Im Firefox werden einige Seiten umgeleitet auf adf.ly

siggi-anton · 24.03.2013, 14:51

Hallo Tojanerboard

Wie oben erwähnt wird bei dem PC meiner Freundin in Firefox ab und zu die Seiten zu der Seite adf.ly umgeleitet. das kommt sporadisch vor.

Ich habe einen Scann mit der "desinfect 2012 CD" von ct (Antivir + Kaspersky) gemacht, die Viren die ich gefunden habe umbenannt mit der endung *.VIRUS und den PC neu gestartet.

Zuerst ging alles gut, doch nach öffnen von vielleicht 10 Seiten, das selbe Problem.

Ich habe dann wie in Ihrem Forum empfohlen einen Scann mit "Malwarebyte Anti-Malware" gemacht. 2 Dateien gefunden und gelöscht.
Hier der Post der Log-Datei von Malware:

Zitat:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Ellen :: ELLEN-AMD [limited]

Protection: Enabled

24.03.2013 13:58:05
mbam-log-2013-03-24 (13-58-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193097
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Ellen\AppData\Local\Temp\79321C4.tmp (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Users\Ellen\AppData\Local\Temp\793E7A2.tmp (Adware.Shopper) -> Quarantined and deleted successfully.

(end)

Danach Defogger gestartet. Hier der Post der Datei von Defogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:19 on 24/03/2013 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

Danach OTL gestartet. hier der Post der beiden Dateien:

Zitat:

OTL logfile created on: 24.03.2013 14:10:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,19 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 61,96% Memory free
6,37 Gb Paging File | 4,97 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 335,78 Gb Free Space | 72,11% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 19,22 Gb Free Space | 8,25% Space Free | Partition Type: NTFS

Computer Name: ELLEN-AMD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.24 14:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen\Desktop\OTL.exe
PRC - [2013.02.26 15:49:42 | 000,102,968 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2013.02.12 18:05:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 18:04:35 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.12 18:04:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 18:04:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.31 10:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.31 10:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.21 14:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.03 15:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.08.01 15:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.08.01 15:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.06.30 14:53:24 | 000,395,624 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2011.06.30 14:53:20 | 000,846,296 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2011.06.30 14:52:16 | 002,674,104 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe
PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.02.28 11:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008.02.28 11:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.03.16 10:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.08 17:31:35 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\0bbd213c31831ecd29d5de742778716e\DeskUpdateNotifier.ni.exe
MOD - [2013.02.14 22:27:44 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.10 14:28:33 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll
MOD - [2013.01.09 20:37:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 20:37:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.09 20:36:51 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 20:36:41 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 20:36:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.03 15:07:06 | 000,276,392 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.08.03 15:06:50 | 002,652,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.08.03 15:06:50 | 000,363,944 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.08.03 15:06:48 | 011,166,120 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.08.03 15:06:46 | 000,205,736 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.08.03 15:06:44 | 001,346,472 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.08.03 15:06:44 | 000,720,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.08.03 15:06:42 | 008,506,792 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.08.03 15:06:42 | 001,013,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.08.03 15:06:42 | 000,520,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.08.03 15:06:40 | 002,480,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.08.03 15:06:40 | 002,353,576 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.08.03 15:06:36 | 000,445,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.08.03 15:06:32 | 000,206,760 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.08.03 15:06:32 | 000,035,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.08.03 15:06:30 | 000,032,680 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.08.03 15:06:02 | 000,437,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll
MOD - [2012.08.03 15:05:24 | 000,604,072 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.07.02 10:29:08 | 000,391,600 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.07.02 10:29:08 | 000,059,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.07.02 10:28:20 | 000,110,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011.06.30 14:53:48 | 001,027,384 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\tishell.dll
MOD - [2011.06.30 14:52:16 | 002,674,104 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe
MOD - [2011.06.30 14:52:06 | 000,071,008 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\Common\rpc_client.dll
MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe

========== Services (SafeList) ==========

SRV - [2013.03.13 16:38:38 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 18:05:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 18:04:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.21 14:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.15 11:17:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.30 14:53:20 | 000,846,296 | ---- | M] (Seagate) [Auto | Running] -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013.02.19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.13 11:48:14 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.13 11:48:14 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 16:26:47 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.10.02 13:13:48 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2012.10.01 15:56:38 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.10.01 15:56:29 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012.10.01 15:56:24 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2012.10.01 15:56:22 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.10.01 15:30:32 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.06.27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.17 14:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.11.17 14:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.11.17 14:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.09.06 10:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2010.11.20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 23:09:18 | 000,031,232 | ---- | M] (Gemplus) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\grserial.sys -- (GCR410P)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 E8 72 B3 31 BC CD 01 [binary data]
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes\{79EC3D8C-3760-418A-9355-DBA0A52089B6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3BEE2D3F-D456-4C40-915F-8B89AEEF8091&apn_sauid=24D00DB1-44DC-4B72-B932-9F16A3ED81BB
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 2F F3 BE 7C BA CD 01 [binary data]
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{919658DC-1CE5-4880-84D4-B47C018185F5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3BEE2D3F-D456-4C40-915F-8B89AEEF8091&apn_sauid=24D00DB1-44DC-4B72-B932-9F16A3ED81BB
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.15 11:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 17:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.10.31 13:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.15 11:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y5akqolk.default\extensions
[2012.12.15 11:17:36 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\y5akqolk.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2012.12.15 11:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.15 11:17:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.31 13:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.31 13:34:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.31 13:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 13:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 13:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 13:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herrnhuter Losungen.LNK = C:\Programme\ComBib\Herrnhuter Losungen\Herrnhuter Losungen.exe (combib)
O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hoffnung fuer heute.LNK = C:\Programme\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe (combib)
O4 - Startup: C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2436065-4688-4558-ABB2-A31DF36B6EC5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.24 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.03.24 13:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.24 13:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.24 13:25:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.24 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.24 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2013.03.24 10:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.15 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.24 14:14:25 | 000,020,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:14:25 | 000,020,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:14:19 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.24 14:14:19 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.24 14:14:18 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.24 14:14:18 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.24 14:08:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.03.24 14:08:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.24 14:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 14:06:34 | 2566,115,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 13:50:49 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.03.24 13:38:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.24 13:28:21 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.24 13:25:08 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.24 13:18:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000UA.job
[2013.03.24 12:39:37 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.24 10:45:25 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.16 22:18:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000Core.job
[2013.03.15 23:23:35 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.12 20:45:02 | 286,052,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.08 17:31:28 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2013.03.02 13:29:56 | 000,000,481 | ---- | M] () -- C:\Windows\hbcikrnl.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.24 13:50:24 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.03.24 13:25:08 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.24 12:39:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.24 12:39:37 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.15 23:23:35 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.12.21 19:05:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2012.12.02 15:13:31 | 000,000,230 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.12.02 15:10:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2012.12.02 15:10:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2012.12.02 15:10:34 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2012.12.02 15:10:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2012.12.02 15:10:34 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2012.12.02 15:10:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2012.12.02 15:10:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2012.12.02 15:10:34 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2012.12.02 15:10:34 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2012.12.02 15:10:34 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2012.12.02 15:10:34 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2012.12.02 15:10:34 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2012.12.02 15:10:33 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2012.12.02 15:10:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2012.12.02 15:10:33 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2012.12.02 15:10:33 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2012.12.02 15:10:33 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2012.10.02 13:14:56 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.10.01 15:49:29 | 000,000,481 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.10.01 12:17:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\hpspmins.dll
[2012.09.30 20:04:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\RUNINST.DLL
[2012.09.30 20:04:11 | 000,004,880 | ---- | C] () -- C:\Windows\System32\EPHPW.DRV
[2012.09.30 18:50:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2012.09.29 12:47:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.29 12:47:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.09.29 15:31:36 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.03.15 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BOM
[2013.01.03 17:24:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ComBib
[2012.11.12 12:18:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2012.10.02 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012.11.04 12:13:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seagate
[2013.01.21 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013.03.19 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\BOM
[2012.10.01 12:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Canneverbe Limited
[2013.01.03 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\ComBib
[2012.10.01 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\elsterformular
[2012.10.01 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GARMIN
[2012.09.30 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GHISLER
[2012.09.30 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GlarySoft
[2013.01.12 13:00:56 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Leadertech
[2012.10.01 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Nokia
[2012.10.01 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Nokia Suite
[2012.10.01 12:38:07 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\OpenOffice.org
[2012.10.01 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\PC Suite
[2012.10.01 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Seagate
[2012.09.30 18:43:40 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Thunderbird
[2012.10.01 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\BOM
[2012.09.30 21:13:10 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\GHISLER
[2012.10.01 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Leadertech
[2012.09.30 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\PC Suite

========== Purity Check ==========

< End of report >

Zitat:

OTL Extras logfile created on: 24.03.2013 14:10:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,19 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 61,96% Memory free
6,37 Gb Paging File | 4,97 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 335,78 Gb Free Space | 72,11% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 19,22 Gb Free Space | 8,25% Space Free | Partition Type: NTFS

