Mein Pc ist langsam und zeigt mir Ordnerinhalte nicht an!

AnnaPlease · 14.10.2013, 13:36

Hey Leute,
ich brauche mal eure Hilfe. Seit nicht allzu langer Zeit braucht mein Pc (Win 7, 32Bit) ewig um irgendetwas zu öffnen. Sei es auch nur einen Ordner mit Bildern, es kommt auch vor, dass er es gar nicht bis zum Ende schafft sondern sich aufhängt (sehr häufig!) und nur oben in der Leiste der grüne Balken geladen wird. Ich habe vorhin mal Malwarebytes drüberlaufen lassen. Dort hat er 44 infizierte Objekte gefunden. Habe die alle beseitigen lassen und danach auch so noch in der Systemsteuerung Programme gelöscht, die ich nicht benötige und jetzt noch einmal Malwarebytes drüberlaufen lassen. Es wurde nichts gefunden, hier der Bericht:

________________________________________________
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.13.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Anna :: ANNA [Administrator]

14.10.2013 03:17:21
mbam-log-2013-10-14 (03-17-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 579064
Laufzeit: 5 Stunde(n), 8 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
________________________________________________

Jedoch habe ich nach wie vor die Schwierigkeiten, dass er manchmal die Ordner nicht öffnet oder mir bei der Systemsteuerung nur eine leere Seite anzeigt. Gestern bekam ich auch, nachdem ich explorer.exe über den Taskmanager neu gestartet hatte, den Fehler, dass der Remoteprozeduraufruf fehlgeschlagen sei. Erst nach einem kompletten Neustart des Computers war der Fehler weg.

Hilfe wäre super!

schrauber · 14.10.2013, 18:03

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

AnnaPlease · 15.10.2013, 01:19

Lieben Dank für die Hilfe!
Habe ich jetzt gemacht.

FRSt.txt :

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Anna (administrator) on ANNA on 15-10-2013 02:10:15
Running from C:\Users\Anna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-28] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
MountPoints2: {48b80ca4-00e2-11e3-bc01-001f1631c5dd} - G:\LGAutoRun.exe
MountPoints2: {e7176cc9-ae95-11e2-9866-001f1631c5dd} - I:\LaunchU3.exe -a
HKU\Default\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {34C0E483-E8EC-4360-9ACC-8AD1F3EBDDAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {34C0E483-E8EC-4360-9ACC-8AD1F3EBDDAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Anna\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default
FF user.js: detected! => C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\user.js
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\searchplugins\icq.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\ich@maltegoetz.de
FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF Extension: EPUBReader - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: ReminderFox - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\extensions\sparpilot@sparpilot.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.giga.de/!22/"
CHR Plugin: (Shockwave Flash) - C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (DoNotTrackMe) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [318976 2013-05-03] ()
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Anna\AppData\Local\Temp\catchme.sys [x]
S3 uxddrv; \??\F:\uxddrv86.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 02:10 - 2013-10-15 02:10 - 00000000 ____D C:\FRST
2013-10-15 02:08 - 2013-10-15 02:09 - 01087213 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2013-10-14 03:44 - 2013-10-14 03:44 - 00000000 ____D C:\Users\Anna\Documents\GTA San Andreas User Files
2013-10-14 03:36 - 2013-10-14 03:36 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-14 01:40 - 2013-10-14 01:40 - 00000000 ____D C:\Users\Anna\Documents\Meine Corel-Shows
2013-10-14 01:20 - 2013-10-14 01:20 - 00000000 ____D C:\Users\Anna\AppData\Local\Seven Zip
2013-10-13 14:30 - 2013-10-13 14:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job
2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (6)
2013-10-08 18:22 - 2013-10-08 18:22 - 00000000 ____D C:\Users\Anna\lena
2013-10-05 16:24 - 2013-09-09 17:24 - 00011901 _____ C:\Users\Anna\Desktop\Lebeslauf.odt
2013-10-05 16:24 - 2013-09-03 21:28 - 00022808 _____ C:\Users\Anna\Desktop\Handout steve jobs.odt
2013-10-05 15:49 - 2013-10-05 18:21 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (5)
2013-10-02 15:39 - 2013-10-02 15:41 - 02886636 _____ C:\Users\Anna\Desktop\Frisky - long delay long feedback Unison.wav
2013-10-02 15:39 - 2013-10-02 15:40 - 01283000 _____ C:\Users\Anna\Desktop\Feeling Frisky 1 - short delay.wav
2013-10-02 15:37 - 2013-10-02 15:37 - 00228496 _____ C:\Users\Anna\Desktop\feelinfrisky_2.wav
2013-10-02 15:37 - 2013-10-02 15:37 - 00196240 _____ C:\Users\Anna\Desktop\feelinfrisky_1.wav
2013-09-29 23:09 - 2013-09-29 23:09 - 00000437 _____ C:\Users\Anna\Downloads\3Chinesen_Zürich.MID
2013-09-29 23:08 - 2013-09-29 23:08 - 00000425 _____ C:\Users\Anna\Downloads\3Chinesen.MID
2013-09-21 17:09 - 2013-10-05 15:53 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (4)

==================== One Month Modified Files and Folders =======

2013-10-15 02:10 - 2013-10-15 02:10 - 00000000 ____D C:\FRST
2013-10-15 02:09 - 2013-10-15 02:08 - 01087213 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2013-10-15 02:05 - 2011-11-20 14:18 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 02:02 - 2011-10-24 11:20 - 01485450 _____ C:\Windows\WindowsUpdate.log
2013-10-15 01:53 - 2011-10-28 13:21 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Skype
2013-10-15 01:51 - 2012-09-16 01:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 01:30 - 2011-11-28 20:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001UA.job
2013-10-14 03:44 - 2013-10-14 03:44 - 00000000 ____D C:\Users\Anna\Documents\GTA San Andreas User Files
2013-10-14 03:43 - 2012-10-11 20:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-14 03:36 - 2013-10-14 03:36 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-14 03:36 - 2009-11-06 08:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-14 03:35 - 2009-11-06 09:09 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-14 03:18 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-14 03:18 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-14 03:05 - 2011-11-20 14:18 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-14 03:04 - 2012-04-26 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-14 03:04 - 2011-10-28 13:52 - 00000000 ____D C:\Users\Anna\AppData\Local\Mozilla
2013-10-14 03:04 - 2011-10-28 13:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 02:54 - 2012-05-10 23:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-14 02:54 - 2011-10-28 13:22 - 00148856 _____ C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-14 02:54 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2013-10-14 02:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 02:52 - 2009-07-14 06:39 - 00059426 _____ C:\Windows\setupact.log
2013-10-14 02:52 - 2009-07-14 06:33 - 00550496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 02:51 - 2009-11-06 10:02 - 00036560 _____ C:\Windows\PFRO.log
2013-10-14 02:23 - 2009-11-12 19:14 - 00000000 ____D C:\Program Files\ALDI Foto Service
2013-10-14 02:21 - 2012-06-03 21:03 - 00000000 ____D C:\Program Files\ICQ Self Remover
2013-10-14 02:21 - 2011-11-20 23:41 - 00000000 ____D C:\Program Files\ICQ Status Checker
2013-10-14 02:20 - 2013-04-09 14:23 - 00000000 ____D C:\Program Files\ICQ-Banner-Remover
2013-10-14 02:20 - 2011-11-22 01:14 - 00000000 ____D C:\Program Files\ICQ Ignore Checker
2013-10-14 02:20 - 2011-11-20 23:48 - 00000000 ____D C:\Program Files\ICQ Contact Revealer
2013-10-14 02:20 - 2011-11-20 23:39 - 00000000 ____D C:\Program Files\ICQ Away Reader
2013-10-14 02:19 - 2011-12-30 21:05 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Solveig Multimedia
2013-10-14 02:19 - 2011-12-06 20:59 - 00000000 ____D C:\Program Files\HyperCam 3
2013-10-14 02:16 - 2012-09-20 21:48 - 00000000 ____D C:\Users\Anna\.freemind
2013-10-14 02:12 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna\AppData\Local\VirtualStore
2013-10-14 01:45 - 2012-06-16 00:43 - 00000000 ____D C:\Program Files\SYBEX
2013-10-14 01:44 - 2011-11-20 23:38 - 00000000 ____D C:\Users\Anna\AppData\Roaming\DesktopIconForAmazon
2013-10-14 01:43 - 2009-11-06 09:27 - 00000000 ____D C:\Program Files\Common Files\Corel
2013-10-14 01:42 - 2013-04-21 15:38 - 00000000 ____D C:\Users\Anna\AppData\Local\Corel
2013-10-14 01:41 - 2013-04-21 15:38 - 00002828 ___SH C:\Windows\system32\KGyGaAvL.sys
2013-10-14 01:41 - 2013-04-21 15:38 - 00000088 __RSH C:\Windows\system32\528F720A38.sys
2013-10-14 01:40 - 2013-10-14 01:40 - 00000000 ____D C:\Users\Anna\Documents\Meine Corel-Shows
2013-10-14 01:28 - 2013-05-08 00:58 - 00000000 ____D C:\Program Files\Avid
2013-10-14 01:26 - 2009-11-12 19:16 - 00000000 ____D C:\Program Files\Aldi Nord Fotoservice
2013-10-14 01:25 - 2009-11-12 19:14 - 00000000 ____D C:\ProgramData\MAGIX
2013-10-14 01:20 - 2013-10-14 01:20 - 00000000 ____D C:\Users\Anna\AppData\Local\Seven Zip
2013-10-14 01:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
2013-10-14 01:12 - 2013-02-14 22:21 - 00000000 ____D C:\ProgramData\Iminent
2013-10-13 14:30 - 2013-10-13 14:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job
2013-10-12 20:54 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna
2013-10-12 03:32 - 2013-01-29 15:45 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Spotify
2013-10-12 00:08 - 2011-11-05 14:34 - 00000000 ____D C:\Users\Anna\AppData\Roaming\ICQ
2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (6)
2013-10-11 18:46 - 2009-11-06 05:43 - 00253468 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-08 18:22 - 2013-10-08 18:22 - 00000000 ____D C:\Users\Anna\lena
2013-10-08 04:08 - 2013-01-29 15:45 - 00000000 ____D C:\Users\Anna\AppData\Local\Spotify
2013-10-08 01:50 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Anna\Documents\Youcam
2013-10-05 18:21 - 2013-10-05 15:49 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (5)
2013-10-05 15:53 - 2013-09-21 17:09 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (4)
2013-10-02 15:41 - 2013-10-02 15:39 - 02886636 _____ C:\Users\Anna\Desktop\Frisky - long delay long feedback Unison.wav
2013-10-02 15:40 - 2013-10-02 15:39 - 01283000 _____ C:\Users\Anna\Desktop\Feeling Frisky 1 - short delay.wav
2013-10-02 15:37 - 2013-10-02 15:37 - 00228496 _____ C:\Users\Anna\Desktop\feelinfrisky_2.wav
2013-10-02 15:37 - 2013-10-02 15:37 - 00196240 _____ C:\Users\Anna\Desktop\feelinfrisky_1.wav
2013-09-29 23:09 - 2013-09-29 23:09 - 00000437 _____ C:\Users\Anna\Downloads\3Chinesen_Zürich.MID
2013-09-29 23:08 - 2013-09-29 23:08 - 00000425 _____ C:\Users\Anna\Downloads\3Chinesen.MID
2013-09-28 23:44 - 2011-10-28 13:52 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Mozilla

ZeroAccess:
C:\Users\Anna\AppData\Local\c439d3af
C:\Users\Anna\AppData\Local\c439d3af\@
C:\Users\Anna\AppData\Local\c439d3af\U\80000000.@

Files to move or delete:
====================
C:\Users\Anna\ComboFix.exe
C:\Users\Anna\CS2_RetNon_Ger_1.exe
C:\Users\Anna\CS2_RetNon_Ger_2.exe
C:\Users\Anna\CS2_RetNon_Ger_3.exe
C:\Users\Anna\CS_2.0_GR_Extras_1.exe
C:\Users\Anna\gvim73_46.exe


