

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Chrisi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [20308 octets] - [15/02/2013 12:53:32]
AdwCleaner[S1].txt - [19693 octets] - [15/02/2013 12:54:25]
AdwCleaner[S2].txt - [1350 octets] - [18/02/2013 21:48:45]

########## EOF - C:\AdwCleaner[S2].txt - [1410 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 18.02.2013 21:52:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chrisi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 62,21% Memory free
6,56 Gb Paging File | 5,46 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,68 Gb Total Space | 7,60 Gb Free Space | 15,29% Space Free | Partition Type: NTFS
Drive F: | 881,83 Gb Total Space | 289,68 Gb Free Space | 32,85% Space Free | Partition Type: NTFS
 
Computer Name: CHRISI-PC | User Name: Chrisi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chrisi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe (SteelSeries)
PRC - F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\vdhidwdm.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CTUPnPSv) -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt File not found
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (Mo3Fltr) -- C:\Windows\System32\drivers\Mo3Fltr.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SNP325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{2E0B013F-F488-47C1-BEB6-E3B848E1ADB5}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: aWQzX%40a6z4gWdPu8FF.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chrisi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chrisi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.26 12:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.04 14:42:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.18 13:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.26 12:17:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Chrisi\AppData\Roaming\Mozilla\Firefox\Profiles\cin1attw.default\extensions\firejump@firejump.net [2012.02.25 00:48:24 | 000,000,000 | ---D | M]
 
[2011.09.21 21:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Extensions
[2013.02.18 13:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions
[2012.02.25 00:48:24 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions\firejump@firejump.net
[2013.02.18 13:19:49 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Chrisi\AppData\Roaming\mozilla\Firefox\Profiles\cin1attw.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.09.26 17:14:56 | 000,003,684 | ---- | M] () (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\firefox\profiles\cin1attw.default\extensions\aWQzX@a6z4gWdPu8FF.com.xpi
[2013.02.14 19:17:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Chrisi\AppData\Roaming\mozilla\firefox\profiles\cin1attw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.07 18:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 10:29:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.06 14:49:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 08:49:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] F:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe (SteelSeries)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [Facebook Update] "C:\Users\Chrisi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3644773473-1287165813-3723838049-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D32D1B-3934-4A7A-A96C-E1F3216F5F5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{530a3b5d-e4e4-11e0-af18-002522dbe937}\Shell - "" = AutoRun
O33 - MountPoints2\{530a3b5d-e4e4-11e0-af18-002522dbe937}\Shell\AutoRun\command - "" = L:\AutoRunLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.18 13:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.02.18 13:19:56 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\AppData\Local\adawarebp
[2013.02.18 13:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.02.18 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.02.18 13:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.02.18 13:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.02.18 13:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.02.18 13:18:37 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.02.18 13:18:37 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\AppData\Roaming\LavasoftStatistics
[2013.02.18 13:18:31 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\AppData\Roaming\Ad-Aware Antivirus
[2013.02.18 13:17:20 | 004,124,152 | ---- | C] (PC Tools) -- C:\Users\Chrisi\Desktop\sdsetup.exe
[2013.02.18 08:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\Desktop\Sprinter, Transporter und LKW mieten JETZT MINUS 30% - Sixt LKW Vermietung*- Autovermietung Sixt-Dateien
[2013.02.15 09:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.15 09:33:24 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.02.15 09:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.02.14 08:51:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 08:51:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 08:51:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 08:51:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 08:51:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 08:51:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 08:51:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 08:51:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 17:57:48 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 17:57:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.13 17:57:44 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 17:57:44 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.07 13:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2013.02.07 13:00:36 | 000,000,000 | ---D | C] -- C:\BrickForce
[2013.02.05 19:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.02.05 19:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.03 23:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.02.03 23:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.03 23:10:32 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 23:10:32 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 23:10:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 23:10:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 23:10:19 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 21:46:23 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2013.02.03 21:45:41 | 000,317,440 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2013.01.28 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.28 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.25 18:51:28 | 000,000,000 | ---D | C] -- C:\Users\Chrisi\AppData\Roaming\Little Inferno
[2013.01.25 13:55:12 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.01.25 13:55:12 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.01.25 13:55:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 21:49:49 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.18 21:49:47 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 21:49:47 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 21:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 21:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.18 20:33:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3644773473-1287165813-3723838049-1000UA.job
[2013.02.18 15:49:21 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.18 15:49:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.18 15:49:21 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.18 15:49:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.18 14:33:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3644773473-1287165813-3723838049-1000Core.job
[2013.02.18 13:18:37 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.02.18 13:17:22 | 004,124,152 | ---- | M] (PC Tools) -- C:\Users\Chrisi\Desktop\sdsetup.exe
[2013.02.18 09:09:01 | 002,083,649 | ---- | M] () -- C:\Users\Chrisi\Desktop\jobcenter arenz.jpg
[2013.02.18 08:36:21 | 000,022,270 | ---- | M] () -- C:\Users\Chrisi\Desktop\OpenDocument Text (neu) (4).odt
[2013.02.18 08:02:18 | 000,118,964 | ---- | M] () -- C:\Users\Chrisi\Desktop\Sprinter, Transporter und LKW mieten JETZT MINUS 30% - Sixt LKW Vermietung*- Autovermietung Sixt.htm
[2013.02.17 19:36:24 | 000,023,065 | ---- | M] () -- C:\Users\Chrisi\Desktop\OpenDocument Text (neu) (3).odt
[2013.02.17 00:47:17 | 000,197,120 | ---- | M] () -- C:\Users\Chrisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.15 12:55:31 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.15 09:53:06 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.15 09:53:06 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.15 09:33:29 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.14 23:09:43 | 000,000,574 | ---- | M] () -- C:\Windows\wininit.ini
[2013.02.14 10:20:25 | 000,045,692 | ---- | M] () -- C:\Users\Chrisi\Desktop\valentinstag7.jpg
[2013.02.14 09:40:55 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.09 20:25:33 | 000,719,671 | ---- | M] () -- C:\Users\Chrisi\Desktop\XinZhao_WarringKingdoms_Comic.jpg
[2013.02.07 13:14:45 | 000,000,582 | ---- | M] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2013.02.04 14:42:38 | 000,000,851 | ---- | M] () -- C:\Users\Chrisi\Desktop\Free YouTube Download.lnk
[2013.02.03 23:16:19 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.03 23:10:09 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 23:10:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 23:10:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.03 23:10:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 23:10:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 23:10:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 21:46:29 | 000,000,024 | ---- | M] () -- C:\Windows\System32\Kene32.uns
[2013.02.03 21:40:03 | 008,773,687 | ---- | M] () -- C:\Users\Chrisi\Desktop\sim53.zip
[2013.01.25 18:45:49 | 000,000,202 | ---- | M] () -- C:\Users\Chrisi\Desktop\Little Inferno.url
[2013.01.22 21:07:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.22 21:07:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.21 02:21:07 | 000,021,702 | ---- | M] () -- C:\Users\Chrisi\Desktop\filme.ods
 