Computer Name: ELLEN-AMD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D0AED2-35AD-478D-8D2B-61CCEBEFE38B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A8EF3C2-E677-49D2-95FA-6EFC8D0BECEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228CCC61-1627-46A1-A6E6-4E3E04ED3489}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25E257DA-99E4-45C4-A234-48F3F8AFE0F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D5A3DE3-CD88-4F33-8D89-5E7A8DBA4403}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4959B1B7-3283-4ACF-A0E2-9E6B1A6B54A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4CC1B5D3-5ADD-4D30-A1A9-3908FDDFF966}" = rport=10243 | protocol=6 | dir=out | app=system |
"{50F6616E-CF86-47B0-AD26-299FDC3678B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A33CEE8-6227-4195-AD72-8DE0EF6BA4F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B964701-834A-4803-97BD-976A25D6B76B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D57487B-57AB-41D1-AB6E-63FCFE1C4E05}" = lport=139 | protocol=6 | dir=in | app=system |
"{743901F5-CE51-458E-834E-CAAD8052E2E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{773F26B1-4DB9-4ADC-B3EF-8861425DF5A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E4B4F38-4D2F-4D74-A493-568320962B7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{926323D3-3ECE-4D17-A4B9-31C2E5629D2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C73C219-9476-40D6-9F67-511AA64E19C6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{9D32399D-06BC-43CA-8DE9-13248D0C0999}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4D72427-2582-415C-AE58-388A3DC5C1A7}" = rport=139 | protocol=6 | dir=out | app=system |
"{D1A64555-9B3A-486D-BD7D-F1FC51E29DDA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DCBF9F61-7FBF-4818-8A8B-68EE2171410F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDC1F5B2-F139-48E7-9A13-DA035227E1E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC2B86C2-6E6F-48D2-8BD2-57B742DE55A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F38E7450-5221-47A6-B955-AE7BA0504B40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F71F1205-48C9-45E8-A520-4C69D6D61FA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017CD676-0C65-48B7-BFED-8A3E2137DDE4}" = dir=in | app=c:\program files\airport\apagent.exe |
"{05BFCA4B-DF4A-47FE-921A-311846D97D7C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{06072062-1D8E-4CB0-959D-7D66EEA98C5D}" = protocol=6 | dir=out | app=system |
"{0EBDF159-1748-4089-9ED0-148DAAAB6958}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{14437A5C-EB2E-4537-825A-A76D8A21A03B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{237AA82E-28E7-4EC9-B7F7-6789A5CDC977}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{36FF2AE6-5EED-4EE0-91B7-5A9BC46C6EF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37D40E1F-195F-41FE-9E86-44E686BCAF68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DF59C87-3113-401E-ABAF-B674FF799FD9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3EA189E3-4FEE-4CD6-A9CA-7F99B0D5AA3B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{47B4ACDC-2A61-4405-8F70-1AB3251B78A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{4886D625-DF48-4F2B-AC7F-705A5950AFF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B43DC0D-D9C1-4A86-A022-472B3D8C26BD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4D9C93AA-E9E1-47FD-BCEB-D5FD4F2EE42A}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{51FCC860-3D8F-4AA3-858F-F90D8660B788}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{56186139-DA33-44BA-AEDC-C6BD22A721A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{593D8D4A-6FDC-4DE4-B54A-7A721647DC77}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{6438EA6F-D30E-41F5-BE0E-9F2E2EC35F29}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{7B029F99-6E38-46D3-ABB0-56B6E0A6BC2F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{7F19C47B-FD32-4E59-ABC1-12094D62607F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{7F4A900E-BB0B-4F70-8027-37AD88387E73}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{83E31B57-853A-4334-8DA3-E149EBD8F86E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9342D84C-4ED5-4257-A95A-20BD1927B0F2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{93439B07-045A-4981-B53C-538D7FA7649C}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{9F3DC7F6-32B7-427E-9E31-B7FE02181900}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A24C0867-60F7-4C20-84EE-9ACF7A5D5DCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A37E3B1C-F5F1-4F0B-915D-21E33CA5BFDC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A77B23E8-8CC1-48BF-912B-5C7BF98ACA14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE899962-7F09-4C1C-BBD3-B30A24DD27AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1943830-727E-49B2-A46E-5F33936B6BFF}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{B36ADA78-CBDD-4B5F-9B6C-1E960BDC8F34}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{B532C96F-89A6-4499-9501-E8CB207F5293}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{B74FFF91-25C3-400D-8B10-C70B4602EA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BBF3B35C-85DC-4D77-BEBA-A68C9F8D30E5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D28B2603-DAAB-43C5-9B8C-436F491B95AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D77BC125-9D83-4F17-866E-C67BB9583707}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D89CF448-72F6-40BB-985C-DA754716FF78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D910CDD4-18B2-42E8-9D68-A5EA1E67B63F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD106C3B-D8BA-454E-AD67-181D355D89EF}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{E5787DD6-4F01-42ED-B62B-76255931A60C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{EEB52738-BC83-42BA-8359-C77CED6F4CD4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8343C21-0F3F-432E-8FDA-838CD44A28B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{5C395A1B-2B9B-4711-9F3D-74F9912AAC22}C:\program files\teamviewer\version8\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"TCP Query User{7A9E15F8-7F4A-4BBC-A829-54F561A40D1E}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E6EA7137-64DD-4E4E-90DC-819E11EC25B3}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"UDP Query User{A8543EA1-9CA6-487D-8EC0-0A2F145CF6AF}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B5830D50-0046-4295-9438-3AFD3C5139AF}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |
"UDP Query User{CE8CB537-7999-4244-93C4-BE749F8D5164}C:\program files\teamviewer\version8\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3892619F-4A89-4424-8E46-281C9D765951}" = Herrnhuter Losungen
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F6F60C-D23E-4CF7-8D23-AE401005EB88}" = StarMoney 8.0 S-Edition
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audio 180%" = Audio 180%
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DeskUpdate_is1" = DeskUpdate
"eBay SmartSeller" = SmartStore eBay SmartSeller
"ElsterFormular" = ElsterFormular
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"HP Standard Port Monitor for Windows NT" = HP Standard Port Monitor for Windows NT
"ifolor-Designer" = ifolor Designer
"Lexmark X1100 Series" = Lexmark X1100 Series
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MapSource" = MapSource
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 8" = TeamViewer 8
"Totalcmd" = Total Commander (Remove or Repair)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.03.2013 08:22:19 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (1880) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 24.03.2013 08:22:19 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (1880) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 24.03.2013 08:25:48 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (1308) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 24.03.2013 08:25:48 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (1308) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 24.03.2013 08:34:11 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (3560) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 24.03.2013 08:34:11 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (3560) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (4436) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (4436) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (4964) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (4964) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

[ System Events ]
Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.

Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
52 Mal passiert.

Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.

Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
53 Mal passiert.

Error - 24.03.2013 08:55:38 | Computer Name = Ellen-AMD | Source = SCardSvr | ID = 602
Description =

Error - 24.03.2013 08:58:36 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 24.03.2013 08:58:36 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 24.03.2013 09:06:45 | Computer Name = Ellen-AMD | Source = SCardSvr | ID = 602
Description =

Error - 24.03.2013 09:09:21 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 24.03.2013 09:09:21 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

< End of report >

Wie muss ich jetzt weiter vorgehen.

Ich arbeite jetzt vorerst mit Google-Chrome.

Danke schon-mal für Eure Hilfe

ryder · 24.03.2013, 15:33

----------

cosinus · 24.03.2013, 15:33

Hallo und

Zitat:

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)

Warum hastdu eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Zitat:

Ich habe einen Scann mit der "desinfect 2012 CD" von ct (Antivir + Kaspersky) gemacht, die Viren die ich gefunden habe umbenannt mit der endung *.VIRUS und den PC neu gestartet.

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

siggi-anton · 24.03.2013, 22:36

Zitat:

Zitat von cosinus

Hallo und

Warum hastdu eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

[/IMG][/lesestoff]

Danke für das freundliches

von Euch

Zu der Ultimate Frage:
Nein, das ist kein Uni noch sonst ein Büro- oder Firmen-PC. Wir haben Ultimate weil da ein XP-Modus drauf ist. Haben wir am Anfang noch gebraucht für spezielle Programme.

Zu den Logs von ct:
Die habe ich nicht. Ich habe diesen Suchlauf durchgeführt bevor ich von dieser Seite im Netz gehört habe. Hatte auch angenommen daß dieser Scann alle Viren findet.

Alle anderen Logs habe ich im ersten Beitrag von mir gepostet. Sonst habe ich mich genau an die Angaben im Trojaner-board gehalten und alles gepostet was ich gemacht habe.

das mit der #-Taste wußte ich nicht. Werde ich aber das nächste Mal anwenden. Danke für den Rat.

cosinus · 25.03.2013, 15:27

Dann poste bitte eine komplette Liste der Dateien die umbenannt wurde ( Endung .VIRUS angehängt)

siggi-anton · 25.03.2013, 15:44

Zitat:

Zitat von cosinus

Dann poste bitte eine komplette Liste der Dateien die umbenannt wurde ( Endung .VIRUS angehängt)

Hier die Liste:

Code:

ATTFilter

C:\Users\Ellen\Downloads\Programme\HDD\Sicherung\UBCD4WinV350.exe.VIRUS
C:\Users\Ellen\Downloads\Programme\Openoffice\prooo-box-3.1.0-1_DVD_de.iso.VIRUS
C:\Users\Ellen\Downloads\Programme\Optimierer\rswsetup.exe.VIRUS

Was denkst Du über diese Dateien:

Code:

ATTFilter

Files Detected: 2
C:\Users\Ellen\AppData\Local\Temp\79321C4.tmp (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Users\Ellen\AppData\Local\Temp\793E7A2.tmp (Adware.Shopper) -> Quarantined and deleted successfully.

Ich bin mir zwar nicht sicher, aber ich halte diese für die Übeltäter. Kann sein daß in den von ct gefundenen Dateien einfach ausführbare dateien drin sind, die vielleicht als Virus durchgegangen sind.

Kann ich eigendlich meine 1. Meldung oben so editieren, daß diese CODE-Funktion wirksam wird. Wegen der Übersichtlichkeit dachte ich.

cosinus · 25.03.2013, 15:55

Mehr Dateien wurden von desinfec't nicht gefunden?
Die drei sehen eher nach Fehlalarmen aus

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

siggi-anton · 25.03.2013, 18:39

Hallo cosinus

Hier die Ergebnisse:

Rootkitscan mit GMER:

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-25 17:50:03
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005c ST350041 rev.CC38 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\aglcqpow.sys


---- System - GMER 2.1 ----

SSDT            90CC877E                                                                                                                ZwCreateSection
SSDT            90CC8788                                                                                                                ZwRequestWaitReplyPort
SSDT            90CC8783                                                                                                                ZwSetContextThread
SSDT            90CC878D                                                                                                                ZwSetSecurityObject
SSDT            90CC8792                                                                                                                ZwSystemDebugControl
SSDT            90CC871F                                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                82A929E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82ACC1C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                     82AD330C 4 Bytes  [7E, 87, CC, 90] {JLE 0xffffff89; INT 3 ; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                     82AD3668 4 Bytes  [88, 87, CC, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                     82AD36AC 4 Bytes  [83, 87, CC, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                     82AD3728 4 Bytes  [8D, 87, CC, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                     82AD377C 4 Bytes  [92, 87, CC, 90] {XCHG EDX, EAX; XCHG ESP, ECX; NOP }
.text           ...                                                                                                                     

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  snapman.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  snapman.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  snapman.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                  snapman.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                        
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0xFA 0x4A 0x19 0x64 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                         0xCB 0x37 0xA1 0x6A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                        
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                  0xD6 0x90 0x85 0x09 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41                        
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                  0x6D 0xBF 0xAF 0xA5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                         C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                         0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                      0xFA 0x4A 0x19 0x64 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                             0xCB 0x37 0xA1 0x6A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)    
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                      0xD6 0x90 0x85 0x09 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)    
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                      0x6D 0xBF 0xAF 0xA5 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5C6770A6-0A29-11E2-B923-806E6F6E6963}  921640248

---- EOF - GMER 2.1 ----

--- --- ---

Malwarebytes Anti-Rootkit (MBAR):

HTML-Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.25.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Administrator :: ELLEN-AMD [administrator]

25.03.2013 18:20:21
mbar-log-2013-03-25 (18-20-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29750
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Ich bin mir fast sicher daß der Malwarebyte-Scanner

beim ersten Scann alle Viren gefunden hatte.