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\bitool.dll
C:\Users\Anna\AppData\Local\Temp\catchme.dll
C:\Users\Anna\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Anna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Anna\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Anna\AppData\Local\Temp\i4jdel0.exe
C:\Users\Anna\AppData\Local\Temp\icqsetup.exe
C:\Users\Anna\AppData\Local\Temp\IminentSetup_1.0Hnjl76.10.exe
C:\Users\Anna\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Anna\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Anna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Anna\AppData\Local\Temp\mirc725.exe
C:\Users\Anna\AppData\Local\Temp\msg4002.exe
C:\Users\Anna\AppData\Local\Temp\pyl2905.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pyl42B1.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pylDDB3.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pylE6A9.tmp.exe
C:\Users\Anna\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Anna\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Anna\AppData\Local\Temp\tmp97CE.tmp.exe
C:\Users\Anna\AppData\Local\Temp\TubeBox_Setup.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\uninstaller.exe
C:\Users\Anna\AppData\Local\Temp\unwise.exe
C:\Users\Anna\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Anna\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-12 13:53

==================== End Of Log ============================

--- --- ---

Addition.txt :

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Anna at 2013-10-15 02:12:55
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
3D Pinball from Plus! for Windows 95
7-Zip 9.20
ActivePerl 5.12.2 Build 1203 (Version: 5.12.1203)
Adobe AIR (Version: 1.1.0.5790)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.5) - Deutsch (Version: 10.1.5)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe Version Cue CS2 (Version: 2.0)
ALDI Nord Online Druck Service (Version: 4.5.1.0)
Amazon Kindle
Audacity 1.3.13 (Unicode)
BlockOut 2.4
BRAINYOO 2.0 (Version: 2.0)
capella 7 (Version: 7.1.5)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack für 2007 Office System (Version: 12.0.6425.1000)
Complitly
CorelDRAW Essential Edition 3
CorelDRAW Essential Edition 3 (Version: 3.0)
CrystalDiskInfo 5.6.2 (Version: 5.6.2)
CyberLink LabelPrint (Version: 2.5.2130)
CyberLink MediaShow (Version: 4.1.3121)
CyberLink PhotoNow (Version: 1.1.6904)
CyberLink Power2Go (Version: 6.1.3213)
CyberLink PowerDirector (Version: 8.0.2231)
CyberLink PowerDVD 9 (Version: 9.0.2010)
CyberLink PowerDVD Copy (Version: 1.0.6720)
CyberLink PowerProducer (Version: 5.0.2.2130)
CyberLink YouCam (Version: 3.0.2219)
DAEMON Tools Lite (Version: 4.46.1.0328)
DE (Version: 3.0)
DivX-Setup (Version: 2.6.1.3)
Erlang OTP R11B (5.5.4)
Erlang OTP R11B (5.5.5)
Erlang OTP R15B02 (5.9.2)
EuroGrand Casino
EVEREST Ultimate Edition v5.50 (Version: 5.50)
FFmpeg for Audacity on Windows
Finale 2009 Demo (Version: 14.2.r3.0)
Finale NotePad 2012 (Version: 2012..r1.1)
Finger Sensing Pad Driver (Version: 8.5.4.0)
Firebird SQL Server - MAGIX Edition (Version: 2.1.31.0)
FreeMind (Version: 0.9.0)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (HKCU Version: 30.0.1599.69)
Google Earth Plug-in (Version: 7.1.1.1888)
Google SketchUp 8 (Version: 3.0.14358)
Google Talk (remove only)
Google Talk Plugin (Version: 4.7.0.15362)
Google Update Helper (Version: 1.3.21.165)
Grand Theft Auto San Andreas (Version: 1.00.00001)
Gtk+ Development Environment for Windows 2.8.18-rc1 (Version: 2.8.18-rc1)
ICQ7.6 (Version: 7.6)
IDT Audio (Version: 1.0.6208.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 45 (Version: 6.0.450)
JMicron Flash Media Controller Driver (Version: 1.0.32.1)
Junk Mail filter update (Version: 14.0.8089.726)
LAME v3.99.3 (for Windows)
LG United Mobile Drivers (Version: 3.8.1)
MAGIX Music Maker 17 (Demosongs) (Version: 1.0.0.0)
MAGIX Music Maker 17 (Instrumenten-Paket 1) (Version: 1.0.0.0)
MAGIX Music Maker 17 (Instrumenten-Paket 2) (Version: 1.0.0.0)
MAGIX Music Maker 17 (Soundpaket) (Version: 1.0.0.0)
MAGIX Music Maker 17 (Synthesizer und Effekte) (Version: 1.0.0.0)
MAGIX Music Maker 17 (Version: 17.0.2.30)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Medion Home Cinema (Version: 6.0.0000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mindjet MindManager 2012 (Version: 10.1.459)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
No23 Recorder (Version: 2.1.0.3)
Notepad++ (Version: 6.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PDF-XChange 3
Pidgin (Version: 2.10.3)
Piraten
POV-Ray for Windows v3.62 (Version: 3.62)
RailsInstaller 2.1.0 (HKCU Version: 2.1.0)
REALTEK Wireless LAN Driver (Version: 1.00.0130)
Ruby-GNOME2 0.16.0-1 (Version: 0.16.0-1)
ShareMouse v1.0.91 (Version: 1.0.91)
Sibelius 7 First 7.1.3.78 (Version: 7.1.3.78)
Sibelius 7 OpenType Fonts (Version: 7.1.3)
Skype™ 6.6 (Version: 6.6.106)
Spotify (HKCU Version: 0.9.4.178.g259772ba)
Suite Specific (Version: 2.0.0)
Synergy (Version: 1.4.12)
Ubuntu (Version: 12.04-rev272)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update Manager (Version: 4.60)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vim 7.3 (self-installing)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinMathematik Aufgabensammlung Oberstufe
WinMathematik Formelsammlung 1.0
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
X10 Hardware(TM)

==================== Restore Points  =========================

14-08-2013 00:51:43 Geplanter Prüfpunkt
22-08-2013 23:52:30 Geplanter Prüfpunkt
26-08-2013 20:05:56 Installed LG United Mobile Drivers.
03-09-2013 01:45:22 Geplanter Prüfpunkt
13-10-2013 23:27:44 Removed Avid License Control.
13-10-2013 23:41:35 Removed Corel MediaOne.
13-10-2013 23:44:26 Removed PC-Fahrschule 2009
14-10-2013 00:21:51 Removed LogMeIn Hamachi
14-10-2013 00:23:54 Removed NaturalReaderFree.
14-10-2013 00:35:46 Removed NaturalReaderFree.
14-10-2013 00:36:38 Removed SimplyGoodPictures
14-10-2013 00:38:56 Removed TouchFreeze
14-10-2013 01:36:11 Installiert Grand Theft Auto San Andreas

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3B78FAAC-2138-40AE-842B-C951E4DB3861} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-20] (Google Inc.)
Task: {53B09C35-CF37-428D-85F8-107FD89F8871} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {9BF3EDFF-04A3-4E46-B4F0-C1D538B85E54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001UA => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28] (Google Inc.)
Task: {C8A46520-0AD8-456B-82E5-92F9CF6300DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001UA.job => C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-11-12 18:20 - 2009-11-12 14:50 - 00053248 _____ () C:\Program Files\FSP\KbdHook.dll
2009-11-12 18:20 - 2009-11-12 14:50 - 00073728 _____ () C:\Program Files\FSP\FspLib.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-03 23:51 - 2013-10-03 08:02 - 00698832 _____ () C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-03 23:51 - 2013-10-03 08:02 - 00099792 _____ () C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-03 23:51 - 2013-10-03 08:03 - 04055504 _____ () C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-03 23:51 - 2013-10-03 08:03 - 00415184 _____ () C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-03 23:51 - 2013-10-03 08:02 - 01604560 _____ () C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2013 03:44:47 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x42f34ed4
Name des fehlerhaften Moduls: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x42f34ed4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000dda93
ID des fehlerhaften Prozesses: 0x14b8
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (10/14/2013 03:36:10 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dc48308f-84f4-4f65-ba73-c88601751fb6}

Error: (10/14/2013 02:35:12 AM) (Source: MsiInstaller) (User: ANNA)
Description: Product: NaturalReaderFree -- Error 1730.You must be an Administrator to remove this application. To remove this application, you can log on as an administrator, or contact your technical support group for assistance.

Error: (10/12/2013 01:54:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/11/2013 06:46:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/11/2013 06:46:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/11/2013 06:46:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/05/2013 08:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/05/2013 08:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/05/2013 08:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (10/14/2013 02:50:54 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/14/2013 01:18:58 AM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}

Error: (10/14/2013 01:14:49 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2013 02:26:56 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎13.‎10.‎2013 um 13:55:27 unerwartet heruntergefahren.

Error: (10/12/2013 01:29:25 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎12.‎10.‎2013 um 03:31:35 unerwartet heruntergefahren.

Error: (10/11/2013 00:02:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (10/10/2013 10:28:53 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (10/10/2013 08:33:20 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (10/08/2013 05:18:04 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (10/07/2013 09:12:22 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎10.‎2013 um 01:35:45 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 3004.87 MB
Available physical RAM: 1164.39 MB
Total Pagefile: 6008.02 MB
Available Pagefile: 3783.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.09 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:332.17 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:29.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 045C7B15)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Liebe Grüße,
Anna

schrauber · 15.10.2013, 09:55

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

AnnaPlease · 16.10.2013, 11:39

Ich bin genau nach deiner Anleitung vorgegangen, jedoch kam ich bei Combofix immer nur bis zum Scan, wo steht, dass es meist nicht länger als 10min dauert, sich die Zeit aber bei stark infizierten Rechnern auch leicht verdoppeln kann. Combofix hörte nicht mehr auf zu laufen. Das eine Mal lief es 10 Stunden, danach habe ich es abgebrochen und erneut gestartet und dann lief es noch einmal 5 Stunden, jedoch auch nur bis zu dieser Stelle.
Was soll ich nun tun?

Nur so als kleines Beispiel, so sieht es aus, wenn ich meinen Hauptordner öffne. Er zeigt zwar an, dass er lädt, aber es verändert sich nichts.

Hmm..irgendwie zeigt er das Bild nicht an..hier ist der Link:
https://docs.google.com/file/d/0B2HJT8vokYYtTnBvMlZaazZPbXM/edit?usp=sharing

schrauber · 16.10.2013, 11:43

Combofix löschen und neu laden, auch mal im abgesicherten Modus versuchen.