========== Files Created - No Company Name ==========
 
[2013.02.18 09:09:02 | 002,083,649 | ---- | C] () -- C:\Users\Chrisi\Desktop\jobcenter arenz.jpg
[2013.02.18 08:10:23 | 000,022,270 | ---- | C] () -- C:\Users\Chrisi\Desktop\OpenDocument Text (neu) (4).odt
[2013.02.18 08:02:16 | 000,118,964 | ---- | C] () -- C:\Users\Chrisi\Desktop\Sprinter, Transporter und LKW mieten JETZT MINUS 30% - Sixt LKW Vermietung*- Autovermietung Sixt.htm
[2013.02.15 12:54:34 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.15 09:33:36 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.15 09:33:35 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.15 09:33:35 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.15 09:33:29 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.15 09:33:29 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.14 10:20:24 | 000,045,692 | ---- | C] () -- C:\Users\Chrisi\Desktop\valentinstag7.jpg
[2013.02.09 20:25:33 | 000,719,671 | ---- | C] () -- C:\Users\Chrisi\Desktop\XinZhao_WarringKingdoms_Comic.jpg
[2013.02.07 13:00:44 | 000,000,582 | ---- | C] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2013.02.04 14:42:38 | 000,000,851 | ---- | C] () -- C:\Users\Chrisi\Desktop\Free YouTube Download.lnk
[2013.02.03 23:21:26 | 010,306,912 | ---- | C] () -- C:\Users\Chrisi\Desktop\sim53.swf
[2013.02.03 23:16:19 | 000,000,631 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.02.03 21:46:29 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Kene32.uns
[2013.02.03 21:39:35 | 008,773,687 | ---- | C] () -- C:\Users\Chrisi\Desktop\sim53.zip
[2013.01.25 18:45:49 | 000,000,202 | ---- | C] () -- C:\Users\Chrisi\Desktop\Little Inferno.url
[2013.01.20 22:54:13 | 000,021,702 | ---- | C] () -- C:\Users\Chrisi\Desktop\filme.ods
[2012.12.09 23:52:12 | 001,527,650 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
[2012.12.09 23:52:12 | 001,527,650 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2012.12.09 23:52:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\avsfilter.dll
[2012.12.09 23:52:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\avisynth_c.dll
[2012.12.09 23:52:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\AvsRecursion.dll
[2012.10.28 00:37:18 | 000,002,292 | ---- | C] () -- C:\Users\Chrisi\AppData\Roaming\ASSDraw3.cfg
[2012.09.25 16:27:32 | 000,000,691 | ---- | C] () -- C:\Users\Chrisi\World of Warcraft.lnk
[2012.08.05 14:38:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.08.05 14:31:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012.07.07 13:56:22 | 000,000,992 | ---- | C] () -- C:\Windows\eReg.dat
[2012.07.04 19:42:09 | 000,000,310 | ---- | C] () -- C:\Users\Chrisi\Öffentlich - Verknüpfung.lnk
[2012.03.19 19:59:46 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.03.19 19:59:45 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2012.03.19 19:59:45 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2012.03.19 19:59:45 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2012.03.19 19:59:44 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2012.03.19 19:59:44 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2012.03.19 19:59:44 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2012.02.25 00:48:25 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.02.05 02:54:24 | 000,000,356 | ---- | C] () -- C:\Users\Chrisi\Download - Verknüpfung (2).lnk
[2012.02.05 02:54:16 | 000,000,356 | ---- | C] () -- C:\Users\Chrisi\Download - Verknüpfung.lnk
[2011.11.04 15:42:43 | 000,000,574 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.03 18:13:42 | 000,001,024 | ---- | C] () -- C:\Users\Chrisi\.rnd
[2011.09.26 12:07:43 | 000,181,733 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011.09.23 12:13:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.23 12:13:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.23 12:13:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.21 23:51:11 | 000,197,120 | ---- | C] () -- C:\Users\Chrisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.21 23:06:44 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Mo3Fltr.sys
[2011.09.21 21:08:03 | 000,001,356 | ---- | C] () -- C:\Users\Chrisi\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Bei OTL kam diesmal nur ein Bericht habe überall gesucht für das 2te Logfile.
Die Seite die sich immer geöffnet hatte ist nun schon seit 2h nicht mehr gekommen.
Sieht gut aus.

Die seite ist wieder aufgetaucht was für ein dreck