Ich habe Die beiden Dateien aber noch in der Quarantäne (Adware.Shopper)

Da kann ich Eurer Seite nur Danke sagen

. Was ist Deine Meinung?

cosinus · 25.03.2013, 20:39

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

siggi-anton · 26.03.2013, 12:40

Hallo cosinus

Hier die Ergebnisse der beiden Scanns.

1. aswMBR:

HTML-Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-26 11:50:26
-----------------------------
11:50:26.178    OS Version: Windows 6.1.7601 Service Pack 1
11:50:26.178    Number of processors: 1 586 0x5F02
11:50:26.182    ComputerName: ELLEN-AMD  UserName: 
11:50:27.837    Initialize success
12:29:16.145    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
12:29:16.162    Disk 0 Vendor: ST350041 CC38 Size: 476940MB BusType: 3
12:29:16.167    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000005d
12:29:16.170    Disk 1 Vendor: WDC_WD25 20.0 Size: 238475MB BusType: 3
12:29:16.279    Disk 0 MBR read successfully
12:29:16.283    Disk 0 MBR scan
12:29:16.286    Disk 0 Windows 7 default MBR code
12:29:16.294    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:29:16.309    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
12:29:16.317    Disk 0 scanning sectors +976771072
12:29:16.383    Disk 0 scanning C:\Windows\system32\drivers
12:29:23.763    Service scanning
12:29:35.459    Modules scanning
12:29:45.740    Disk 0 trace - called modules:
12:29:45.849    ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys halmacpi.dll ACPI.sys storport.sys nvstor.sys 
12:29:45.857    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862c5338]
12:29:45.864    3 CLASSPNP.SYS[8bfb259e] -> nt!IofCallDriver -> [0x862c5e40]
12:29:45.873    5 vsflt53.sys[8b645c2b] -> nt!IofCallDriver -> [0x85be4e38]
12:29:45.880    7 ACPI.sys[8b5ae3d4] -> nt!IofCallDriver -> \Device\0000005c[0x85be4a80]
12:29:45.889    Scan finished successfully
12:30:32.241    Disk 0 MBR has been saved successfully to "C:\Users\Ellen\Desktop\Virus\MBR.dat"
12:30:32.254    The log file has been saved successfully to "C:\Users\Ellen\Desktop\Virus\aswMBR.txt"

2. TDSS-Killer:

HTML-Code:

12:31:15.0083 4264  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:31:16.0667 4264  ============================================================
12:31:16.0667 4264  Current date / time: 2013/03/26 12:31:16.0667
12:31:16.0667 4264  SystemInfo:
12:31:16.0667 4264  
12:31:16.0667 4264  OS Version: 6.1.7601 ServicePack: 1.0
12:31:16.0667 4264  Product type: Workstation
12:31:16.0667 4264  ComputerName: ELLEN-AMD
12:31:16.0667 4264  UserName: Administrator
12:31:16.0667 4264  Windows directory: C:\Windows
12:31:16.0667 4264  System windows directory: C:\Windows
12:31:16.0667 4264  Processor architecture: Intel x86
12:31:16.0667 4264  Number of processors: 1
12:31:16.0667 4264  Page size: 0x1000
12:31:16.0667 4264  Boot type: Normal boot
12:31:16.0667 4264  ============================================================
12:31:17.0647 4264  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:17.0659 4264  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:17.0662 4264  ============================================================
12:31:17.0662 4264  \Device\Harddisk0\DR0:
12:31:17.0663 4264  MBR partitions:
12:31:17.0663 4264  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:31:17.0663 4264  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:31:17.0663 4264  \Device\Harddisk1\DR1:
12:31:17.0663 4264  MBR partitions:
12:31:17.0663 4264  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C57C1
12:31:17.0663 4264  ============================================================
12:31:17.0676 4264  C: <-> \Device\Harddisk0\DR0\Partition2
12:31:17.0679 4264  D: <-> \Device\Harddisk1\DR1\Partition1
12:31:17.0679 4264  ============================================================
12:31:17.0679 4264  Initialize success
12:31:17.0679 4264  ============================================================
12:32:14.0174 5716  ============================================================
12:32:14.0174 5716  Scan started
12:32:14.0174 5716  Mode: Manual; SigCheck; TDLFS; 
12:32:14.0174 5716  ============================================================
12:32:15.0012 5716  ================ Scan system memory ========================
12:32:15.0012 5716  System memory - ok
12:32:15.0015 5716  ================ Scan services =============================
12:32:15.0182 5716  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:32:15.0326 5716  1394ohci - ok
12:32:15.0365 5716  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:32:15.0384 5716  ACPI - ok
12:32:15.0417 5716  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:32:15.0479 5716  AcpiPmi - ok
12:32:15.0544 5716  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:32:15.0559 5716  AdobeARMservice - ok
12:32:15.0623 5716  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:32:15.0643 5716  AdobeFlashPlayerUpdateSvc - ok
12:32:15.0694 5716  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:32:15.0725 5716  adp94xx - ok
12:32:15.0758 5716  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:32:15.0778 5716  adpahci - ok
12:32:15.0805 5716  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:32:15.0822 5716  adpu320 - ok
12:32:15.0871 5716  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:32:15.0915 5716  AeLookupSvc - ok
12:32:15.0969 5716  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:32:16.0024 5716  AFD - ok
12:32:16.0057 5716  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:32:16.0072 5716  agp440 - ok
12:32:16.0100 5716  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:32:16.0116 5716  aic78xx - ok
12:32:16.0141 5716  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:32:16.0220 5716  ALG - ok
12:32:16.0244 5716  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:32:16.0258 5716  aliide - ok
12:32:16.0273 5716  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:32:16.0289 5716  amdagp - ok
12:32:16.0309 5716  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:32:16.0324 5716  amdide - ok
12:32:16.0348 5716  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:32:16.0396 5716  AmdK8 - ok
12:32:16.0414 5716  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:32:16.0448 5716  AmdPPM - ok
12:32:16.0496 5716  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:32:16.0515 5716  amdsata - ok
12:32:16.0542 5716  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:32:16.0560 5716  amdsbs - ok
12:32:16.0578 5716  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:32:16.0597 5716  amdxata - ok
12:32:16.0643 5716  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:32:16.0657 5716  AntiVirSchedulerService - ok
12:32:16.0695 5716  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:32:16.0709 5716  AntiVirService - ok
12:32:16.0758 5716  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:32:16.0791 5716  AppID - ok
12:32:16.0820 5716  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:32:16.0870 5716  AppIDSvc - ok
12:32:16.0908 5716  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
12:32:16.0951 5716  Appinfo - ok
12:32:17.0023 5716  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:32:17.0036 5716  Apple Mobile Device - ok
12:32:17.0065 5716  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:32:17.0091 5716  AppMgmt - ok
12:32:17.0127 5716  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:32:17.0144 5716  arc - ok
12:32:17.0164 5716  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:32:17.0180 5716  arcsas - ok
12:32:17.0282 5716  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:32:17.0298 5716  aspnet_state - ok
12:32:17.0325 5716  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:32:17.0420 5716  AsyncMac - ok
12:32:17.0460 5716  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:32:17.0474 5716  atapi - ok
12:32:17.0515 5716  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:32:17.0580 5716  AudioEndpointBuilder - ok
12:32:17.0596 5716  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:32:17.0651 5716  Audiosrv - ok
12:32:17.0721 5716  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:32:17.0749 5716  avgntflt - ok
12:32:17.0787 5716  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:32:17.0806 5716  avipbb - ok
12:32:17.0847 5716  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:32:17.0865 5716  avkmgr - ok
12:32:17.0916 5716  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:32:17.0980 5716  AxInstSV - ok
12:32:18.0014 5716  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:32:18.0079 5716  b06bdrv - ok
12:32:18.0106 5716  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:32:18.0137 5716  b57nd60x - ok
12:32:18.0197 5716  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:32:18.0248 5716  BDESVC - ok
12:32:18.0262 5716  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:32:18.0311 5716  Beep - ok
12:32:18.0361 5716  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:32:18.0420 5716  BFE - ok
12:32:18.0467 5716  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:32:18.0523 5716  BITS - ok
12:32:18.0558 5716  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:32:18.0599 5716  blbdrive - ok
12:32:18.0650 5716  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:32:18.0669 5716  Bonjour Service - ok
12:32:18.0697 5716  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:32:18.0723 5716  bowser - ok
12:32:18.0745 5716  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:32:18.0808 5716  BrFiltLo - ok
12:32:18.0838 5716  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:32:18.0869 5716  BrFiltUp - ok
12:32:18.0908 5716  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:32:18.0965 5716  Browser - ok
12:32:18.0986 5716  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:32:19.0041 5716  Brserid - ok
12:32:19.0068 5716  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:32:19.0098 5716  BrSerWdm - ok
12:32:19.0123 5716  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:32:19.0158 5716  BrUsbMdm - ok
12:32:19.0188 5716  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:32:19.0223 5716  BrUsbSer - ok
12:32:19.0253 5716  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:32:19.0287 5716  BTHMODEM - ok
12:32:19.0337 5716  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:32:19.0386 5716  bthserv - ok
12:32:19.0421 5716  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:32:19.0453 5716  cdfs - ok
12:32:19.0488 5716  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:32:19.0522 5716  cdrom - ok
12:32:19.0575 5716  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:32:19.0604 5716  CertPropSvc - ok
12:32:19.0620 5716  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:32:19.0637 5716  circlass - ok
12:32:19.0664 5716  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:32:19.0683 5716  CLFS - ok
12:32:19.0730 5716  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:32:19.0745 5716  clr_optimization_v2.0.50727_32 - ok
12:32:19.0778 5716  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:32:19.0806 5716  clr_optimization_v4.0.30319_32 - ok
12:32:19.0838 5716  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:32:19.0869 5716  CmBatt - ok
12:32:19.0912 5716  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:32:19.0926 5716  cmdide - ok
12:32:19.0960 5716  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:32:19.0996 5716  CNG - ok
12:32:20.0019 5716  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:32:20.0035 5716  Compbatt - ok
12:32:20.0057 5716  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:32:20.0090 5716  CompositeBus - ok
12:32:20.0122 5716  COMSysApp - ok
12:32:20.0145 5716  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:32:20.0161 5716  crcdisk - ok
12:32:20.0198 5716  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:32:20.0249 5716  CryptSvc - ok
12:32:20.0289 5716  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
12:32:20.0347 5716  CSC - ok
12:32:20.0376 5716  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
12:32:20.0418 5716  CscService - ok
12:32:20.0467 5716  [ B93F0125B1F47A8393938F3919A6565F ] cxbu0wdm        C:\Windows\system32\DRIVERS\cxbu0wdm.sys
12:32:20.0491 5716  cxbu0wdm - ok
12:32:20.0532 5716  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:32:20.0601 5716  DcomLaunch - ok
12:32:20.0642 5716  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:32:20.0698 5716  defragsvc - ok
12:32:20.0744 5716  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:32:20.0791 5716  DfsC - ok
12:32:20.0844 5716  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:32:20.0872 5716  Dhcp - ok
12:32:20.0903 5716  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:32:20.0950 5716  discache - ok
12:32:20.0990 5716  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:32:21.0005 5716  Disk - ok
12:32:21.0034 5716  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:32:21.0082 5716  Dnscache - ok
12:32:21.0115 5716  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:32:21.0166 5716  dot3svc - ok
12:32:21.0203 5716  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:32:21.0248 5716  DPS - ok
12:32:21.0284 5716  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:32:21.0319 5716  drmkaud - ok
12:32:21.0375 5716  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:32:21.0404 5716  DXGKrnl - ok
12:32:21.0429 5716  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:32:21.0477 5716  EapHost - ok
12:32:21.0571 5716  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:32:21.0679 5716  ebdrv - ok
12:32:21.0709 5716  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:32:21.0761 5716  EFS - ok
12:32:21.0805 5716  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:32:21.0863 5716  ehRecvr - ok
12:32:21.0892 5716  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:32:21.0917 5716  ehSched - ok
12:32:21.0951 5716  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:32:21.0982 5716  elxstor - ok
12:32:21.0997 5716  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:32:22.0030 5716  ErrDev - ok
12:32:22.0086 5716  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:32:22.0134 5716  EventSystem - ok
12:32:22.0170 5716  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:32:22.0215 5716  exfat - ok
12:32:22.0246 5716  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:32:22.0279 5716  fastfat - ok
12:32:22.0311 5716  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:32:22.0368 5716  Fax - ok
12:32:22.0386 5716  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:32:22.0401 5716  fdc - ok
12:32:22.0432 5716  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:32:22.0477 5716  fdPHost - ok
12:32:22.0503 5716  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:32:22.0550 5716  FDResPub - ok
12:32:22.0592 5716  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:32:22.0608 5716  FileInfo - ok
12:32:22.0633 5716  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:32:22.0700 5716  Filetrace - ok
12:32:22.0732 5716  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:32:22.0781 5716  flpydisk - ok
12:32:22.0818 5716  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:32:22.0842 5716  FltMgr - ok
12:32:22.0882 5716  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
12:32:22.0950 5716  FontCache - ok
12:32:23.0001 5716  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:32:23.0013 5716  FontCache3.0.0.0 - ok
12:32:23.0036 5716  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:32:23.0051 5716  FsDepends - ok
12:32:23.0072 5716  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:32:23.0087 5716  Fs_Rec - ok
12:32:23.0141 5716  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:32:23.0163 5716  fvevol - ok
12:32:23.0188 5716  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:32:23.0202 5716  gagp30kx - ok
12:32:23.0238 5716  [ 4849CC6C27D6456CE2F7EF7C016AB503 ] GCR410P         C:\Windows\system32\DRIVERS\grserial.sys
12:32:23.0255 5716  GCR410P - ok
12:32:23.0285 5716  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:32:23.0297 5716  GEARAspiWDM - ok
12:32:23.0372 5716  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:32:23.0437 5716  gpsvc - ok
12:32:23.0498 5716  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:32:23.0512 5716  gupdate - ok
12:32:23.0526 5716  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:32:23.0540 5716  gupdatem - ok
12:32:23.0559 5716  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:32:23.0608 5716  hcw85cir - ok
12:32:23.0641 5716  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:32:23.0674 5716  HdAudAddService - ok
12:32:23.0711 5716  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:32:23.0742 5716  HDAudBus - ok
12:32:23.0752 5716  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:32:23.0775 5716  HidBatt - ok
12:32:23.0803 5716  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:32:23.0842 5716  HidBth - ok
12:32:23.0871 5716  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:32:23.0888 5716  HidIr - ok
12:32:23.0917 5716  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:32:23.0968 5716  hidserv - ok
12:32:23.0997 5716  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:32:24.0012 5716  HidUsb - ok
12:32:24.0045 5716  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:32:24.0088 5716  hkmsvc - ok
12:32:24.0122 5716  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:32:24.0181 5716  HomeGroupListener - ok
12:32:24.0212 5716  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:32:24.0249 5716  HomeGroupProvider - ok
12:32:24.0292 5716  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:32:24.0307 5716  HpSAMD - ok
12:32:24.0340 5716  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:32:24.0377 5716  HTTP - ok
12:32:24.0397 5716  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:32:24.0411 5716  hwpolicy - ok
12:32:24.0440 5716  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:32:24.0471 5716  i8042prt - ok
12:32:24.0514 5716  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:32:24.0534 5716  iaStorV - ok
12:32:24.0580 5716  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:32:24.0610 5716  idsvc - ok
12:32:24.0638 5716  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:32:24.0652 5716  iirsp - ok
12:32:24.0683 5716  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:32:24.0744 5716  IKEEXT - ok
12:32:24.0788 5716  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:32:24.0801 5716  intelide - ok
12:32:24.0836 5716  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:32:24.0870 5716  intelppm - ok
12:32:24.0905 5716  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:32:24.0956 5716  IPBusEnum - ok
12:32:24.0985 5716  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:32:25.0033 5716  IpFilterDriver - ok
12:32:25.0090 5716  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:32:25.0148 5716  iphlpsvc - ok