AnnaPlease · 16.10.2013, 21:38

Habe ich gemacht, hat auch nichts genützt. Lief von 13 bis 22 Uhr..also 9 Stunden, war wieder an dem selben Punkt. Was soll ich nun tun?

schrauber · 17.10.2013, 11:08

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

AnnaPlease · 17.10.2013, 11:55

Okay, vielen Dank. Hier ist die Logfile:

Code:

ATTFilter

12:51:28.0855 4168  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:51:30.0874 4168  ============================================================
12:51:30.0874 4168  Current date / time: 2013/10/17 12:51:30.0874
12:51:30.0874 4168  SystemInfo:
12:51:30.0874 4168  
12:51:30.0874 4168  OS Version: 6.1.7600 ServicePack: 0.0
12:51:30.0874 4168  Product type: Workstation
12:51:30.0874 4168  ComputerName: ANNA
12:51:30.0875 4168  UserName: Anna
12:51:30.0875 4168  Windows directory: C:\Windows
12:51:30.0875 4168  System windows directory: C:\Windows
12:51:30.0875 4168  Processor architecture: Intel x86
12:51:30.0875 4168  Number of processors: 2
12:51:30.0875 4168  Page size: 0x1000
12:51:30.0875 4168  Boot type: Normal boot
12:51:30.0875 4168  ============================================================
12:51:31.0783 4168  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:51:31.0786 4168  ============================================================
12:51:31.0786 4168  \Device\Harddisk0\DR0:
12:51:31.0787 4168  MBR partitions:
12:51:31.0787 4168  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:51:31.0787 4168  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
12:51:31.0787 4168  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
12:51:31.0787 4168  ============================================================
12:51:31.0820 4168  C: <-> \Device\Harddisk0\DR0\Partition2
12:51:31.0875 4168  D: <-> \Device\Harddisk0\DR0\Partition3
12:51:31.0875 4168  ============================================================
12:51:31.0875 4168  Initialize success
12:51:31.0875 4168  ============================================================
12:51:41.0063 6132  ============================================================
12:51:41.0063 6132  Scan started
12:51:41.0063 6132  Mode: Manual; SigCheck; TDLFS; 
12:51:41.0064 6132  ============================================================
12:51:41.0474 6132  ================ Scan system memory ========================
12:51:41.0474 6132  System memory - ok
12:51:41.0475 6132  ================ Scan services =============================
12:51:41.0652 6132  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:51:41.0785 6132  1394ohci - ok
12:51:41.0830 6132  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
12:51:41.0861 6132  ACPI - ok
12:51:41.0902 6132  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
12:51:41.0974 6132  AcpiPmi - ok
12:51:42.0097 6132  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:51:42.0119 6132  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:51:42.0119 6132  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:51:42.0244 6132  [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
12:51:42.0273 6132  Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
12:51:42.0273 6132  Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
12:51:42.0374 6132  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:51:42.0397 6132  AdobeARMservice - ok
12:51:42.0506 6132  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:51:42.0532 6132  AdobeFlashPlayerUpdateSvc - ok
12:51:42.0602 6132  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:51:42.0641 6132  adp94xx - ok
12:51:42.0701 6132  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:51:42.0733 6132  adpahci - ok
12:51:42.0767 6132  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:51:42.0792 6132  adpu320 - ok
12:51:42.0837 6132  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:51:42.0891 6132  AeLookupSvc - ok
12:51:42.0963 6132  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
12:51:43.0031 6132  AFD - ok
12:51:43.0072 6132  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
12:51:43.0093 6132  agp440 - ok
12:51:43.0139 6132  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:51:43.0161 6132  aic78xx - ok
12:51:43.0201 6132  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:51:43.0256 6132  ALG - ok
12:51:43.0301 6132  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
12:51:43.0321 6132  aliide - ok
12:51:43.0363 6132  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
12:51:43.0388 6132  amdagp - ok
12:51:43.0416 6132  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
12:51:43.0437 6132  amdide - ok
12:51:43.0469 6132  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:51:43.0506 6132  AmdK8 - ok
12:51:43.0542 6132  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:51:43.0585 6132  AmdPPM - ok
12:51:43.0623 6132  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:51:43.0646 6132  amdsata - ok
12:51:43.0678 6132  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:51:43.0704 6132  amdsbs - ok
12:51:43.0745 6132  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:51:43.0765 6132  amdxata - ok
12:51:43.0812 6132  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
12:51:43.0879 6132  AppID - ok
12:51:43.0923 6132  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:51:44.0064 6132  AppIDSvc - ok
12:51:44.0096 6132  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
12:51:44.0150 6132  Appinfo - ok
12:51:44.0208 6132  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:51:44.0230 6132  arc - ok
12:51:44.0252 6132  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:51:44.0274 6132  arcsas - ok
12:51:44.0302 6132  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:51:44.0416 6132  AsyncMac - ok
12:51:44.0457 6132  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
12:51:44.0477 6132  atapi - ok
12:51:44.0510 6132  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:51:45.0071 6132  AudioEndpointBuilder - ok
12:51:45.0084 6132  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:51:45.0365 6132  Audiosrv - ok
12:51:45.0539 6132  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:51:45.0848 6132  AxInstSV - ok
12:51:45.0910 6132  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:51:46.0160 6132  b06bdrv - ok
12:51:46.0202 6132  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:51:46.0248 6132  b57nd60x - ok
12:51:46.0304 6132  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:51:46.0353 6132  BDESVC - ok
12:51:46.0391 6132  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:51:46.0453 6132  Beep - ok
12:51:46.0500 6132  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
12:51:46.0576 6132  BFE - ok
12:51:46.0620 6132  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
12:51:46.0714 6132  BITS - ok
12:51:46.0747 6132  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:51:46.0773 6132  blbdrive - ok
12:51:46.0807 6132  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:51:46.0858 6132  bowser - ok
12:51:46.0884 6132  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:51:46.0919 6132  BrFiltLo - ok
12:51:46.0948 6132  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:51:46.0989 6132  BrFiltUp - ok
12:51:47.0021 6132  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:51:47.0084 6132  BridgeMP - ok
12:51:47.0118 6132  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
12:51:47.0187 6132  Browser - ok
12:51:47.0233 6132  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:51:47.0293 6132  Brserid - ok
12:51:47.0324 6132  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:51:47.0367 6132  BrSerWdm - ok
12:51:47.0397 6132  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:51:47.0433 6132  BrUsbMdm - ok
12:51:47.0458 6132  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:51:47.0499 6132  BrUsbSer - ok
12:51:47.0516 6132  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:51:47.0553 6132  BTHMODEM - ok
12:51:47.0599 6132  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:51:47.0651 6132  bthserv - ok
12:51:47.0784 6132  catchme - ok
12:51:47.0923 6132  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:51:48.0027 6132  cdfs - ok
12:51:48.0077 6132  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:51:48.0156 6132  cdrom - ok
12:51:48.0194 6132  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:51:48.0246 6132  CertPropSvc - ok
12:51:48.0288 6132  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:51:48.0318 6132  circlass - ok
12:51:48.0337 6132  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:51:48.0365 6132  CLFS - ok
12:51:48.0437 6132  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:51:48.0459 6132  clr_optimization_v2.0.50727_32 - ok
12:51:48.0533 6132  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:51:48.0558 6132  clr_optimization_v4.0.30319_32 - ok
12:51:48.0592 6132  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:51:48.0617 6132  CmBatt - ok
12:51:48.0637 6132  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
12:51:48.0658 6132  cmdide - ok
12:51:48.0682 6132  [ 1B675691ED940766149C93E8F4488D68 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:51:48.0732 6132  CNG - ok
12:51:48.0750 6132  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:51:48.0770 6132  Compbatt - ok
12:51:48.0817 6132  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:51:48.0860 6132  CompositeBus - ok
12:51:48.0944 6132  COMSysApp - ok
12:51:48.0976 6132  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:51:48.0997 6132  crcdisk - ok
12:51:49.0042 6132  [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:51:49.0115 6132  CryptSvc - ok
12:51:49.0155 6132  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:51:49.0233 6132  DcomLaunch - ok
12:51:49.0280 6132  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:51:49.0385 6132  defragsvc - ok
12:51:49.0455 6132  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:51:49.0520 6132  DfsC - ok
12:51:49.0565 6132  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:51:49.0642 6132  Dhcp - ok
12:51:49.0677 6132  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:51:49.0742 6132  discache - ok
12:51:49.0779 6132  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:51:49.0800 6132  Disk - ok
12:51:49.0831 6132  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:51:49.0883 6132  Dnscache - ok
12:51:49.0925 6132  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:51:49.0996 6132  dot3svc - ok
12:51:50.0008 6132  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
12:51:50.0075 6132  DPS - ok
12:51:50.0113 6132  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:51:50.0146 6132  drmkaud - ok
12:51:50.0201 6132  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:51:50.0280 6132  dtsoftbus01 - ok
12:51:50.0322 6132  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:51:50.0374 6132  DXGKrnl - ok
12:51:50.0398 6132  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:51:50.0451 6132  EapHost - ok
12:51:50.0563 6132  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:51:50.0701 6132  ebdrv - ok
12:51:50.0740 6132  [ F42309C4191C506B71DB5D1126D26318 ] EFS             C:\Windows\System32\lsass.exe
12:51:50.0782 6132  EFS - ok
12:51:50.0827 6132  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:51:50.0900 6132  ehRecvr - ok
12:51:50.0934 6132  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:51:50.0985 6132  ehSched - ok
12:51:51.0048 6132  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:51:51.0082 6132  elxstor - ok
12:51:51.0106 6132  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
12:51:51.0148 6132  ErrDev - ok
12:51:51.0206 6132  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:51:51.0269 6132  EventSystem - ok
12:51:51.0293 6132  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:51:51.0357 6132  exfat - ok
12:51:51.0460 6132  Fabs - ok
12:51:51.0490 6132  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:51:51.0554 6132  fastfat - ok
12:51:51.0604 6132  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
12:51:51.0672 6132  Fax - ok
12:51:51.0704 6132  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:51:51.0743 6132  fdc - ok
12:51:51.0777 6132  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:51:51.0843 6132  fdPHost - ok
12:51:51.0867 6132  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:51:51.0936 6132  FDResPub - ok
12:51:51.0973 6132  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:51:51.0994 6132  FileInfo - ok
12:51:52.0009 6132  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:51:52.0061 6132  Filetrace - ok
12:51:52.0174 6132  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:51:52.0309 6132  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:51:52.0309 6132  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
12:51:52.0335 6132  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:51:52.0360 6132  flpydisk - ok
12:51:52.0405 6132  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:51:52.0433 6132  FltMgr - ok
12:51:52.0489 6132  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
12:51:52.0581 6132  FontCache - ok
12:51:52.0643 6132  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:51:52.0659 6132  FontCache3.0.0.0 - ok
12:51:52.0677 6132  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:51:52.0699 6132  FsDepends - ok
12:51:52.0750 6132  [ 1D300E884E4C539239AAF36BC8D0947A ] fspad_wlh32     C:\Windows\system32\DRIVERS\fspad_wlh32.sys
12:51:52.0779 6132  fspad_wlh32 - ok
12:51:52.0810 6132  [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:51:52.0830 6132  Fs_Rec - ok
12:51:52.0871 6132  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:51:52.0900 6132  fvevol - ok
12:51:52.0926 6132  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:51:52.0947 6132  gagp30kx - ok
12:51:52.0995 6132  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
12:51:53.0067 6132  gpsvc - ok
12:51:53.0187 6132  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:51:53.0206 6132  gupdate - ok
12:51:53.0229 6132  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:51:53.0244 6132  gupdatem - ok
12:51:53.0295 6132  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:51:53.0312 6132  hamachi - ok
12:51:53.0340 6132  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:51:53.0385 6132  hcw85cir - ok
12:51:53.0426 6132  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:51:53.0470 6132  HdAudAddService - ok
12:51:53.0508 6132  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:51:53.0554 6132  HDAudBus - ok
12:51:53.0573 6132  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:51:53.0614 6132  HidBatt - ok
12:51:53.0636 6132  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:51:53.0675 6132  HidBth - ok
12:51:53.0716 6132  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:51:53.0755 6132  HidIr - ok
12:51:53.0786 6132  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
12:51:53.0854 6132  hidserv - ok
12:51:53.0886 6132  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:51:53.0925 6132  HidUsb - ok
12:51:53.0957 6132  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:51:54.0019 6132  hkmsvc - ok
12:51:54.0048 6132  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:51:54.0098 6132  HomeGroupListener - ok
12:51:54.0129 6132  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:51:54.0202 6132  HomeGroupProvider - ok
12:51:54.0245 6132  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
12:51:54.0268 6132  HpSAMD - ok
12:51:54.0321 6132  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:51:54.0408 6132  HTTP - ok
12:51:54.0428 6132  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:51:54.0447 6132  hwpolicy - ok
12:51:54.0465 6132  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:51:54.0508 6132  i8042prt - ok
12:51:54.0588 6132  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:51:54.0620 6132  IAANTMON - ok
12:51:54.0665 6132  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:51:54.0685 6132  iaStor - ok
12:51:54.0738 6132  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:51:54.0769 6132  iaStorV - ok
12:51:54.0835 6132  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:51:54.0903 6132  idsvc - ok
12:51:55.0079 6132  [ 36CC40B02AE593D6152AC8BD657720AF ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:51:55.0346 6132  igfx - ok
12:51:55.0397 6132  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:51:55.0419 6132  iirsp - ok
12:51:55.0453 6132  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:51:55.0553 6132  IKEEXT - ok
12:51:55.0614 6132  [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:51:55.0673 6132  IntcHdmiAddService - ok
12:51:55.0709 6132  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
12:51:55.0730 6132  intelide - ok
12:51:55.0754 6132  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:51:55.0791 6132  intelppm - ok
12:51:55.0822 6132  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:51:55.0891 6132  IPBusEnum - ok
12:51:55.0905 6132  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:55.0968 6132  IpFilterDriver - ok
12:51:56.0016 6132  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:51:56.0089 6132  iphlpsvc - ok
12:51:56.0122 6132  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:51:56.0148 6132  IPMIDRV - ok
12:51:56.0174 6132  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:51:56.0241 6132  IPNAT - ok
12:51:56.0271 6132  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:51:56.0301 6132  IRENUM - ok
12:51:56.0325 6132  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
12:51:56.0346 6132  isapnp - ok
12:51:56.0375 6132  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:51:56.0401 6132  iScsiPrt - ok
12:51:56.0457 6132  [ 65DA9FA42C0972FE5B9B7D6047F06F4C ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
12:51:56.0524 6132  JMCR - ok
12:51:56.0568 6132  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:51:56.0589 6132  kbdclass - ok
12:51:56.0622 6132  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:51:56.0650 6132  kbdhid - ok
12:51:56.0660 6132  [ F42309C4191C506B71DB5D1126D26318 ] KeyIso          C:\Windows\system32\lsass.exe
12:51:56.0688 6132  KeyIso - ok
12:51:56.0711 6132  [ E36A061EC11B373826905B21BE10948F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:51:56.0732 6132  KSecDD - ok
12:51:56.0760 6132  [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:51:56.0785 6132  KSecPkg - ok
12:51:56.0819 6132  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:51:56.0893 6132  KtmRm - ok
12:51:56.0929 6132  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:51:56.0973 6132  LanmanServer - ok
12:51:57.0008 6132  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:51:57.0074 6132  LanmanWorkstation - ok
12:51:57.0123 6132  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:51:57.0185 6132  lltdio - ok
12:51:57.0219 6132  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:51:57.0298 6132  lltdsvc - ok
12:51:57.0316 6132  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:51:57.0385 6132  lmhosts - ok
12:51:57.0426 6132  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:51:57.0450 6132  LSI_FC - ok
12:51:57.0473 6132  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:51:57.0497 6132  LSI_SAS - ok
12:51:57.0530 6132  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:51:57.0553 6132  LSI_SAS2 - ok
12:51:57.0569 6132  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:51:57.0593 6132  LSI_SCSI - ok
12:51:57.0616 6132  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:51:57.0680 6132  luafv - ok
12:51:57.0762 6132  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:51:57.0780 6132  MBAMProtector - ok
12:51:57.0864 6132  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:51:57.0890 6132  MBAMScheduler - ok
12:51:57.0941 6132  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:51:57.0986 6132  MBAMService - ok
12:51:58.0017 6132  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:51:58.0045 6132  Mcx2Svc - ok
12:51:58.0074 6132  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:51:58.0095 6132  megasas - ok
12:51:58.0136 6132  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:51:58.0163 6132  MegaSR - ok
12:51:58.0186 6132  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:51:58.0242 6132  MMCSS - ok
12:51:58.0266 6132  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:51:58.0332 6132  Modem - ok
12:51:58.0352 6132  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:51:58.0390 6132  monitor - ok
12:51:58.0418 6132  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:51:58.0439 6132  mouclass - ok
12:51:58.0471 6132  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:51:58.0502 6132  mouhid - ok
12:51:58.0521 6132  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:51:58.0542 6132  mountmgr - ok
12:51:58.0614 6132  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:51:58.0641 6132  MozillaMaintenance - ok
12:51:58.0687 6132  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
12:51:58.0710 6132  mpio - ok
12:51:58.0729 6132  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:51:58.0798 6132  mpsdrv - ok
12:51:58.0846 6132  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:51:58.0937 6132  MpsSvc - ok
12:51:58.0956 6132  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:51:58.0988 6132  MRxDAV - ok
12:51:59.0021 6132  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:59.0074 6132  mrxsmb - ok
12:51:59.0100 6132  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:59.0130 6132  mrxsmb10 - ok
12:51:59.0152 6132  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:59.0179 6132  mrxsmb20 - ok
12:51:59.0211 6132  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
12:51:59.0231 6132  msahci - ok
12:51:59.0253 6132  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
12:51:59.0279 6132  msdsm - ok
12:51:59.0303 6132  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:51:59.0344 6132  MSDTC - ok
12:51:59.0369 6132  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:51:59.0424 6132  Msfs - ok
12:51:59.0444 6132  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:51:59.0507 6132  mshidkmdf - ok
12:51:59.0522 6132  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
12:51:59.0542 6132  msisadrv - ok
12:51:59.0579 6132  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:51:59.0648 6132  MSiSCSI - ok
12:51:59.0655 6132  msiserver - ok
12:51:59.0682 6132  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:51:59.0739 6132  MSKSSRV - ok
12:51:59.0760 6132  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:51:59.0823 6132  MSPCLOCK - ok
12:51:59.0839 6132  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:51:59.0906 6132  MSPQM - ok
12:51:59.0930 6132  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:51:59.0955 6132  MsRPC - ok
12:51:59.0996 6132  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:52:00.0016 6132  mssmbios - ok
12:52:00.0036 6132  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:52:00.0087 6132  MSTEE - ok
12:52:00.0099 6132  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:52:00.0131 6132  MTConfig - ok
12:52:00.0154 6132  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:52:00.0175 6132  Mup - ok
12:52:00.0206 6132  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
12:52:00.0266 6132  napagent - ok
12:52:00.0293 6132  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:52:00.0340 6132  NativeWifiP - ok
12:52:00.0378 6132  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:52:00.0429 6132  NDIS - ok
12:52:00.0466 6132  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:52:00.0529 6132  NdisCap - ok
12:52:00.0556 6132  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:52:00.0615 6132  NdisTapi - ok
12:52:00.0648 6132  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:52:00.0700 6132  Ndisuio - ok
12:52:00.0713 6132  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:52:00.0766 6132  NdisWan - ok
12:52:00.0788 6132  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:52:00.0853 6132  NDProxy - ok
12:52:00.0896 6132  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:52:00.0957 6132  NetBIOS - ok
12:52:00.0988 6132  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:52:01.0042 6132  NetBT - ok
12:52:01.0062 6132  [ F42309C4191C506B71DB5D1126D26318 ] Netlogon        C:\Windows\system32\lsass.exe
12:52:01.0090 6132  Netlogon - ok
12:52:01.0131 6132  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:52:01.0201 6132  Netman - ok
12:52:01.0215 6132  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:52:01.0296 6132  netprofm - ok
12:52:01.0328 6132  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:52:01.0347 6132  NetTcpPortSharing - ok
12:52:01.0392 6132  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:52:01.0413 6132  nfrd960 - ok
12:52:01.0448 6132  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:52:01.0528 6132  NlaSvc - ok
12:52:01.0546 6132  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:52:01.0599 6132  Npfs - ok
12:52:01.0616 6132  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:52:01.0671 6132  nsi - ok
12:52:01.0682 6132  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:52:01.0742 6132  nsiproxy - ok
12:52:01.0804 6132  [ 187002CE05693C306F43C873F821381F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:52:01.0876 6132  Ntfs - ok
12:52:01.0898 6132  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:52:01.0949 6132  Null - ok
12:52:01.0994 6132  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:52:02.0017 6132  nvraid - ok
12:52:02.0040 6132  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:52:02.0064 6132  nvstor - ok
12:52:02.0094 6132  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
12:52:02.0116 6132  nv_agp - ok
12:52:02.0183 6132  [ 6ABC0333409E7AB86BA610BCF5BDDF7B ] NxpCap          C:\Windows\system32\DRIVERS\NxpCap.sys
12:52:02.0267 6132  NxpCap - ok
12:52:02.0344 6132  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:52:02.0375 6132  odserv - ok
12:52:02.0400 6132  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:52:02.0440 6132  ohci1394 - ok
12:52:02.0493 6132  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:52:02.0515 6132  ose - ok
12:52:02.0549 6132  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:52:02.0597 6132  p2pimsvc - ok
12:52:02.0646 6132  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:52:02.0681 6132  p2psvc - ok
12:52:02.0710 6132  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:52:02.0753 6132  Parport - ok
12:52:02.0775 6132  [ FF4218952B51DE44FE910953A3E686B9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:52:02.0798 6132  partmgr - ok
12:52:02.0829 6132  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:52:02.0873 6132  Parvdm - ok
12:52:02.0903 6132  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:52:02.0944 6132  PcaSvc - ok
12:52:02.0959 6132  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
12:52:02.0986 6132  pci - ok
12:52:03.0017 6132  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
12:52:03.0041 6132  pciide - ok
12:52:03.0084 6132  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:52:03.0112 6132  pcmcia - ok
12:52:03.0136 6132  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:52:03.0159 6132  pcw - ok
12:52:03.0192 6132  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:52:03.0327 6132  PEAUTH - ok
12:52:03.0419 6132  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
12:52:03.0550 6132  pla - ok
12:52:03.0582 6132  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:52:03.0634 6132  PlugPlay - ok
12:52:03.0646 6132  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:52:03.0689 6132  PNRPAutoReg - ok
12:52:03.0716 6132  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:52:03.0747 6132  PNRPsvc - ok
12:52:03.0787 6132  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:52:03.0859 6132  PolicyAgent - ok
12:52:03.0893 6132  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
12:52:03.0950 6132  Power - ok
12:52:03.0991 6132  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:52:04.0054 6132  PptpMiniport - ok
12:52:04.0090 6132  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:52:04.0130 6132  Processor - ok
12:52:04.0173 6132  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc         C:\Windows\system32\profsvc.dll
12:52:04.0271 6132  ProfSvc - ok
12:52:04.0287 6132  [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:52:04.0315 6132  ProtectedStorage - ok
12:52:04.0360 6132  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
12:52:04.0383 6132  ProtexisLicensing - ok
12:52:04.0425 6132  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:52:04.0486 6132  Psched - ok
12:52:04.0551 6132  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:52:04.0638 6132  ql2300 - ok
12:52:04.0672 6132  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:52:04.0694 6132  ql40xx - ok
12:52:04.0730 6132  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:52:04.0783 6132  QWAVE - ok
12:52:04.0809 6132  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:52:04.0839 6132  QWAVEdrv - ok
12:52:04.0856 6132  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:52:04.0908 6132  RasAcd - ok
12:52:04.0933 6132  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:52:04.0989 6132  RasAgileVpn - ok
12:52:05.0018 6132  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:52:05.0086 6132  RasAuto - ok
12:52:05.0097 6132  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:52:05.0167 6132  Rasl2tp - ok
12:52:05.0202 6132  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
12:52:05.0275 6132  RasMan - ok
12:52:05.0312 6132  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:52:05.0378 6132  RasPppoe - ok
12:52:05.0407 6132  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:52:05.0465 6132  RasSstp - ok
12:52:05.0513 6132  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:52:05.0568 6132  rdbss - ok
12:52:05.0592 6132  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:52:05.0633 6132  rdpbus - ok
12:52:05.0654 6132  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:52:05.0715 6132  RDPCDD - ok
12:52:05.0744 6132  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:52:05.0794 6132  RDPENCDD - ok
12:52:05.0811 6132  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:52:05.0869 6132  RDPREFMP - ok
12:52:05.0899 6132  [ 801371BA9782282892D00AADB08EE367 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:52:05.0955 6132  RDPWD - ok
12:52:05.0985 6132  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:52:06.0011 6132  rdyboost - ok
12:52:06.0037 6132  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:52:06.0102 6132  RemoteAccess - ok
12:52:06.0128 6132  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:52:06.0192 6132  RemoteRegistry - ok
12:52:06.0278 6132  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
12:52:06.0306 6132  RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:52:06.0307 6132  RichVideo - detected UnsignedFile.Multi.Generic (1)
12:52:06.0350 6132  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:52:06.0406 6132  RpcEptMapper - ok
12:52:06.0430 6132  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:52:06.0465 6132  RpcLocator - ok
12:52:06.0488 6132  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
12:52:06.0549 6132  RpcSs - ok
12:52:06.0591 6132  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:52:06.0649 6132  rspndr - ok
12:52:06.0691 6132  [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
12:52:06.0769 6132  rtl8192se - ok
12:52:06.0785 6132  [ F42309C4191C506B71DB5D1126D26318 ] SamSs           C:\Windows\system32\lsass.exe
12:52:06.0812 6132  SamSs - ok
12:52:06.0841 6132  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
12:52:06.0871 6132  sbp2port - ok
12:52:06.0905 6132  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:52:06.0971 6132  SCardSvr - ok
12:52:06.0994 6132  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:52:07.0065 6132  scfilter - ok
12:52:07.0196 6132  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
12:52:07.0266 6132  Schedule - ok
12:52:07.0320 6132  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:52:07.0372 6132  SCPolicySvc - ok