12:32:25.0185 5716  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:32:25.0201 5716  IPMIDRV - ok
12:32:25.0228 5716  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:32:25.0266 5716  IPNAT - ok
12:32:25.0305 5716  [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:32:25.0329 5716  iPod Service - ok
12:32:25.0357 5716  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:32:25.0388 5716  IRENUM - ok
12:32:25.0413 5716  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:32:25.0428 5716  isapnp - ok
12:32:25.0460 5716  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:32:25.0479 5716  iScsiPrt - ok
12:32:25.0499 5716  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:32:25.0517 5716  kbdclass - ok
12:32:25.0536 5716  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:32:25.0572 5716  kbdhid - ok
12:32:25.0597 5716  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:32:25.0612 5716  KeyIso - ok
12:32:25.0642 5716  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:32:25.0657 5716  KSecDD - ok
12:32:25.0673 5716  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:32:25.0691 5716  KSecPkg - ok
12:32:25.0715 5716  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:32:25.0769 5716  KtmRm - ok
12:32:25.0816 5716  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:32:25.0862 5716  LanmanServer - ok
12:32:25.0899 5716  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:32:25.0948 5716  LanmanWorkstation - ok
12:32:25.0992 5716  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:32:26.0039 5716  lltdio - ok
12:32:26.0078 5716  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:32:26.0130 5716  lltdsvc - ok
12:32:26.0160 5716  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:32:26.0192 5716  lmhosts - ok
12:32:26.0229 5716  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:32:26.0245 5716  LSI_FC - ok
12:32:26.0265 5716  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:32:26.0279 5716  LSI_SAS - ok
12:32:26.0299 5716  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:32:26.0312 5716  LSI_SAS2 - ok
12:32:26.0328 5716  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:32:26.0345 5716  LSI_SCSI - ok
12:32:26.0363 5716  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:32:26.0410 5716  luafv - ok
12:32:26.0472 5716  [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
12:32:26.0484 5716  LVPr2Mon - ok
12:32:26.0534 5716  [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:32:26.0549 5716  LVPrcSrv - ok
12:32:26.0585 5716  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\Windows\system32\DRIVERS\LVUSBSta.sys
12:32:26.0598 5716  LVUSBSta - ok
12:32:26.0637 5716  lxbk_device - ok
12:32:26.0678 5716  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:32:26.0691 5716  MBAMProtector - ok
12:32:26.0720 5716  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:32:26.0738 5716  MBAMScheduler - ok
12:32:26.0760 5716  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:32:26.0782 5716  MBAMService - ok
12:32:26.0806 5716  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:32:26.0824 5716  Mcx2Svc - ok
12:32:26.0862 5716  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:32:26.0878 5716  megasas - ok
12:32:26.0902 5716  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:32:26.0920 5716  MegaSR - ok
12:32:26.0950 5716  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:32:27.0001 5716  MMCSS - ok
12:32:27.0025 5716  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:32:27.0073 5716  Modem - ok
12:32:27.0105 5716  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:32:27.0136 5716  monitor - ok
12:32:27.0169 5716  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:32:27.0183 5716  mouclass - ok
12:32:27.0202 5716  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:32:27.0230 5716  mouhid - ok
12:32:27.0260 5716  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:32:27.0275 5716  mountmgr - ok
12:32:27.0324 5716  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:32:27.0340 5716  MozillaMaintenance - ok
12:32:27.0372 5716  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:32:27.0390 5716  mpio - ok
12:32:27.0405 5716  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:32:27.0449 5716  mpsdrv - ok
12:32:27.0493 5716  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:32:27.0544 5716  MpsSvc - ok
12:32:27.0578 5716  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:32:27.0610 5716  MRxDAV - ok
12:32:27.0646 5716  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:32:27.0675 5716  mrxsmb - ok
12:32:27.0704 5716  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:32:27.0742 5716  mrxsmb10 - ok
12:32:27.0772 5716  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:32:27.0819 5716  mrxsmb20 - ok
12:32:27.0889 5716  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:32:27.0921 5716  msahci - ok
12:32:27.0941 5716  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:32:27.0957 5716  msdsm - ok
12:32:27.0986 5716  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:32:28.0025 5716  MSDTC - ok
12:32:28.0075 5716  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:32:28.0106 5716  Msfs - ok
12:32:28.0120 5716  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:32:28.0164 5716  mshidkmdf - ok
12:32:28.0205 5716  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:32:28.0220 5716  msisadrv - ok
12:32:28.0263 5716  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:32:28.0310 5716  MSiSCSI - ok
12:32:28.0321 5716  msiserver - ok
12:32:28.0373 5716  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:32:28.0403 5716  MSKSSRV - ok
12:32:28.0424 5716  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:32:28.0467 5716  MSPCLOCK - ok
12:32:28.0479 5716  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:32:28.0515 5716  MSPQM - ok
12:32:28.0549 5716  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:32:28.0566 5716  MsRPC - ok
12:32:28.0593 5716  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:32:28.0607 5716  mssmbios - ok
12:32:28.0617 5716  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:32:28.0649 5716  MSTEE - ok
12:32:28.0675 5716  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:32:28.0710 5716  MTConfig - ok
12:32:28.0734 5716  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:32:28.0749 5716  Mup - ok
12:32:28.0782 5716  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:32:28.0841 5716  napagent - ok
12:32:28.0883 5716  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:32:28.0906 5716  NativeWifiP - ok
12:32:28.0951 5716  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:32:28.0981 5716  NDIS - ok
12:32:28.0997 5716  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:32:29.0028 5716  NdisCap - ok
12:32:29.0057 5716  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:32:29.0101 5716  NdisTapi - ok
12:32:29.0137 5716  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:32:29.0166 5716  Ndisuio - ok
12:32:29.0203 5716  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:32:29.0246 5716  NdisWan - ok
12:32:29.0277 5716  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:32:29.0320 5716  NDProxy - ok
12:32:29.0357 5716  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:32:29.0402 5716  NetBIOS - ok
12:32:29.0443 5716  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:32:29.0476 5716  NetBT - ok
12:32:29.0493 5716  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:32:29.0509 5716  Netlogon - ok
12:32:29.0553 5716  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:32:29.0589 5716  Netman - ok
12:32:29.0623 5716  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:32:29.0638 5716  NetMsmqActivator - ok
12:32:29.0651 5716  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:32:29.0666 5716  NetPipeActivator - ok
12:32:29.0681 5716  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:32:29.0728 5716  netprofm - ok
12:32:29.0739 5716  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:32:29.0754 5716  NetTcpActivator - ok
12:32:29.0766 5716  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:32:29.0783 5716  NetTcpPortSharing - ok
12:32:29.0811 5716  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:32:29.0827 5716  nfrd960 - ok
12:32:29.0867 5716  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:32:29.0900 5716  NlaSvc - ok
12:32:29.0948 5716  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
12:32:30.0013 5716  nmwcd - ok
12:32:30.0054 5716  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
12:32:30.0086 5716  nmwcdc - ok
12:32:30.0105 5716  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:32:30.0139 5716  Npfs - ok
12:32:30.0166 5716  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:32:30.0199 5716  nsi - ok
12:32:30.0226 5716  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:32:30.0277 5716  nsiproxy - ok
12:32:30.0338 5716  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:32:30.0387 5716  Ntfs - ok
12:32:30.0405 5716  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:32:30.0449 5716  Null - ok
12:32:30.0494 5716  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
12:32:30.0549 5716  NVENETFD - ok
12:32:30.0769 5716  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:32:31.0075 5716  nvlddmkm - ok
12:32:31.0140 5716  [ 0219B05730635FCAB3A9925D3374C464 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
12:32:31.0168 5716  NVNET - ok
12:32:31.0191 5716  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:32:31.0207 5716  nvraid - ok
12:32:31.0234 5716  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:32:31.0250 5716  nvstor - ok
12:32:31.0303 5716  [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:32:31.0336 5716  nvsvc - ok
12:32:31.0402 5716  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:32:31.0453 5716  nvUpdatusService - ok
12:32:31.0488 5716  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:32:31.0503 5716  nv_agp - ok
12:32:31.0531 5716  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:32:31.0559 5716  ohci1394 - ok
12:32:31.0597 5716  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:32:31.0648 5716  p2pimsvc - ok
12:32:31.0680 5716  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:32:31.0717 5716  p2psvc - ok
12:32:31.0750 5716  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:32:31.0767 5716  Parport - ok
12:32:31.0796 5716  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:32:31.0812 5716  partmgr - ok
12:32:31.0838 5716  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:32:31.0866 5716  Parvdm - ok
12:32:31.0896 5716  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:32:31.0917 5716  PcaSvc - ok
12:32:31.0960 5716  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
12:32:31.0984 5716  pccsmcfd - ok
12:32:32.0011 5716  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:32:32.0027 5716  pci - ok
12:32:32.0050 5716  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:32:32.0066 5716  pciide - ok
12:32:32.0090 5716  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:32:32.0108 5716  pcmcia - ok
12:32:32.0127 5716  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:32:32.0142 5716  pcw - ok
12:32:32.0167 5716  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:32:32.0220 5716  PEAUTH - ok
12:32:32.0276 5716  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:32:32.0343 5716  PeerDistSvc - ok
12:32:32.0421 5716  [ 3551190E9CF1EB4C0971BDEF4269CA25 ] PID_0928        C:\Windows\system32\DRIVERS\LV561AV.SYS
12:32:32.0442 5716  PID_0928 - ok
12:32:32.0495 5716  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:32:32.0556 5716  pla - ok
12:32:32.0585 5716  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:32:32.0637 5716  PlugPlay - ok
12:32:32.0664 5716  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:32:32.0697 5716  PNRPAutoReg - ok
12:32:32.0729 5716  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:32:32.0749 5716  PNRPsvc - ok
12:32:32.0772 5716  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:32:32.0838 5716  PolicyAgent - ok
12:32:32.0881 5716  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:32:32.0927 5716  Power - ok
12:32:32.0962 5716  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:32:33.0008 5716  PptpMiniport - ok
12:32:33.0035 5716  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:32:33.0073 5716  Processor - ok
12:32:33.0118 5716  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:32:33.0168 5716  ProfSvc - ok
12:32:33.0189 5716  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:32:33.0206 5716  ProtectedStorage - ok
12:32:33.0220 5716  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:32:33.0254 5716  Psched - ok
12:32:33.0296 5716  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:32:33.0355 5716  ql2300 - ok
12:32:33.0373 5716  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:32:33.0403 5716  ql40xx - ok
12:32:33.0450 5716  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:32:33.0486 5716  QWAVE - ok
12:32:33.0527 5716  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:32:33.0545 5716  QWAVEdrv - ok
12:32:33.0566 5716  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:32:33.0611 5716  RasAcd - ok
12:32:33.0646 5716  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:32:33.0686 5716  RasAgileVpn - ok
12:32:33.0717 5716  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:32:33.0754 5716  RasAuto - ok
12:32:33.0774 5716  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:32:33.0821 5716  Rasl2tp - ok
12:32:33.0869 5716  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:32:33.0918 5716  RasMan - ok
12:32:33.0946 5716  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:32:33.0977 5716  RasPppoe - ok
12:32:34.0003 5716  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:32:34.0050 5716  RasSstp - ok
12:32:34.0083 5716  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:32:34.0135 5716  rdbss - ok
12:32:34.0162 5716  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:32:34.0178 5716  rdpbus - ok
12:32:34.0203 5716  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:32:34.0250 5716  RDPCDD - ok
12:32:34.0287 5716  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:32:34.0334 5716  RDPDR - ok
12:32:34.0359 5716  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:32:34.0391 5716  RDPENCDD - ok
12:32:34.0415 5716  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:32:34.0464 5716  RDPREFMP - ok
12:32:34.0529 5716  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:32:34.0551 5716  RdpVideoMiniport - ok
12:32:34.0583 5716  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:32:34.0629 5716  RDPWD - ok
12:32:34.0666 5716  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:32:34.0682 5716  rdyboost - ok
12:32:34.0702 5716  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:32:34.0747 5716  RemoteAccess - ok
12:32:34.0786 5716  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:32:34.0820 5716  RemoteRegistry - ok
12:32:34.0851 5716  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:32:34.0885 5716  RpcEptMapper - ok
12:32:34.0916 5716  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:32:34.0955 5716  RpcLocator - ok
12:32:34.0984 5716  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:32:35.0021 5716  RpcSs - ok
12:32:35.0064 5716  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:32:35.0111 5716  rspndr - ok
12:32:35.0144 5716  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:32:35.0193 5716  s3cap - ok
12:32:35.0212 5716  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:32:35.0230 5716  SamSs - ok
12:32:35.0255 5716  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:32:35.0270 5716  sbp2port - ok
12:32:35.0298 5716  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:32:35.0331 5716  SCardSvr - ok
12:32:35.0358 5716  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:32:35.0386 5716  scfilter - ok
12:32:35.0418 5716  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:32:35.0477 5716  Schedule - ok
12:32:35.0508 5716  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:32:35.0537 5716  SCPolicySvc - ok
12:32:35.0564 5716  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:32:35.0612 5716  SDRSVC - ok
12:32:35.0644 5716  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:32:35.0674 5716  secdrv - ok
12:32:35.0701 5716  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:32:35.0755 5716  seclogon - ok
12:32:35.0785 5716  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:32:35.0842 5716  SENS - ok
12:32:35.0876 5716  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:32:35.0921 5716  SensrSvc - ok
12:32:35.0951 5716  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:32:35.0988 5716  Serenum - ok
12:32:36.0017 5716  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:32:36.0047 5716  Serial - ok
12:32:36.0075 5716  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:32:36.0090 5716  sermouse - ok
12:32:36.0126 5716  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:32:36.0152 5716  ServiceLayer - ok
12:32:36.0195 5716  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:32:36.0248 5716  SessionEnv - ok
12:32:36.0286 5716  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:32:36.0317 5716  sffdisk - ok
12:32:36.0329 5716  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:32:36.0352 5716  sffp_mmc - ok
12:32:36.0378 5716  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:32:36.0410 5716  sffp_sd - ok
12:32:36.0443 5716  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:32:36.0500 5716  sfloppy - ok
12:32:36.0550 5716  [ A7A8E434F17AD07D75883C27FA1170BF ] SgtSch2Svc      C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
12:32:36.0577 5716  SgtSch2Svc - ok
12:32:36.0602 5716  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:32:36.0710 5716  SharedAccess - ok
12:32:36.0746 5716  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:32:36.0878 5716  ShellHWDetection - ok
12:32:36.0893 5716  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:32:36.0908 5716  sisagp - ok
12:32:36.0941 5716  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:32:36.0955 5716  SiSRaid2 - ok
12:32:36.0973 5716  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:32:36.0990 5716  SiSRaid4 - ok
12:32:37.0029 5716  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:32:37.0044 5716  SkypeUpdate - ok
12:32:37.0074 5716  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:32:37.0212 5716  Smb - ok
12:32:37.0259 5716  [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
12:32:37.0288 5716  snapman - ok
12:32:37.0327 5716  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:32:37.0440 5716  SNMPTRAP - ok
12:32:37.0479 5716  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:32:37.0493 5716  spldr - ok
12:32:37.0529 5716  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:32:37.0660 5716  Spooler - ok
12:32:37.0738 5716  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:32:37.0948 5716  sppsvc - ok
12:32:37.0967 5716  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:32:38.0066 5716  sppuinotify - ok
12:32:38.0122 5716  [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd            C:\Windows\System32\Drivers\sptd.sys
12:32:38.0178 5716  sptd - ok
12:32:38.0214 5716  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:32:38.0345 5716  srv - ok
12:32:38.0368 5716  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:32:38.0411 5716  srv2 - ok
12:32:38.0440 5716  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:32:38.0456 5716  srvnet - ok
12:32:38.0487 5716  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:32:38.0522 5716  SSDPSRV - ok
12:32:38.0553 5716  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
12:32:38.0588 5716  ssmdrv - ok
12:32:38.0606 5716  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:32:38.0656 5716  SstpSvc - ok
12:32:38.0743 5716  [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
12:32:38.0770 5716  StarMoney 8.0 OnlineUpdate - ok
12:32:38.0839 5716  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:32:38.0865 5716  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
12:32:38.0865 5716  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
12:32:38.0903 5716  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:32:38.0917 5716  stexstor - ok
12:32:38.0953 5716  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:32:39.0000 5716  StiSvc - ok
12:32:39.0033 5716  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:32:39.0046 5716  storflt - ok
12:32:39.0079 5716  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:32:39.0094 5716  storvsc - ok
12:32:39.0112 5716  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:32:39.0127 5716  swenum - ok
12:32:39.0166 5716  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:32:39.0204 5716  swprv - ok
12:32:39.0229 5716  Synth3dVsc - ok
12:32:39.0289 5716  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:32:39.0344 5716  SysMain - ok
12:32:39.0363 5716  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:32:39.0430 5716  TabletInputService - ok
12:32:39.0460 5716  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:32:39.0500 5716  TapiSrv - ok
12:32:39.0517 5716  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:32:39.0570 5716  TBS - ok
12:32:39.0632 5716  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:32:39.0685 5716  Tcpip - ok
12:32:39.0727 5716  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:32:39.0762 5716  TCPIP6 - ok
12:32:39.0801 5716  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:32:39.0842 5716  tcpipreg - ok
12:32:39.0885 5716  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:32:39.0932 5716  TDPIPE - ok
12:32:39.0965 5716  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:32:39.0991 5716  TDTCP - ok
12:32:40.0025 5716  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:32:40.0067 5716  tdx - ok
12:32:40.0171 5716  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:32:40.0264 5716  TeamViewer7 - ok
12:32:40.0364 5716  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
12:32:40.0448 5716  TeamViewer8 - ok
12:32:40.0470 5716  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:32:40.0486 5716  TermDD - ok
12:32:40.0520 5716  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:32:40.0577 5716  TermService - ok
12:32:40.0615 5716  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:32:40.0656 5716  Themes - ok
12:32:40.0685 5716  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:32:40.0718 5716  THREADORDER - ok
12:32:40.0754 5716  [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
12:32:40.0778 5716  timounter - ok
12:32:40.0801 5716  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:32:40.0861 5716  TrkWks - ok
12:32:40.0905 5716  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:32:40.0948 5716  TrustedInstaller - ok
12:32:40.0982 5716  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:32:41.0013 5716  tssecsrv - ok
12:32:41.0044 5716  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:32:41.0066 5716  TsUsbFlt - ok
12:32:41.0078 5716  tsusbhub - ok
12:32:41.0115 5716  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:32:41.0165 5716  tunnel - ok
12:32:41.0202 5716  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:32:41.0217 5716  uagp35 - ok
12:32:41.0243 5716  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:32:41.0295 5716  udfs - ok
12:32:41.0338 5716  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:32:41.0369 5716  UI0Detect - ok
12:32:41.0419 5716  [ 0A1822D12CF103633893CAF9CAE4E69D ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
12:32:41.0435 5716  UimBus - ok
12:32:41.0472 5716  [ 42F7398A76D279E0F63FC600920AB90C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IM.sys
12:32:41.0493 5716  Uim_IM - ok
12:32:41.0519 5716  [ 48AD04132FCAC71E0EEC3DE5FB22D66E ] Uim_Vim         C:\Windows\system32\Drivers\Uim_Vim.sys
12:32:41.0538 5716  Uim_Vim - ok
12:32:41.0568 5716  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:32:41.0585 5716  uliagpkx - ok
12:32:41.0630 5716  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:32:41.0647 5716  umbus - ok
12:32:41.0675 5716  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:32:41.0707 5716  UmPass - ok
12:32:41.0752 5716  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:32:41.0787 5716  UmRdpService - ok
12:32:41.0829 5716  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:32:41.0873 5716  upnphost - ok
12:32:41.0904 5716  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
12:32:41.0950 5716  upperdev - ok
12:32:41.0994 5716  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
12:32:42.0019 5716  USBAAPL - ok
12:32:42.0048 5716  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
12:32:42.0097 5716  usbccgp - ok
12:32:42.0123 5716  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:32:42.0140 5716  usbcir - ok
12:32:42.0166 5716  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:32:42.0180 5716  usbehci - ok
12:32:42.0207 5716  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:32:42.0224 5716  usbhub - ok
12:32:42.0250 5716  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:32:42.0288 5716  usbohci - ok
12:32:42.0332 5716  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:32:42.0351 5716  usbprint - ok
12:32:42.0376 5716  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:32:42.0412 5716  usbscan - ok
12:32:42.0466 5716  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
12:32:42.0517 5716  usbser - ok
12:32:42.0541 5716  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
12:32:42.0571 5716  UsbserFilt - ok
12:32:42.0595 5716  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:32:42.0643 5716  USBSTOR - ok
12:32:42.0675 5716  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:32:42.0707 5716  usbuhci - ok
12:32:42.0746 5716  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:32:42.0779 5716  UxSms - ok
12:32:42.0796 5716  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:32:42.0813 5716  VaultSvc - ok
12:32:42.0852 5716  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:32:42.0866 5716  vdrvroot - ok
12:32:42.0899 5716  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:32:42.0953 5716  vds - ok
12:32:42.0979 5716  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:32:43.0014 5716  vga - ok
12:32:43.0039 5716  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:32:43.0070 5716  VgaSave - ok
12:32:43.0087 5716  VGPU - ok
12:32:43.0117 5716  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:32:43.0134 5716  vhdmp - ok
12:32:43.0162 5716  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:32:43.0179 5716  viaagp - ok
12:32:43.0192 5716  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:32:43.0227 5716  ViaC7 - ok
12:32:43.0253 5716  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:32:43.0285 5716  viaide - ok
12:32:43.0335 5716  [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
12:32:43.0348 5716  vididr - ok
12:32:43.0376 5716  [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53       C:\Windows\system32\DRIVERS\vsflt53.sys
12:32:43.0391 5716  vidsflt53 - ok
12:32:43.0472 5716  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:32:43.0488 5716  vmbus - ok
12:32:43.0511 5716  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:32:43.0543 5716  VMBusHID - ok
12:32:43.0570 5716  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:32:43.0583 5716  volmgr - ok
12:32:43.0620 5716  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:32:43.0640 5716  volmgrx - ok
12:32:43.0657 5716  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:32:43.0676 5716  volsnap - ok
12:32:43.0705 5716  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:32:43.0722 5716  vsmraid - ok
12:32:43.0757 5716  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:32:43.0822 5716  VSS - ok
12:32:43.0861 5716  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:32:43.0898 5716  vwifibus - ok
12:32:43.0940 5716  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:32:43.0978 5716  W32Time - ok
12:32:44.0006 5716  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:32:44.0038 5716  WacomPen - ok
12:32:44.0075 5716  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:32:44.0107 5716  WANARP - ok
12:32:44.0116 5716  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:32:44.0146 5716  Wanarpv6 - ok
12:32:44.0189 5716  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:32:44.0271 5716  wbengine - ok
12:32:44.0299 5716  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:32:44.0342 5716  WbioSrvc - ok
12:32:44.0402 5716  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:32:44.0447 5716  wcncsvc - ok
12:32:44.0481 5716  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:32:44.0534 5716  WcsPlugInService - ok
12:32:44.0560 5716  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:32:44.0573 5716  Wd - ok
12:32:44.0611 5716  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:32:44.0637 5716  Wdf01000 - ok
12:32:44.0657 5716  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:32:44.0698 5716  WdiServiceHost - ok
12:32:44.0709 5716  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:32:44.0729 5716  WdiSystemHost - ok
12:32:44.0761 5716  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:32:44.0803 5716  WebClient - ok
12:32:44.0843 5716  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:32:44.0878 5716  Wecsvc - ok
12:32:44.0893 5716  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:32:44.0941 5716  wercplsupport - ok
12:32:44.0972 5716  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:32:45.0026 5716  WerSvc - ok
12:32:45.0074 5716  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:32:45.0106 5716  WfpLwf - ok
12:32:45.0130 5716  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:32:45.0147 5716  WIMMount - ok
12:32:45.0198 5716  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:32:45.0247 5716  WinDefend - ok
12:32:45.0280 5716  WinHttpAutoProxySvc - ok
12:32:45.0317 5716  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:32:45.0348 5716  Winmgmt - ok
12:32:45.0396 5716  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:32:45.0480 5716  WinRM - ok
12:32:45.0531 5716  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:32:45.0560 5716  WinUsb - ok
12:32:45.0608 5716  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:32:45.0647 5716  Wlansvc - ok
12:32:45.0674 5716  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:32:45.0710 5716  WmiAcpi - ok
12:32:45.0754 5716  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:32:45.0772 5716  wmiApSrv - ok
12:32:45.0845 5716  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:32:45.0935 5716  WMPNetworkSvc - ok
12:32:45.0962 5716  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:32:46.0012 5716  WPCSvc - ok
12:32:46.0047 5716  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:32:46.0073 5716  WPDBusEnum - ok
12:32:46.0098 5716  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:32:46.0147 5716  ws2ifsl - ok
12:32:46.0182 5716  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:32:46.0203 5716  wscsvc - ok
12:32:46.0213 5716  WSearch - ok
12:32:46.0280 5716  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:32:46.0356 5716  wuauserv - ok
12:32:46.0388 5716  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:32:46.0409 5716  WudfPf - ok
12:32:46.0429 5716  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:32:46.0464 5716  WUDFRd - ok
12:32:46.0500 5716  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:32:46.0519 5716  wudfsvc - ok
12:32:46.0546 5716  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:32:46.0570 5716  WwanSvc - ok
12:32:46.0587 5716  ================ Scan global ===============================
12:32:46.0624 5716  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:32:46.0653 5716  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:32:46.0668 5716  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:32:46.0698 5716  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:32:46.0719 5716  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:32:46.0725 5716  [Global] - ok
12:32:46.0729 5716  ================ Scan MBR ==================================
12:32:46.0740 5716  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:32:46.0972 5716  \Device\Harddisk0\DR0 - ok
12:32:46.0980 5716  [ 10AE9EB13951B8E206480773F877A330 ] \Device\Harddisk1\DR1
12:32:47.0035 5716  \Device\Harddisk1\DR1 - ok
12:32:47.0038 5716  ================ Scan VBR ==================================
12:32:47.0042 5716  [ B6834AE6DA52CDAF06CF79913425E468 ] \Device\Harddisk0\DR0\Partition1
12:32:47.0044 5716  \Device\Harddisk0\DR0\Partition1 - ok
12:32:47.0078 5716  [ F0D99461745ED387355C1B5A645AE117 ] \Device\Harddisk0\DR0\Partition2
12:32:47.0080 5716  \Device\Harddisk0\DR0\Partition2 - ok
12:32:47.0090 5716  [ 9362DF49C01B969336010156D62B6C88 ] \Device\Harddisk1\DR1\Partition1
12:32:47.0092 5716  \Device\Harddisk1\DR1\Partition1 - ok
12:32:47.0095 5716  ============================================================
12:32:47.0095 5716  Scan finished
12:32:47.0095 5716  ============================================================
12:32:47.0113 4832  Detected object count: 1
12:32:47.0113 4832  Actual detected object count: 1
12:33:35.0232 4832  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
12:33:35.0232 4832  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:35:25.0794 4280  Deinitialize success