12:52:07.0408 6132  [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:52:07.0456 6132  sdbus - ok
12:52:07.0490 6132  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:52:07.0557 6132  SDRSVC - ok
12:52:07.0589 6132  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:52:07.0660 6132  secdrv - ok
12:52:07.0708 6132  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:52:07.0773 6132  seclogon - ok
12:52:07.0807 6132  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:52:07.0881 6132  SENS - ok
12:52:07.0896 6132  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:52:07.0968 6132  SensrSvc - ok
12:52:07.0995 6132  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:52:08.0021 6132  Serenum - ok
12:52:08.0052 6132  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:52:08.0097 6132  Serial - ok
12:52:08.0115 6132  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:52:08.0143 6132  sermouse - ok
12:52:08.0180 6132  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
12:52:08.0252 6132  SessionEnv - ok
12:52:08.0277 6132  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:52:08.0312 6132  sffdisk - ok
12:52:08.0342 6132  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:52:08.0388 6132  sffp_mmc - ok
12:52:08.0406 6132  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:52:08.0450 6132  sffp_sd - ok
12:52:08.0473 6132  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:52:08.0514 6132  sfloppy - ok
12:52:08.0543 6132  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:52:08.0615 6132  SharedAccess - ok
12:52:08.0645 6132  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:52:08.0700 6132  ShellHWDetection - ok
12:52:08.0732 6132  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
12:52:08.0757 6132  sisagp - ok
12:52:08.0791 6132  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:52:08.0812 6132  SiSRaid2 - ok
12:52:08.0850 6132  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:52:08.0875 6132  SiSRaid4 - ok
12:52:08.0961 6132  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:52:08.0980 6132  SkypeUpdate - ok
12:52:08.0992 6132  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:52:09.0062 6132  Smb - ok
12:52:09.0109 6132  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:52:09.0150 6132  SNMPTRAP - ok
12:52:09.0164 6132  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:52:09.0200 6132  spldr - ok
12:52:09.0236 6132  [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler         C:\Windows\System32\spoolsv.exe
12:52:09.0335 6132  Spooler - ok
12:52:09.0432 6132  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:52:09.0582 6132  sppsvc - ok
12:52:09.0602 6132  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:52:09.0658 6132  sppuinotify - ok
12:52:09.0686 6132  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:52:09.0738 6132  srv - ok
12:52:09.0767 6132  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:52:09.0811 6132  srv2 - ok
12:52:09.0838 6132  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:52:09.0875 6132  srvnet - ok
12:52:09.0910 6132  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:52:09.0978 6132  SSDPSRV - ok
12:52:10.0002 6132  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:52:10.0070 6132  SstpSvc - ok
12:52:10.0131 6132  [ EBD47669FB312B4944EE7D057F182ADB ] STacSV          c:\program files\idt\wdm\STacSV.exe
12:52:10.0178 6132  STacSV - ok
12:52:10.0194 6132  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:52:10.0218 6132  stexstor - ok
12:52:10.0255 6132  [ 11FD7CFDBC623372552A430064E85D58 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
12:52:10.0309 6132  STHDA - ok
12:52:10.0362 6132  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:52:10.0417 6132  StiSvc - ok
12:52:10.0436 6132  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:52:10.0456 6132  swenum - ok
12:52:10.0477 6132  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:52:10.0536 6132  swprv - ok
12:52:10.0633 6132  [ 5319D65E2F06DB17DE3D9E5311D4C948 ] Synergy         C:\Program Files\Synergy\synergyd.exe
12:52:10.0658 6132  Synergy - ok
12:52:10.0705 6132  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
12:52:10.0792 6132  SysMain - ok
12:52:10.0812 6132  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:52:10.0864 6132  TabletInputService - ok
12:52:10.0885 6132  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:52:10.0943 6132  TapiSrv - ok
12:52:10.0957 6132  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:52:11.0023 6132  TBS - ok
12:52:11.0090 6132  [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:52:11.0174 6132  Tcpip - ok
12:52:11.0231 6132  [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:52:11.0284 6132  TCPIP6 - ok
12:52:11.0324 6132  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:52:11.0385 6132  tcpipreg - ok
12:52:11.0412 6132  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:52:11.0475 6132  TDPIPE - ok
12:52:11.0494 6132  [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:52:11.0552 6132  TDTCP - ok
12:52:11.0577 6132  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:52:11.0646 6132  tdx - ok
12:52:11.0676 6132  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:52:11.0698 6132  TermDD - ok
12:52:11.0753 6132  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
12:52:11.0835 6132  TermService - ok
12:52:11.0855 6132  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:52:11.0889 6132  Themes - ok
12:52:11.0909 6132  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:52:11.0964 6132  THREADORDER - ok
12:52:11.0996 6132  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:52:12.0068 6132  TrkWks - ok
12:52:12.0107 6132  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:52:12.0154 6132  TrustedInstaller - ok
12:52:12.0191 6132  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:52:12.0245 6132  tssecsrv - ok
12:52:12.0283 6132  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:52:12.0341 6132  tunnel - ok
12:52:12.0367 6132  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:52:12.0391 6132  uagp35 - ok
12:52:12.0418 6132  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:52:12.0494 6132  udfs - ok
12:52:12.0534 6132  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:52:12.0580 6132  UI0Detect - ok
12:52:12.0618 6132  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
12:52:12.0639 6132  uliagpkx - ok
12:52:12.0689 6132  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:52:12.0725 6132  umbus - ok
12:52:12.0763 6132  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:52:12.0787 6132  UmPass - ok
12:52:12.0823 6132  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:52:12.0892 6132  upnphost - ok
12:52:12.0916 6132  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:52:12.0969 6132  usbccgp - ok
12:52:13.0016 6132  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:52:13.0059 6132  usbcir - ok
12:52:13.0090 6132  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:52:13.0134 6132  usbehci - ok
12:52:13.0163 6132  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:52:13.0195 6132  usbhub - ok
12:52:13.0216 6132  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:52:13.0240 6132  usbohci - ok
12:52:13.0294 6132  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:52:13.0338 6132  usbprint - ok
12:52:13.0368 6132  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:52:13.0415 6132  usbscan - ok
12:52:13.0439 6132  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:52:13.0492 6132  USBSTOR - ok
12:52:13.0530 6132  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:52:13.0556 6132  usbuhci - ok
12:52:13.0610 6132  [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:52:13.0662 6132  usbvideo - ok
12:52:13.0685 6132  uxddrv - ok
12:52:13.0715 6132  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:52:13.0784 6132  UxSms - ok
12:52:13.0806 6132  [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc        C:\Windows\system32\lsass.exe
12:52:13.0835 6132  VaultSvc - ok
12:52:13.0870 6132  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
12:52:13.0890 6132  vdrvroot - ok
12:52:13.0920 6132  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
12:52:13.0986 6132  vds - ok
12:52:14.0015 6132  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:52:14.0051 6132  vga - ok
12:52:14.0074 6132  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:52:14.0129 6132  VgaSave - ok
12:52:14.0151 6132  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
12:52:14.0175 6132  vhdmp - ok
12:52:14.0214 6132  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
12:52:14.0237 6132  viaagp - ok
12:52:14.0267 6132  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:52:14.0299 6132  ViaC7 - ok
12:52:14.0334 6132  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
12:52:14.0357 6132  viaide - ok
12:52:14.0390 6132  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
12:52:14.0413 6132  volmgr - ok
12:52:14.0437 6132  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:52:14.0471 6132  volmgrx - ok
12:52:14.0502 6132  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
12:52:14.0529 6132  volsnap - ok
12:52:14.0560 6132  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:52:14.0586 6132  vsmraid - ok
12:52:14.0632 6132  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
12:52:14.0710 6132  VSS - ok
12:52:14.0748 6132  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:52:14.0778 6132  vwifibus - ok
12:52:14.0798 6132  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:52:14.0840 6132  vwififlt - ok
12:52:14.0867 6132  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:52:14.0941 6132  W32Time - ok
12:52:14.0961 6132  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:52:14.0989 6132  WacomPen - ok
12:52:15.0032 6132  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:52:15.0082 6132  WANARP - ok
12:52:15.0089 6132  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:52:15.0140 6132  Wanarpv6 - ok
12:52:15.0188 6132  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
12:52:15.0292 6132  wbengine - ok
12:52:15.0332 6132  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:52:15.0386 6132  WbioSrvc - ok
12:52:15.0420 6132  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:52:15.0478 6132  wcncsvc - ok
12:52:15.0502 6132  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:52:15.0555 6132  WcsPlugInService - ok
12:52:15.0572 6132  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:52:15.0593 6132  Wd - ok
12:52:15.0633 6132  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:52:15.0667 6132  Wdf01000 - ok
12:52:15.0691 6132  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:52:15.0734 6132  WdiServiceHost - ok
12:52:15.0740 6132  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:52:15.0788 6132  WdiSystemHost - ok
12:52:15.0818 6132  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
12:52:15.0885 6132  WebClient - ok
12:52:15.0911 6132  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:52:15.0971 6132  Wecsvc - ok
12:52:15.0996 6132  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:52:16.0059 6132  wercplsupport - ok
12:52:16.0091 6132  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:52:16.0147 6132  WerSvc - ok
12:52:16.0178 6132  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:52:16.0229 6132  WfpLwf - ok
12:52:16.0250 6132  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:52:16.0276 6132  WIMMount - ok
12:52:16.0336 6132  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:52:16.0393 6132  WinDefend - ok
12:52:16.0403 6132  WinHttpAutoProxySvc - ok
12:52:16.0458 6132  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:52:16.0509 6132  Winmgmt - ok
12:52:16.0566 6132  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:52:16.0664 6132  WinRM - ok
12:52:16.0728 6132  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:52:16.0756 6132  WinUsb - ok
12:52:16.0803 6132  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:52:16.0872 6132  Wlansvc - ok
12:52:16.0894 6132  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:52:16.0921 6132  WmiAcpi - ok
12:52:16.0953 6132  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:52:16.0989 6132  wmiApSrv - ok
12:52:17.0060 6132  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:52:17.0158 6132  WMPNetworkSvc - ok
12:52:17.0194 6132  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:52:17.0249 6132  WPCSvc - ok
12:52:17.0268 6132  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:52:17.0303 6132  WPDBusEnum - ok
12:52:17.0333 6132  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:52:17.0394 6132  ws2ifsl - ok
12:52:17.0431 6132  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\system32\wscsvc.dll
12:52:17.0475 6132  wscsvc - ok
12:52:17.0482 6132  WSearch - ok
12:52:17.0560 6132  [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:52:17.0708 6132  wuauserv - ok
12:52:17.0738 6132  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:52:17.0807 6132  WudfPf - ok
12:52:17.0853 6132  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:52:17.0907 6132  WUDFRd - ok
12:52:17.0942 6132  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:52:18.0007 6132  wudfsvc - ok
12:52:18.0028 6132  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:52:18.0082 6132  WwanSvc - ok
12:52:18.0126 6132  [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
12:52:18.0141 6132  X10Hid - ok
12:52:18.0198 6132  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
12:52:18.0206 6132  x10nets ( UnsignedFile.Multi.Generic ) - warning
12:52:18.0206 6132  x10nets - detected UnsignedFile.Multi.Generic (1)
12:52:18.0235 6132  [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
12:52:18.0251 6132  XUIF - ok
12:52:18.0299 6132  [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
12:52:18.0350 6132  yukonw7 - ok
12:52:18.0359 6132  ================ Scan global ===============================
12:52:18.0398 6132  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:52:18.0433 6132  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
12:52:18.0452 6132  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
12:52:18.0490 6132  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:52:18.0524 6132  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:52:18.0534 6132  [Global] - ok
12:52:18.0534 6132  ================ Scan MBR ==================================
12:52:18.0544 6132  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
12:52:24.0325 6132  \Device\Harddisk0\DR0 - ok
12:52:24.0326 6132  ================ Scan VBR ==================================
12:52:24.0332 6132  [ C4892213B42BCA4CA8B23812EE1C419A ] \Device\Harddisk0\DR0\Partition1
12:52:24.0334 6132  \Device\Harddisk0\DR0\Partition1 - ok
12:52:24.0372 6132  [ D9C18B7E8118A82B49E3B7041C786E08 ] \Device\Harddisk0\DR0\Partition2
12:52:24.0376 6132  \Device\Harddisk0\DR0\Partition2 - ok
12:52:24.0416 6132  [ 2C34A26F087D632C3243182780474EB0 ] \Device\Harddisk0\DR0\Partition3
12:52:24.0419 6132  \Device\Harddisk0\DR0\Partition3 - ok
12:52:24.0420 6132  ============================================================
12:52:24.0420 6132  Scan finished
12:52:24.0420 6132  ============================================================
12:52:24.0440 2452  Detected object count: 5
12:52:24.0440 2452  Actual detected object count: 5
12:52:56.0795 2452  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:56.0795 2452  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:52:56.0798 2452  Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:56.0798 2452  Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:52:56.0803 2452  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:56.0803 2452  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:52:56.0807 2452  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:56.0807 2452  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:52:56.0810 2452  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:56.0810 2452  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

schrauber · 17.10.2013, 18:36

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

AnnaPlease · 18.10.2013, 15:52

Alles gemacht, hier sind die logs:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.17.07

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Anna :: ANNA [Administrator]

17.10.2013 20:46:51
mbam-log-2013-10-17 (20-46-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | PUP | PUM
Deaktivierte Suchlaufeinstellungen: HeuristiKs/Shuriken | P2P
Durchsuchte Objekte: 578368
Laufzeit: 6 Stunde(n), 31 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Anna\AppData\Local\Temp\OCS\ocs_v5b.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\OCS\ocs_v6b.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\OCS\ocs_v6z.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\OCS\ocs_v7a.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

# AdwCleaner v3.008 - Bericht erstellt am 18/10/2013 um 14:51:36
# Updated 17/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : Anna - ANNA
# Gestartet von : C:\Users\Anna\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\Program Files\Complitly
Ordner Gelöscht : C:\Program Files\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Anna\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Anna\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Complitly
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\00dyodxe.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\user.js
Datei Gelöscht : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GFilterSvc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GFilterSvc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_activeperl(1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_activeperl(1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_activeperl_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_activeperl_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_finale-notepad_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_finale-notepad_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-vimeo-downloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-vimeo-downloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sweet-home-3d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sweet-home-3d_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_wakeuponstandby_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_wakeuponstandby_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16912


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.id", "ac09afa90000000000001c4bd64c3047");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15804");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.014:22:37");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\00dyodxe.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13574 octets] - [18/10/2013 14:37:36]
AdwCleaner[S0].txt - [13518 octets] - [18/10/2013 14:51:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13579 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x86
Ran by Anna on 18.10.2013 at 14:58:07,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3283202508-3548365839-668912326-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\5c1es894.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1360877117065");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent105", "1361018010147");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1360890855173");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1360890855185");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1360890855448");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1360890855194");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1361039851007");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1361012487898");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1361018013438");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1360900753325");
Emptied folder: C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\5c1es894.default\minidumps [43 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Anna\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.10.2013 at 15:01:06,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Anna (administrator) on ANNA on 18-10-2013 16:45:15
Running from C:\Users\Anna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-28] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
MountPoints2: {e7176cc9-ae95-11e2-9866-001f1631c5dd} - I:\LaunchU3.exe -a
HKU\Default\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {34C0E483-E8EC-4360-9ACC-8AD1F3EBDDAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\searchplugins\icq.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\ich@maltegoetz.de
FF Extension: EPUBReader - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: ReminderFox - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.giga.de/!22/"
CHR Plugin: (Shockwave Flash) - C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Anna\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (DoNotTrackMe) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [318976 2013-05-03] ()
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Anna\AppData\Local\Temp\catchme.sys [x]
S3 uxddrv; \??\F:\uxddrv86.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 15:01 - 2013-10-18 15:01 - 00002337 _____ C:\Users\Anna\Desktop\JRT.txt
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 14:57 - 2013-10-18 14:57 - 01033335 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-10-18 14:55 - 2013-10-18 14:55 - 00013660 _____ C:\Users\Anna\Desktop\AdwCleaner[S0].txt
2013-10-18 14:37 - 2013-10-18 14:51 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:36 - 2013-10-18 14:37 - 01050644 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-10-18 00:24 - 2013-10-18 00:27 - 11657784 _____ C:\Users\Anna\Desktop\Opening - Final.wav
2013-10-17 23:04 - 2013-10-17 23:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2013-10-17 22:35 - 2013-10-17 22:38 - 00000000 ____D C:\Program Files\ShareKM
2013-10-17 22:35 - 2013-10-17 22:35 - 00524569 _____ C:\Users\Anna\Desktop\ShareKMSetup-1.0.19.exe
2013-10-17 22:30 - 2013-10-17 22:31 - 02761132 _____ C:\Users\Anna\Desktop\Jingle 3 - Hall & Delay.wav
2013-10-17 15:24 - 2013-10-17 15:25 - 07561784 _____ C:\Users\Anna\Desktop\08 Kleinigkeiten (feat. Lary).m4a
2013-10-17 12:46 - 2013-10-17 12:47 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Anna\Desktop\tdsskiller.exe
2013-10-16 12:57 - 2013-10-16 12:58 - 00000000 ___SD C:\ComboFix
2013-10-16 12:51 - 2013-10-16 12:54 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (7)
2013-10-16 12:48 - 2013-10-16 12:49 - 05133109 ____R (Swearware) C:\Users\Anna\Desktop\ComboFix.exe
2013-10-15 02:10 - 2013-10-15 02:10 - 00000000 ____D C:\FRST
2013-10-15 02:08 - 2013-10-15 02:09 - 01087213 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2013-10-14 03:44 - 2013-10-14 03:44 - 00000000 ____D C:\Users\Anna\Documents\GTA San Andreas User Files
2013-10-14 03:36 - 2013-10-14 03:36 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-14 01:40 - 2013-10-14 01:40 - 00000000 ____D C:\Users\Anna\Documents\Meine Corel-Shows
2013-10-14 01:20 - 2013-10-14 01:20 - 00000000 ____D C:\Users\Anna\AppData\Local\Seven Zip
2013-10-13 14:30 - 2013-10-13 14:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job
2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (6)
2013-10-08 18:22 - 2013-10-08 18:22 - 00000000 ____D C:\Users\Anna\lena
2013-09-29 23:09 - 2013-09-29 23:09 - 00000437 _____ C:\Users\Anna\Downloads\3Chinesen_Zürich.MID
2013-09-29 23:08 - 2013-09-29 23:08 - 00000425 _____ C:\Users\Anna\Downloads\3Chinesen.MID

==================== One Month Modified Files and Folders =======

2013-10-18 16:30 - 2011-11-28 20:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001UA.job
2013-10-18 16:05 - 2011-11-20 14:18 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-18 15:51 - 2012-09-16 01:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 15:01 - 2013-10-18 15:01 - 00002337 _____ C:\Users\Anna\Desktop\JRT.txt
2013-10-18 15:01 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 15:01 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 14:57 - 2013-10-18 14:57 - 01033335 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-10-18 14:55 - 2013-10-18 14:55 - 00013660 _____ C:\Users\Anna\Desktop\AdwCleaner[S0].txt
2013-10-18 14:55 - 2011-10-28 13:21 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Skype
2013-10-18 14:54 - 2011-11-20 14:18 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-18 14:54 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2013-10-18 14:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 14:53 - 2009-07-14 06:39 - 00060706 _____ C:\Windows\setupact.log
2013-10-18 14:52 - 2011-10-24 11:20 - 01411358 _____ C:\Windows\WindowsUpdate.log
2013-10-18 14:51 - 2013-10-18 14:37 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:37 - 2013-10-18 14:36 - 01050644 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-10-18 14:32 - 2009-11-06 10:02 - 00039188 _____ C:\Windows\PFRO.log
2013-10-18 14:30 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Performance
2013-10-18 00:27 - 2013-10-18 00:24 - 11657784 _____ C:\Users\Anna\Desktop\Opening - Final.wav
2013-10-17 23:04 - 2013-10-17 23:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2013-10-17 22:38 - 2013-10-17 22:35 - 00000000 ____D C:\Program Files\ShareKM
2013-10-17 22:35 - 2013-10-17 22:35 - 00524569 _____ C:\Users\Anna\Desktop\ShareKMSetup-1.0.19.exe
2013-10-17 22:31 - 2013-10-17 22:30 - 02761132 _____ C:\Users\Anna\Desktop\Jingle 3 - Hall & Delay.wav
2013-10-17 17:33 - 2009-11-06 05:43 - 00257918 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-17 15:25 - 2013-10-17 15:24 - 07561784 _____ C:\Users\Anna\Desktop\08 Kleinigkeiten (feat. Lary).m4a
2013-10-17 12:47 - 2013-10-17 12:46 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Anna\Desktop\tdsskiller.exe
2013-10-16 12:58 - 2013-10-16 12:57 - 00000000 ___SD C:\ComboFix
2013-10-16 12:54 - 2013-10-16 12:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (7)
2013-10-16 12:49 - 2013-10-16 12:48 - 05133109 ____R (Swearware) C:\Users\Anna\Desktop\ComboFix.exe
2013-10-16 12:48 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna
2013-10-15 02:37 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Anna\Documents\Youcam
2013-10-15 02:10 - 2013-10-15 02:10 - 00000000 ____D C:\FRST
2013-10-15 02:09 - 2013-10-15 02:08 - 01087213 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2013-10-14 03:44 - 2013-10-14 03:44 - 00000000 ____D C:\Users\Anna\Documents\GTA San Andreas User Files
2013-10-14 03:43 - 2012-10-11 20:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-14 03:36 - 2013-10-14 03:36 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-14 03:36 - 2009-11-06 08:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-14 03:35 - 2009-11-06 09:09 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-14 03:04 - 2012-04-26 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-14 03:04 - 2011-10-28 13:52 - 00000000 ____D C:\Users\Anna\AppData\Local\Mozilla
2013-10-14 03:04 - 2011-10-28 13:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 02:54 - 2012-05-10 23:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-14 02:54 - 2011-10-28 13:22 - 00148856 _____ C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-14 02:52 - 2009-07-14 06:33 - 00550496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 02:23 - 2009-11-12 19:14 - 00000000 ____D C:\Program Files\ALDI Foto Service
2013-10-14 02:21 - 2012-06-03 21:03 - 00000000 ____D C:\Program Files\ICQ Self Remover
2013-10-14 02:21 - 2011-11-20 23:41 - 00000000 ____D C:\Program Files\ICQ Status Checker
2013-10-14 02:20 - 2013-04-09 14:23 - 00000000 ____D C:\Program Files\ICQ-Banner-Remover
2013-10-14 02:20 - 2011-11-22 01:14 - 00000000 ____D C:\Program Files\ICQ Ignore Checker
2013-10-14 02:20 - 2011-11-20 23:48 - 00000000 ____D C:\Program Files\ICQ Contact Revealer
2013-10-14 02:20 - 2011-11-20 23:39 - 00000000 ____D C:\Program Files\ICQ Away Reader
2013-10-14 02:19 - 2011-12-30 21:05 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Solveig Multimedia
2013-10-14 02:19 - 2011-12-06 20:59 - 00000000 ____D C:\Program Files\HyperCam 3
2013-10-14 02:16 - 2012-09-20 21:48 - 00000000 ____D C:\Users\Anna\.freemind
2013-10-14 02:12 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna\AppData\Local\VirtualStore
2013-10-14 01:45 - 2012-06-16 00:43 - 00000000 ____D C:\Program Files\SYBEX
2013-10-14 01:43 - 2009-11-06 09:27 - 00000000 ____D C:\Program Files\Common Files\Corel
2013-10-14 01:42 - 2013-04-21 15:38 - 00000000 ____D C:\Users\Anna\AppData\Local\Corel
2013-10-14 01:41 - 2013-04-21 15:38 - 00002828 ___SH C:\Windows\system32\KGyGaAvL.sys
2013-10-14 01:41 - 2013-04-21 15:38 - 00000088 __RSH C:\Windows\system32\528F720A38.sys
2013-10-14 01:40 - 2013-10-14 01:40 - 00000000 ____D C:\Users\Anna\Documents\Meine Corel-Shows
2013-10-14 01:28 - 2013-05-08 00:58 - 00000000 ____D C:\Program Files\Avid
2013-10-14 01:26 - 2009-11-12 19:16 - 00000000 ____D C:\Program Files\Aldi Nord Fotoservice
2013-10-14 01:25 - 2009-11-12 19:14 - 00000000 ____D C:\ProgramData\MAGIX
2013-10-14 01:20 - 2013-10-14 01:20 - 00000000 ____D C:\Users\Anna\AppData\Local\Seven Zip
2013-10-14 01:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
2013-10-13 14:30 - 2013-10-13 14:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job
2013-10-12 03:32 - 2013-01-29 15:45 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Spotify
2013-10-12 00:08 - 2011-11-05 14:34 - 00000000 ____D C:\Users\Anna\AppData\Roaming\ICQ
2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (6)
2013-10-08 18:22 - 2013-10-08 18:22 - 00000000 ____D C:\Users\Anna\lena
2013-10-08 04:08 - 2013-01-29 15:45 - 00000000 ____D C:\Users\Anna\AppData\Local\Spotify
2013-09-29 23:09 - 2013-09-29 23:09 - 00000437 _____ C:\Users\Anna\Downloads\3Chinesen_Zürich.MID
2013-09-29 23:08 - 2013-09-29 23:08 - 00000425 _____ C:\Users\Anna\Downloads\3Chinesen.MID
2013-09-28 23:44 - 2011-10-28 13:52 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Mozilla