Danke für Deine Hilfe

cosinus · 26.03.2013, 13:15

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

siggi-anton · 26.03.2013, 15:32

Hallo cosinus

Der Scan mit Combofix ergab folgende Logfile:

Code:

ATTFilter

ComboFix 13-03-25.01 - Administrator 26.03.2013  14:26:16.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3263.2221 [GMT 1:00]
ausgeführt von:: c:\users\Ellen\Desktop\Virus\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ellen\4.0
c:\users\Ellen\AppData\Local\assembly\tmp
c:\windows\system32\suf4FD5.tmp
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-26 bis 2013-03-26  ))))))))))))))))))))))))))))))
.
.
2013-03-26 14:02 . 2013-03-26 14:15	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-03-26 14:02 . 2013-03-26 14:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-26 14:02 . 2013-03-26 14:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-26 14:02 . 2013-03-26 14:02	--------	d-----w-	c:\users\Siggi\AppData\Local\temp
2013-03-26 10:57 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{106BDDCE-DAED-4344-AB6F-1E112130915A}\mpengine.dll
2013-03-24 18:43 . 2013-03-24 18:43	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2013-03-24 12:57 . 2013-03-24 12:57	--------	d-----w-	c:\users\Ellen\AppData\Roaming\Malwarebytes
2013-03-24 12:25 . 2013-03-24 12:25	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-03-24 12:25 . 2013-03-24 12:25	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-24 12:25 . 2013-03-24 12:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-24 12:25 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-24 12:24 . 2013-03-24 12:24	--------	d-----w-	c:\users\Administrator\AppData\Local\Programs
2013-03-15 21:52 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-15 21:51 . 2013-03-15 21:51	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 21:51 . 2013-03-15 21:51	--------	d-----w-	c:\program files\Java
2013-02-27 11:55 . 2013-01-13 19:53	187392	----a-w-	c:\windows\system32\UIAnimation.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 21:51 . 2013-01-02 10:16	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-15 21:51 . 2013-01-02 10:16	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-13 15:38 . 2012-10-01 12:24	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 15:38 . 2012-10-01 12:24	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-19 20:32 . 2013-02-19 20:32	6162704	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-19 20:32 . 2013-02-19 20:32	10919200	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 20:32 . 2013-02-19 20:32	17560352	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-19 20:32 . 2012-10-08 14:32	2446416	----a-w-	c:\windows\system32\nvapi.dll
2013-02-19 20:32 . 2013-02-19 20:32	2577184	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-19 20:32 . 2013-02-19 20:32	1869088	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-19 20:32 . 2012-10-08 14:32	15413704	----a-w-	c:\windows\system32\nvd3dum.dll
2013-02-19 20:32 . 2012-11-12 11:24	892704	----a-w-	c:\windows\system32\nvdispgenco32.dll
2013-02-19 20:32 . 2012-10-08 14:32	1010464	----a-w-	c:\windows\system32\nvdispco32.dll
2013-02-19 20:32 . 2013-02-19 20:32	7754560	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-19 20:32 . 2013-02-19 20:32	19915552	----a-w-	c:\windows\system32\nvoglv32.dll
2013-02-12 04:48 . 2013-03-13 15:01	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 15:01	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-31 09:01 . 2012-10-08 14:34	2859296	----a-w-	c:\windows\system32\nvsvc.dll
2013-01-31 09:01 . 2012-10-08 14:34	3970848	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-31 09:00 . 2012-10-08 14:34	634656	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-31 09:00 . 2012-10-08 14:34	62752	----a-w-	c:\windows\system32\nvshext.dll
2013-01-31 09:00 . 2012-10-08 14:34	2557728	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-31 09:00 . 2012-10-08 14:34	108832	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-17 00:28 . 2012-09-29 12:25	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-14 10:02	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 10:02	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-14 10:02	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-14 10:02	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-14 10:02	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-14 10:02	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-15 10:17 . 2012-12-15 10:16	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeskUpdateNotifier"="c:\program files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2013-02-26 102968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2674104]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
.
c:\users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Herrnhuter  Losungen.LNK - c:\program files\ComBib\Herrnhuter Losungen\Herrnhuter Losungen.exe [2012-12-11 1220608]
Hoffnung  fuer heute.LNK - c:\program files\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe [2011-6-2 2572288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 cxbu0wdm;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0wdm.sys [x]
S3 GCR410P;GEMPLUS GCR410P-Smartcard-Leser (seriell);c:\windows\system32\DRIVERS\grserial.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 15:38]
.
2013-03-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-09-30 19:59]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-01 15:02]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-01 15:02]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000Core.job
- c:\users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 18:55]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000UA.job
- c:\users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 18:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y5akqolk.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c8,
   07,9e,be,ef,08,b0,9c,bd,17,88,69,f0,da
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:a0,ef,1e,c3,7c,ba,cd,01
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a2,21,0f,97,c5,83,49,be,2d,f2,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a2,21,0f,97,c5,83,49,be,2d,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,a2,21,0f,97,c5,83,49,be,2d,f2,\
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-26  15:19:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-26 14:19
.
Vor Suchlauf: 18 Verzeichnis(se), 360.310.652.928 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 360.386.990.080 Bytes frei
.
- - End Of File - - 6F439DDB9E32CF136D491F3587E95AC8

Hoffe Dir hilft das weiter.

Sind die ganzen Scanns reine Vorsicht von Dir oder hast und irgend einem log einen konkreten Anhaltspunkt gefunden. Würde mich interressieren aus reinem Wissensdrang.

Danke für die prompte Hilfe.

LG siggi

cosinus · 26.03.2013, 16:17

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

siggi-anton · 29.03.2013, 13:48

zu JRT - Junkware Removal Tool:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Ultimate x86
Ran by Administrator on 29.03.2013 at 12:12:13,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\nctaudiocdgrabber2.dll



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\y5akqolk.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\y5akqolk.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2013 at 12:15:27,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zu adwCleaner:

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 29/03/2013 um 12:18:24 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Administrator - ELLEN-AMD
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ellen\Desktop\Virus\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Siggi\AppData\Local\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\TENCENT

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\v4kym1j7.default\prefs.js

C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\v4kym1j7.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Datei : C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\7q6s8twu.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y5akqolk.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2870 octets] - [29/03/2013 12:18:24]

########## EOF - C:\AdwCleaner[S1].txt - [2930 octets] ##########

Kontrolle mit OTL:

Code:

ATTFilter

OTL logfile created on: 29.03.2013 12:24:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellen\Desktop\Virus
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 60,75% Memory free
6,37 Gb Paging File | 4,99 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 337,01 Gb Free Space | 72,37% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 14,36 Gb Free Space | 6,17% Space Free | Partition Type: NTFS
 
Computer Name: ELLEN-AMD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ellen\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Programme\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\0bbd213c31831ecd29d5de742778716e\DeskUpdateNotifier.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Seagate\DiscWizard\tishell.dll ()
MOD - C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe ()
MOD - C:\Programme\Seagate\DiscWizard\Common\rpc_client.dll ()
MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SgtSch2Svc) -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (cxbu0wdm) -- C:\Windows\System32\drivers\cxbu0wdm.sys (HID Global Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (GCR410P) -- C:\Windows\System32\drivers\grserial.sys (Gemplus)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 E8 72 B3 31 BC CD 01  [binary data]
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes\{79EC3D8C-3760-418A-9355-DBA0A52089B6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3BEE2D3F-D456-4C40-915F-8B89AEEF8091&apn_sauid=24D00DB1-44DC-4B72-B932-9F16A3ED81BB
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 2F F3 BE 7C BA CD 01  [binary data]
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{919658DC-1CE5-4880-84D4-B47C018185F5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3BEE2D3F-D456-4C40-915F-8B89AEEF8091&apn_sauid=24D00DB1-44DC-4B72-B932-9F16A3ED81BB
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.15 11:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 17:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.10.31 13:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.15 11:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y5akqolk.default\extensions
[2012.12.15 11:17:36 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\y5akqolk.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2012.12.15 11:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.15 11:17:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.31 13:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.31 13:34:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.31 13:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 13:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 13:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 13:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.26 15:03:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-500..\RunOnce: [Report] C:\AdwCleaner[S1].txt File not found
O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herrnhuter  Losungen.LNK = C:\Programme\ComBib\Herrnhuter Losungen\Herrnhuter Losungen.exe (combib)
O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hoffnung  fuer heute.LNK = C:\Programme\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe (combib)
O4 - Startup: C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2436065-4688-4558-ABB2-A31DF36B6EC5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.29 12:12:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.29 12:11:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.26 15:15:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.26 15:02:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2013.03.26 15:02:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.26 14:23:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.26 14:23:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.26 14:23:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.26 14:23:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.26 14:23:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.24 19:43:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.24 19:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2013.03.24 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.03.24 13:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.24 13:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.24 13:25:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.24 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.24 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2013.03.24 10:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.15 23:23:36 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.15 23:23:36 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.15 23:23:36 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.15 23:23:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.15 23:23:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.15 23:23:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.15 23:23:36 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.15 23:23:36 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.15 23:23:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.15 23:23:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.15 23:23:35 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.15 23:23:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.15 23:23:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.15 23:23:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.15 23:23:35 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.15 23:23:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.15 23:23:35 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.15 23:23:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.15 23:23:35 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.15 23:23:35 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.15 23:23:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.15 23:23:35 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.15 23:23:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.15 23:23:35 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.15 23:23:35 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.15 23:23:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.15 23:23:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.15 23:23:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.15 23:23:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.15 23:23:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.15 23:23:35 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.15 23:23:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.15 23:23:35 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.15 23:23:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.15 23:23:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.15 23:23:35 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.15 22:52:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.15 22:51:23 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.15 22:51:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.15 22:51:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.15 22:51:15 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.15 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.27 12:55:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 12:54:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 12:54:56 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 12:54:56 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 12:54:56 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 12:54:55 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 12:54:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 12:54:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 12:54:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 12:54:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 12:54:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 12:54:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 12:54:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 12:54:54 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 12:54:54 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 12:54:54 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 12:54:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 12:54:54 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 12:54:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 12:54:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 12:54:53 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.27 12:54:53 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 12:54:53 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 12:54:53 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 12:54:53 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.29 12:28:17 | 000,020,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 12:28:17 | 000,020,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 12:28:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.29 12:28:03 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.29 12:28:03 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.29 12:28:03 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.29 12:28:03 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.29 12:22:30 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.03.29 12:21:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.29 12:20:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.29 12:19:53 | 2566,115,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.29 12:18:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000UA.job
[2013.03.28 21:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.27 22:18:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000Core.job
[2013.03.26 15:03:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.24 13:50:49 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.03.24 13:25:08 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.24 10:45:25 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.15 23:23:36 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.15 23:23:36 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.15 23:23:36 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.15 23:23:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.15 23:23:36 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.15 23:23:36 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.15 23:23:36 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.15 23:23:36 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.15 23:23:36 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.15 23:23:36 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.15 23:23:35 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.15 23:23:35 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.15 23:23:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.15 23:23:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.15 23:23:35 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.15 23:23:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.15 23:23:35 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.15 23:23:35 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.15 23:23:35 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.15 23:23:35 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.15 23:23:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.15 23:23:35 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.15 23:23:35 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.15 23:23:35 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.15 23:23:35 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.15 23:23:35 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.15 23:23:35 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.15 23:23:35 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.15 23:23:35 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.15 23:23:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.15 23:23:35 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.15 23:23:35 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.15 23:23:35 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.15 23:23:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.15 23:23:35 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.15 23:23:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.15 23:23:35 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.15 22:51:08 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.15 22:51:08 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.15 22:51:08 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.15 22:51:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.15 22:51:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.15 22:51:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.13 16:38:35 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 16:38:35 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.12 20:45:02 | 286,052,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.08 17:31:28 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2013.03.02 13:29:56 | 000,000,481 | ---- | M] () -- C:\Windows\hbcikrnl.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.26 14:23:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.26 14:23:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.26 14:23:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.26 14:23:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.26 14:23:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.24 13:50:24 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.03.24 13:25:08 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.24 12:39:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.15 23:23:35 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.12.21 19:05:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2012.12.02 15:13:31 | 000,000,230 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.12.02 15:10:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2012.12.02 15:10:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2012.12.02 15:10:34 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2012.12.02 15:10:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2012.12.02 15:10:34 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2012.12.02 15:10:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2012.12.02 15:10:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2012.12.02 15:10:34 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2012.12.02 15:10:34 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2012.12.02 15:10:34 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2012.12.02 15:10:34 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2012.12.02 15:10:34 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2012.12.02 15:10:33 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2012.12.02 15:10:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2012.12.02 15:10:33 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2012.12.02 15:10:33 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2012.12.02 15:10:33 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2012.10.02 13:14:56 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.10.01 15:49:29 | 000,000,481 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.10.01 12:17:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\hpspmins.dll
[2012.09.30 20:04:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\RUNINST.DLL
[2012.09.30 20:04:11 | 000,004,880 | ---- | C] () -- C:\Windows\System32\EPHPW.DRV
[2012.09.30 18:50:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2012.09.29 12:47:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.29 12:47:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.09.29 15:31:36 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 29.03.2013 12:24:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellen\Desktop\Virus
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 60,75% Memory free
6,37 Gb Paging File | 4,99 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 337,01 Gb Free Space | 72,37% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 14,36 Gb Free Space | 6,17% Space Free | Partition Type: NTFS
 