ZeroAccess:
C:\Users\Anna\AppData\Local\c439d3af
C:\Users\Anna\AppData\Local\c439d3af\@
C:\Users\Anna\AppData\Local\c439d3af\U\80000000.@

Files to move or delete:
====================
C:\Users\Anna\CS2_RetNon_Ger_1.exe
C:\Users\Anna\CS2_RetNon_Ger_2.exe
C:\Users\Anna\CS2_RetNon_Ger_3.exe
C:\Users\Anna\CS_2.0_GR_Extras_1.exe
C:\Users\Anna\gvim73_46.exe


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\bitool.dll
C:\Users\Anna\AppData\Local\Temp\catchme.dll
C:\Users\Anna\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Anna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Anna\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Anna\AppData\Local\Temp\i4jdel0.exe
C:\Users\Anna\AppData\Local\Temp\icqsetup.exe
C:\Users\Anna\AppData\Local\Temp\IminentSetup_1.0Hnjl76.10.exe
C:\Users\Anna\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Anna\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Anna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Anna\AppData\Local\Temp\mirc725.exe
C:\Users\Anna\AppData\Local\Temp\msg4002.exe
C:\Users\Anna\AppData\Local\Temp\pyl2905.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pyl42B1.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pylDDB3.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pylE6A9.tmp.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Anna\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Anna\AppData\Local\Temp\tmp97CE.tmp.exe
C:\Users\Anna\AppData\Local\Temp\TubeBox_Setup.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\uninstaller.exe
C:\Users\Anna\AppData\Local\Temp\unwise.exe
C:\Users\Anna\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Anna\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-12 13:53

==================== End Of Log ============================

--- --- ---

schrauber · 19.10.2013, 07:52

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

AnnaPlease · 22.10.2013, 23:12

Ich habe, nach wie vor, alle Probleme. Es hat sich einfach nichts geändert. Hinzu kommt aber, dass er mir manchmal nicht einmal mehr das Verzeichnis "Computer" öffnet.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c87da34cde4085459ee3b7b708ea6a0c
# engine=15557
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-21 01:38:36
# local_time=2013-10-21 03:38:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776573 100 94 218060 134758259 0 0
# scanned=425334
# found=22
# cleaned=0
# scan_time=20748
sh=046694C314AA7E9F902EAD7BF0EF3639F6426073 ft=1 fh=db72faf1713c37d7 vn="a variant of Win32/Sirefef.DV trojan" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\Local\c439d3af\U\80000000.@"
sh=A7317E5FCE6C923469941F0DC49CF5F55B1C5407 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.KJ trojan" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\Local\Temp\jar_cache4991045931457649116.tmp"
sh=072175610235497CB5DA08216B076BA2510B966F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\Local\Temp\jar_cache7948084932445260656.tmp"
sh=5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 ft=0 fh=0000000000000000 vn="Java/Agent.FH trojan" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\743a9a80-2484ac41"
sh=16A22767841C9EF4D3AB48BA7853633BE32DA62C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\85bce42-4746211c"
sh=78CB23DCF32525ABE5FAECBF690208B5703F8351 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.FA trojan" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\61d6929f-2cc1ba3a"
sh=6706F000086877C657D87192297513BB851D63F8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d6a9920-5c9138ed"
sh=5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 ft=0 fh=0000000000000000 vn="Java/Agent.FH trojan" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4d7a0f21-16fa558b"
sh=4B74800A814CA64F9D413A05F88622637061ED65 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\e32b6aa-614824f3"
sh=887F9EBAACB8FFDF946BE57F6A1582EAA73D0C15 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5446cb2f-5ffc34f9"
sh=8E9B7875E8552DAE5E0A03F9BFC400BA05D3BA29 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Dokumente und Einstellungen\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\669d5e49-7e8f6617"
sh=046694C314AA7E9F902EAD7BF0EF3639F6426073 ft=1 fh=db72faf1713c37d7 vn="a variant of Win32/Sirefef.DV trojan" ac=I fn="C:\Users\Anna\AppData\Local\c439d3af\U\80000000.@"
sh=A7317E5FCE6C923469941F0DC49CF5F55B1C5407 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.KJ trojan" ac=I fn="C:\Users\Anna\AppData\Local\Temp\jar_cache4991045931457649116.tmp"
sh=072175610235497CB5DA08216B076BA2510B966F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anna\AppData\Local\Temp\jar_cache7948084932445260656.tmp"
sh=5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 ft=0 fh=0000000000000000 vn="Java/Agent.FH trojan" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\743a9a80-2484ac41"
sh=16A22767841C9EF4D3AB48BA7853633BE32DA62C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\85bce42-4746211c"
sh=78CB23DCF32525ABE5FAECBF690208B5703F8351 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.FA trojan" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\61d6929f-2cc1ba3a"
sh=6706F000086877C657D87192297513BB851D63F8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d6a9920-5c9138ed"
sh=5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 ft=0 fh=0000000000000000 vn="Java/Agent.FH trojan" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4d7a0f21-16fa558b"
sh=4B74800A814CA64F9D413A05F88622637061ED65 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\e32b6aa-614824f3"
sh=887F9EBAACB8FFDF946BE57F6A1582EAA73D0C15 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5446cb2f-5ffc34f9"
sh=8E9B7875E8552DAE5E0A03F9BFC400BA05D3BA29 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\669d5e49-7e8f6617"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.74  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 45  
 Java 7 Update 13  
 Java version out of Date! 
 Adobe Flash Player 	11.6.602.180  
 Adobe Reader 10.1.5 Adobe Reader out of Date!  
 Mozilla Firefox (24.0) 
 Mozilla Thunderbird (24.0.1) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by Anna (administrator) on ANNA on 23-10-2013 00:02:56
Running from C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL0WGMO7
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Anna\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL0WGMO7\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-28] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-12-20] (Adobe Systems, Inc.)
MountPoints2: {48b80ca4-00e2-11e3-bc01-001f1631c5dd} - G:\LGAutoRun.exe
MountPoints2: {e7176cc9-ae95-11e2-9866-001f1631c5dd} - I:\LaunchU3.exe -a
HKU\Default\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [MEDION] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {34C0E483-E8EC-4360-9ACC-8AD1F3EBDDAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {34C0E483-E8EC-4360-9ACC-8AD1F3EBDDAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\searchplugins\icq.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\ich@maltegoetz.de
FF Extension: EPUBReader - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: ReminderFox - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5c1es894.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (DoNotTrackMe) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0
CHR Extension: (AdBlock) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Cool Clock) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\3.0.1.2_0
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [318976 2013-05-03] ()
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Anna\AppData\Local\Temp\catchme.sys [x]
S3 uxddrv; \??\F:\uxddrv86.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 00:01 - 2013-10-23 00:01 - 00001233 _____ C:\Users\Anna\Desktop\checkup.txt
2013-10-22 01:45 - 2013-10-22 01:45 - 00017659 _____ C:\Users\Anna\Desktop\bewerbung segelmacherei.odt
2013-10-20 21:50 - 2013-10-20 21:50 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu (1).exe
2013-10-20 21:48 - 2013-10-20 21:48 - 00891167 _____ C:\Users\Anna\Desktop\SecurityCheck.exe
2013-10-19 18:39 - 2013-10-19 18:39 - 00000000 ____D C:\Program Files\ESET
2013-10-19 18:38 - 2013-10-19 18:39 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
2013-10-19 17:51 - 2013-10-21 02:25 - 01726052 _____ C:\Users\Anna\lena.MMM
2013-10-19 01:16 - 2013-10-19 01:17 - 00000000 ____D C:\Users\Anna\Desktop\Brobuch
2013-10-18 19:55 - 2013-10-22 00:34 - 00015455 _____ C:\Users\Anna\Documents\Das Bro Buch.odt
2013-10-18 16:48 - 2013-10-18 16:48 - 00027973 _____ C:\Users\Anna\Desktop\FRST.txt
2013-10-18 15:01 - 2013-10-18 15:01 - 00002337 _____ C:\Users\Anna\Desktop\JRT.txt
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 14:57 - 2013-10-18 14:57 - 01033335 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-10-18 14:55 - 2013-10-18 14:55 - 00013660 _____ C:\Users\Anna\Desktop\AdwCleaner[S0].txt
2013-10-18 14:37 - 2013-10-18 14:51 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:36 - 2013-10-18 14:37 - 01050644 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-10-18 00:24 - 2013-10-18 00:27 - 11657784 _____ C:\Users\Anna\Desktop\Opening - Final.wav
2013-10-17 23:04 - 2013-10-17 23:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2013-10-17 22:35 - 2013-10-17 22:38 - 00000000 ____D C:\Program Files\ShareKM
2013-10-17 22:35 - 2013-10-17 22:35 - 00524569 _____ C:\Users\Anna\Desktop\ShareKMSetup-1.0.19.exe
2013-10-17 22:30 - 2013-10-17 22:31 - 02761132 _____ C:\Users\Anna\Desktop\Jingle 3 - Hall & Delay.wav
2013-10-17 15:24 - 2013-10-17 15:25 - 07561784 _____ C:\Users\Anna\Desktop\08 Kleinigkeiten (feat. Lary).m4a
2013-10-17 12:46 - 2013-10-17 12:47 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Anna\Desktop\tdsskiller.exe
2013-10-16 12:57 - 2013-10-16 12:58 - 00000000 ___SD C:\ComboFix
2013-10-16 12:51 - 2013-10-16 12:54 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (7)
2013-10-16 12:48 - 2013-10-16 12:49 - 05133109 ____R (Swearware) C:\Users\Anna\Desktop\ComboFix.exe
2013-10-15 02:10 - 2013-10-15 02:10 - 00000000 ____D C:\FRST
2013-10-14 03:44 - 2013-10-14 03:44 - 00000000 ____D C:\Users\Anna\Documents\GTA San Andreas User Files
2013-10-14 03:36 - 2013-10-14 03:36 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-14 01:40 - 2013-10-14 01:40 - 00000000 ____D C:\Users\Anna\Documents\Meine Corel-Shows
2013-10-14 01:20 - 2013-10-14 01:20 - 00000000 ____D C:\Users\Anna\AppData\Local\Seven Zip
2013-10-13 14:30 - 2013-10-13 14:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job
2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (6)
2013-09-29 23:09 - 2013-09-29 23:09 - 00000437 _____ C:\Users\Anna\Downloads\3Chinesen_Zürich.MID
2013-09-29 23:08 - 2013-09-29 23:08 - 00000425 _____ C:\Users\Anna\Downloads\3Chinesen.MID

==================== One Month Modified Files and Folders =======

2013-10-23 00:01 - 2013-10-23 00:01 - 00001233 _____ C:\Users\Anna\Desktop\checkup.txt
2013-10-23 00:01 - 2011-10-28 13:21 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Skype
2013-10-22 23:51 - 2012-09-16 01:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 23:30 - 2011-11-28 20:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001UA.job
2013-10-22 23:30 - 2011-10-24 11:20 - 01149368 _____ C:\Windows\WindowsUpdate.log
2013-10-22 23:05 - 2011-11-20 14:18 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-22 21:34 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 21:34 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 21:27 - 2011-11-20 14:18 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-22 21:27 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2013-10-22 21:26 - 2012-04-26 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 21:26 - 2009-11-06 10:02 - 00039710 _____ C:\Windows\PFRO.log
2013-10-22 21:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 21:26 - 2009-07-14 06:39 - 00061065 _____ C:\Windows\setupact.log
2013-10-22 01:45 - 2013-10-22 01:45 - 00017659 _____ C:\Users\Anna\Desktop\bewerbung segelmacherei.odt
2013-10-22 00:34 - 2013-10-18 19:55 - 00015455 _____ C:\Users\Anna\Documents\Das Bro Buch.odt
2013-10-21 02:25 - 2013-10-19 17:51 - 01726052 _____ C:\Users\Anna\lena.MMM
2013-10-20 21:50 - 2013-10-20 21:50 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu (1).exe
2013-10-20 21:48 - 2013-10-20 21:48 - 00891167 _____ C:\Users\Anna\Desktop\SecurityCheck.exe
2013-10-20 01:26 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna
2013-10-20 00:44 - 2011-11-07 21:51 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-19 18:39 - 2013-10-19 18:39 - 00000000 ____D C:\Program Files\ESET
2013-10-19 18:39 - 2013-10-19 18:38 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
2013-10-19 01:17 - 2013-10-19 01:16 - 00000000 ____D C:\Users\Anna\Desktop\Brobuch
2013-10-18 16:48 - 2013-10-18 16:48 - 00027973 _____ C:\Users\Anna\Desktop\FRST.txt
2013-10-18 15:01 - 2013-10-18 15:01 - 00002337 _____ C:\Users\Anna\Desktop\JRT.txt
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 14:57 - 2013-10-18 14:57 - 01033335 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2013-10-18 14:55 - 2013-10-18 14:55 - 00013660 _____ C:\Users\Anna\Desktop\AdwCleaner[S0].txt
2013-10-18 14:51 - 2013-10-18 14:37 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:37 - 2013-10-18 14:36 - 01050644 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2013-10-18 14:30 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Performance
2013-10-18 00:27 - 2013-10-18 00:24 - 11657784 _____ C:\Users\Anna\Desktop\Opening - Final.wav
2013-10-17 23:04 - 2013-10-17 23:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2013-10-17 22:38 - 2013-10-17 22:35 - 00000000 ____D C:\Program Files\ShareKM
2013-10-17 22:35 - 2013-10-17 22:35 - 00524569 _____ C:\Users\Anna\Desktop\ShareKMSetup-1.0.19.exe
2013-10-17 22:31 - 2013-10-17 22:30 - 02761132 _____ C:\Users\Anna\Desktop\Jingle 3 - Hall & Delay.wav
2013-10-17 17:33 - 2009-11-06 05:43 - 00257918 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-17 15:25 - 2013-10-17 15:24 - 07561784 _____ C:\Users\Anna\Desktop\08 Kleinigkeiten (feat. Lary).m4a
2013-10-17 12:47 - 2013-10-17 12:46 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Anna\Desktop\tdsskiller.exe
2013-10-16 12:58 - 2013-10-16 12:57 - 00000000 ___SD C:\ComboFix
2013-10-16 12:54 - 2013-10-16 12:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (7)
2013-10-16 12:49 - 2013-10-16 12:48 - 05133109 ____R (Swearware) C:\Users\Anna\Desktop\ComboFix.exe
2013-10-15 02:37 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Anna\Documents\Youcam
2013-10-15 02:10 - 2013-10-15 02:10 - 00000000 ____D C:\FRST
2013-10-14 03:44 - 2013-10-14 03:44 - 00000000 ____D C:\Users\Anna\Documents\GTA San Andreas User Files
2013-10-14 03:43 - 2012-10-11 20:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-14 03:36 - 2013-10-14 03:36 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-14 03:36 - 2009-11-06 08:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-14 03:35 - 2009-11-06 09:09 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-14 03:04 - 2011-10-28 13:52 - 00000000 ____D C:\Users\Anna\AppData\Local\Mozilla
2013-10-14 03:04 - 2011-10-28 13:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 02:54 - 2012-05-10 23:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-14 02:54 - 2011-10-28 13:22 - 00148856 _____ C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-14 02:52 - 2009-07-14 06:33 - 00550496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 02:23 - 2009-11-12 19:14 - 00000000 ____D C:\Program Files\ALDI Foto Service
2013-10-14 02:21 - 2012-06-03 21:03 - 00000000 ____D C:\Program Files\ICQ Self Remover
2013-10-14 02:21 - 2011-11-20 23:41 - 00000000 ____D C:\Program Files\ICQ Status Checker
2013-10-14 02:20 - 2013-04-09 14:23 - 00000000 ____D C:\Program Files\ICQ-Banner-Remover
2013-10-14 02:20 - 2011-11-22 01:14 - 00000000 ____D C:\Program Files\ICQ Ignore Checker
2013-10-14 02:20 - 2011-11-20 23:48 - 00000000 ____D C:\Program Files\ICQ Contact Revealer
2013-10-14 02:20 - 2011-11-20 23:39 - 00000000 ____D C:\Program Files\ICQ Away Reader
2013-10-14 02:19 - 2011-12-30 21:05 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Solveig Multimedia
2013-10-14 02:19 - 2011-12-06 20:59 - 00000000 ____D C:\Program Files\HyperCam 3
2013-10-14 02:16 - 2012-09-20 21:48 - 00000000 ____D C:\Users\Anna\.freemind
2013-10-14 02:12 - 2011-10-28 12:49 - 00000000 ____D C:\Users\Anna\AppData\Local\VirtualStore
2013-10-14 01:45 - 2012-06-16 00:43 - 00000000 ____D C:\Program Files\SYBEX
2013-10-14 01:43 - 2009-11-06 09:27 - 00000000 ____D C:\Program Files\Common Files\Corel
2013-10-14 01:42 - 2013-04-21 15:38 - 00000000 ____D C:\Users\Anna\AppData\Local\Corel
2013-10-14 01:41 - 2013-04-21 15:38 - 00002828 ___SH C:\Windows\system32\KGyGaAvL.sys
2013-10-14 01:41 - 2013-04-21 15:38 - 00000088 __RSH C:\Windows\system32\528F720A38.sys
2013-10-14 01:40 - 2013-10-14 01:40 - 00000000 ____D C:\Users\Anna\Documents\Meine Corel-Shows
2013-10-14 01:28 - 2013-05-08 00:58 - 00000000 ____D C:\Program Files\Avid
2013-10-14 01:26 - 2009-11-12 19:16 - 00000000 ____D C:\Program Files\Aldi Nord Fotoservice
2013-10-14 01:25 - 2009-11-12 19:14 - 00000000 ____D C:\ProgramData\MAGIX
2013-10-14 01:20 - 2013-10-14 01:20 - 00000000 ____D C:\Users\Anna\AppData\Local\Seven Zip
2013-10-14 01:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
2013-10-13 14:30 - 2013-10-13 14:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283202508-3548365839-668912326-1001Core1cec8108e64d92.job
2013-10-12 03:32 - 2013-01-29 15:45 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Spotify
2013-10-12 00:08 - 2011-11-05 14:34 - 00000000 ____D C:\Users\Anna\AppData\Roaming\ICQ
2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 ____D C:\Users\Anna\Desktop\Neuer Ordner (6)
2013-10-08 04:08 - 2013-01-29 15:45 - 00000000 ____D C:\Users\Anna\AppData\Local\Spotify
2013-09-29 23:09 - 2013-09-29 23:09 - 00000437 _____ C:\Users\Anna\Downloads\3Chinesen_Zürich.MID
2013-09-29 23:08 - 2013-09-29 23:08 - 00000425 _____ C:\Users\Anna\Downloads\3Chinesen.MID
2013-09-28 23:44 - 2011-10-28 13:52 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Mozilla

ZeroAccess:
C:\Users\Anna\AppData\Local\c439d3af
C:\Users\Anna\AppData\Local\c439d3af\@
C:\Users\Anna\AppData\Local\c439d3af\U\80000000.@

Files to move or delete:
====================
C:\Users\Anna\CS2_RetNon_Ger_1.exe
C:\Users\Anna\CS2_RetNon_Ger_2.exe
C:\Users\Anna\CS2_RetNon_Ger_3.exe
C:\Users\Anna\CS_2.0_GR_Extras_1.exe
C:\Users\Anna\gvim73_46.exe


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\bitool.dll
C:\Users\Anna\AppData\Local\Temp\catchme.dll
C:\Users\Anna\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Anna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Anna\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Anna\AppData\Local\Temp\i4jdel0.exe
C:\Users\Anna\AppData\Local\Temp\icqsetup.exe
C:\Users\Anna\AppData\Local\Temp\IminentSetup_1.0Hnjl76.10.exe
C:\Users\Anna\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Anna\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Anna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Anna\AppData\Local\Temp\mirc725.exe
C:\Users\Anna\AppData\Local\Temp\msg4002.exe
C:\Users\Anna\AppData\Local\Temp\pyl2905.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pyl42B1.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pylDDB3.tmp.exe
C:\Users\Anna\AppData\Local\Temp\pylE6A9.tmp.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Anna\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Anna\AppData\Local\Temp\tmp97CE.tmp.exe
C:\Users\Anna\AppData\Local\Temp\TubeBox_Setup.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\uninstaller.exe
C:\Users\Anna\AppData\Local\Temp\unwise.exe
C:\Users\Anna\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Anna\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-12 13:53

==================== End Of Log ============================

--- --- ---

schrauber · 23.10.2013, 14:27

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Anna\AppData\Local\c439d3af
ZeroAccess:
C:\Users\Anna\AppData\Local\c439d3af
C:\Users\Anna\AppData\Local\c439d3af\@
C:\Users\Anna\AppData\Local\c439d3af\U\80000000.@

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Java, Adobe und unbedingt Windows updaten, da fehlt ein ganzes Servicepack.

Was pasiert wenn Du die Ordner öffnen willst?

16.10.2013, 11:43	#6
schrauber /// the machine /// TB-Ausbilder	Mein Pc ist langsam und zeigt mir Ordnerinhalte nicht an! Combofix löschen und neu laden, auch mal im abgesicherten Modus versuchen. __________________ --> Mein Pc ist langsam und zeigt mir Ordnerinhalte nicht an!

Mein Pc ist langsam und zeigt mir Ordnerinhalte nicht an!

Plagegeister aller Art und deren Bekämpfung: Mein Pc ist langsam und zeigt mir Ordnerinhalte nicht an!