Computer Name: ELLEN-AMD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D0AED2-35AD-478D-8D2B-61CCEBEFE38B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0A8EF3C2-E677-49D2-95FA-6EFC8D0BECEF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{228CCC61-1627-46A1-A6E6-4E3E04ED3489}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{25E257DA-99E4-45C4-A234-48F3F8AFE0F2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3D5A3DE3-CD88-4F33-8D89-5E7A8DBA4403}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4959B1B7-3283-4ACF-A0E2-9E6B1A6B54A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4CC1B5D3-5ADD-4D30-A1A9-3908FDDFF966}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{50F6616E-CF86-47B0-AD26-299FDC3678B8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5A33CEE8-6227-4195-AD72-8DE0EF6BA4F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6B964701-834A-4803-97BD-976A25D6B76B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6D57487B-57AB-41D1-AB6E-63FCFE1C4E05}" = lport=139 | protocol=6 | dir=in | app=system | 
"{743901F5-CE51-458E-834E-CAAD8052E2E9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{773F26B1-4DB9-4ADC-B3EF-8861425DF5A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8E4B4F38-4D2F-4D74-A493-568320962B7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{926323D3-3ECE-4D17-A4B9-31C2E5629D2A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C73C219-9476-40D6-9F67-511AA64E19C6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{9D32399D-06BC-43CA-8DE9-13248D0C0999}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B4D72427-2582-415C-AE58-388A3DC5C1A7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D1A64555-9B3A-486D-BD7D-F1FC51E29DDA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DCBF9F61-7FBF-4818-8A8B-68EE2171410F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DDC1F5B2-F139-48E7-9A13-DA035227E1E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC2B86C2-6E6F-48D2-8BD2-57B742DE55A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F38E7450-5221-47A6-B955-AE7BA0504B40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F71F1205-48C9-45E8-A520-4C69D6D61FA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017CD676-0C65-48B7-BFED-8A3E2137DDE4}" = dir=in | app=c:\program files\airport\apagent.exe | 
"{05BFCA4B-DF4A-47FE-921A-311846D97D7C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{06072062-1D8E-4CB0-959D-7D66EEA98C5D}" = protocol=6 | dir=out | app=system | 
"{0EBDF159-1748-4089-9ED0-148DAAAB6958}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{14437A5C-EB2E-4537-825A-A76D8A21A03B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{237AA82E-28E7-4EC9-B7F7-6789A5CDC977}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{36FF2AE6-5EED-4EE0-91B7-5A9BC46C6EF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37D40E1F-195F-41FE-9E86-44E686BCAF68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3DF59C87-3113-401E-ABAF-B674FF799FD9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{3EA189E3-4FEE-4CD6-A9CA-7F99B0D5AA3B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{47B4ACDC-2A61-4405-8F70-1AB3251B78A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{4886D625-DF48-4F2B-AC7F-705A5950AFF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B43DC0D-D9C1-4A86-A022-472B3D8C26BD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{4D9C93AA-E9E1-47FD-BCEB-D5FD4F2EE42A}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{51FCC860-3D8F-4AA3-858F-F90D8660B788}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{56186139-DA33-44BA-AEDC-C6BD22A721A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{593D8D4A-6FDC-4DE4-B54A-7A721647DC77}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{6438EA6F-D30E-41F5-BE0E-9F2E2EC35F29}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{7B029F99-6E38-46D3-ABB0-56B6E0A6BC2F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{7F19C47B-FD32-4E59-ABC1-12094D62607F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | 
"{7F4A900E-BB0B-4F70-8027-37AD88387E73}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{83E31B57-853A-4334-8DA3-E149EBD8F86E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9342D84C-4ED5-4257-A95A-20BD1927B0F2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{93439B07-045A-4981-B53C-538D7FA7649C}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe | 
"{9F3DC7F6-32B7-427E-9E31-B7FE02181900}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A24C0867-60F7-4C20-84EE-9ACF7A5D5DCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A37E3B1C-F5F1-4F0B-915D-21E33CA5BFDC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A77B23E8-8CC1-48BF-912B-5C7BF98ACA14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE899962-7F09-4C1C-BBD3-B30A24DD27AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B1943830-727E-49B2-A46E-5F33936B6BFF}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{B36ADA78-CBDD-4B5F-9B6C-1E960BDC8F34}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{B532C96F-89A6-4499-9501-E8CB207F5293}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{B74FFF91-25C3-400D-8B10-C70B4602EA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBF3B35C-85DC-4D77-BEBA-A68C9F8D30E5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D28B2603-DAAB-43C5-9B8C-436F491B95AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D77BC125-9D83-4F17-866E-C67BB9583707}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D89CF448-72F6-40BB-985C-DA754716FF78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D910CDD4-18B2-42E8-9D68-A5EA1E67B63F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD106C3B-D8BA-454E-AD67-181D355D89EF}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe | 
"{E5787DD6-4F01-42ED-B62B-76255931A60C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | 
"{EEB52738-BC83-42BA-8359-C77CED6F4CD4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F8343C21-0F3F-432E-8FDA-838CD44A28B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{5C395A1B-2B9B-4711-9F3D-74F9912AAC22}C:\program files\teamviewer\version8\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"TCP Query User{7A9E15F8-7F4A-4BBC-A829-54F561A40D1E}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{E6EA7137-64DD-4E4E-90DC-819E11EC25B3}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe | 
"UDP Query User{A8543EA1-9CA6-487D-8EC0-0A2F145CF6AF}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B5830D50-0046-4295-9438-3AFD3C5139AF}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe | 
"UDP Query User{CE8CB537-7999-4244-93C4-BE749F8D5164}C:\program files\teamviewer\version8\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3892619F-4A89-4424-8E46-281C9D765951}" = Herrnhuter Losungen
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F6F60C-D23E-4CF7-8D23-AE401005EB88}" = StarMoney 8.0 S-Edition
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audio 180%" = Audio 180%
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DeskUpdate_is1" = DeskUpdate
"eBay SmartSeller" = SmartStore eBay SmartSeller
"ElsterFormular" = ElsterFormular
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"HP Standard Port Monitor for Windows NT" = HP Standard Port Monitor for Windows NT
"ifolor-Designer" = ifolor Designer
"Lexmark X1100 Series" = Lexmark X1100 Series
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MapSource" = MapSource
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 8" = TeamViewer 8
"Totalcmd" = Total Commander (Remove or Repair)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 29.03.2013 07:20:04 | Computer Name = Ellen-AMD | Source = SCardSvr | ID = 602
Description = 
 
Error - 29.03.2013 07:20:30 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 StarMoney 8.0 OnlineUpdate erreicht.
 
Error - 29.03.2013 07:23:08 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.03.2013 07:23:08 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

Hoffe das der Virus jetzt weg ist.

Danke für die weitere Hilfe.

cosinus · 30.03.2013, 01:19

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

24.03.2013, 15:33	#2
ryder /// TB-Ausbilder	Im Firefox werden einige Seiten umgeleitet auf adf.ly ---------- __________________ __________________ Geändert von ryder (24.03.2013 um 15:36 Uhr) Grund: mach du :)

25.03.2013, 15:27	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Im Firefox werden einige Seiten umgeleitet auf adf.ly Dann poste bitte eine komplette Liste der Dateien die umbenannt wurde ( Endung .VIRUS angehängt) __________________ Logfiles bitte immer in CODE-Tags posten

Im Firefox werden einige Seiten umgeleitet auf adf.ly

Log-Analyse und Auswertung: Im Firefox werden einige Seiten umgeleitet auf adf.ly