Trojaner-Board - GVU-Trojaner mit Cam und 100€

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - GVU-Trojaner mit Cam und 100€ (https://www.trojaner-board.de/118636-gvu-trojaner-cam-100-a.html)

GVU-Trojaner mit Cam und 100€

Hallo liebe Gemeinde,
ich habe seit gestern einen GVU Trojaner mir eingefangen anders als der V2.04 mit 100€ die man bezahlen soll und oben rechts wird das aktuelle Webcam Bild gezeigt.
PC lässt sich starten, aber kurz nach dem sich der Desktop aufgebaut hat wird dieser Gesperrt und die GVU Seite angezeigt.
Ohne Internetverbindung ist der PC voll funktionsfähig. (aber wer brauch das schon :rofl:)
Versuche den trojaner mit Kasperskys Recue CD 10 wieder zum Leben zu erwecken blieben erfolglos :(
anbei auch die Log Dateien.
Vielen Dank schonmal im Voraus für Eure Hilfe
gruß booth

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Hallo,
ja im abgesicherten Modus mit Netzwerktreibern funktioniert alles. Internetverbindung ist dann auch voll funktionsfähig.

Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

so anbei nun der mbam log vom fullscan

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.09.06
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

x :: x-PC [Administrator]
 

Schutz: Deaktiviert
 

09.07.2012 15:11:38

mbam-log-2012-07-09 (16-01-04).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 571968

Laufzeit: 45 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Martin\AppData\Local\Temp\0_0u_l.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.

E:\SoftonicDownloader_fuer_clonedvd.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

E:\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
 

(Ende)

und der

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

und der ESET log

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=aa60b7c0406ab946b9bfc64f8c0ac008

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-09 03:41:12

# local_time=2012-07-09 05:41:12 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775166 100 94 406854 78379702 408083 0

# compatibility_mode=5893 16776573 100 94 408507 93472731 0 0

# compatibility_mode=8192 67108863 100 0 268 268 0 0

# scanned=342806

# found=15

# cleaned=0

# scan_time=5591

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe        probably a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\61f41e41-4145cccd        a variant of Java/Exploit.CVE-2012-0507.CU trojan (unable to clean)        00000000000000000000000000000000        I

E:\Exploits\psneuter        Android/Exploit.Lotoor.AK trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2011-08-28 223245\Backup Files 2011-09-04 220559\Backup files 1.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2011-09-19 094805\Backup Files 2011-09-19 094805\Backup files 3.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2011-10-02 214219\Backup Files 2011-10-02 214219\Backup files 2.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2011-12-23 165349\Backup Files 2011-12-23 165349\Backup files 1.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2012-01-02 193612\Backup Files 2012-01-02 193612\Backup files 1.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2012-01-22 223435\Backup Files 2012-01-22 223435\Backup files 1.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2012-02-13 133640\Backup Files 2012-02-13 133640\Backup files 2.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

F:\x-PC\Backup Set 2012-07-04 205336\Backup Files 2012-07-04 205336\Backup files 1.zip        Java/TrojanDownloader.Agent.NBB trojan (unable to clean)        00000000000000000000000000000000        I

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

so anbei nochmal den aktuellen mbam log, alle vohherigen Funde sind jetzt inder Quarantäne, und dort aber nicht gelöscht.
was nun?

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.09.10
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

x :: x-PC [Administrator]
 

Schutz: Deaktiviert
 

09.07.2012 20:44:56

mbam-log-2012-07-09 (20-44-56).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 571867

Laufzeit: 45 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ja der normale Modus von WIN funktioniert wieder, und auch im Startmenü sind alle Ordner udn Dateien wie gewohnt vorhanden.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

hier der das Log vom AdwCleaner

Code:

# AdwCleaner v1.701 - Logfile created 07/10/2012 at 15:17:58

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : x - x-PC

# Running from : C:\Users\Martin\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Martin\AppData\Local\Babylon

Folder Found : C:\Users\Martin\AppData\Roaming\Babylon

Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\extensions\ffxtlbr@babylon.com

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Program Files (x86)\BabylonToolbar
 

***** [Registry] *****
 

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

[x64] Key Found : HKCU\Software\BabylonToolbar

[x64] Key Found : HKCU\Software\Conduit

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

[x64] Key Found : HKLM\SOFTWARE\Classes\b

[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v4.0 (de)
 

Profile name : default 

File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js
 

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101641");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 26);

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Found : user_pref("extensions.BabylonToolbar.hmpg", false);

Found : user_pref("extensions.BabylonToolbar.id", "48db77da000000000000001e8cb438b3");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15365");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.lastDP", 26);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:10:49");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");

Found : user_pref("extensions.BabylonToolbar.newTab", true);

Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 66172142);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:10:49");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101641");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "48db77da000000000000001e8cb438b3");

Found : user_pref("extensions.BabylonToolbar_i.id", "48db77da000000000000001e8cb438b3");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15365");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:10:49");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
 

*************************
 

AdwCleaner[R1].txt - [12534 octets] - [10/07/2012 15:17:58]
 

########## EOF - C:\AdwCleaner[R1].txt - [12663 octets] ##########

und hier das AdwCleaner Log

Code:

# AdwCleaner v1.701 - Logfile created 07/10/2012 at 15:17:58

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : x - x-PC

# Running from : C:\Users\Martin\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Martin\AppData\Local\Babylon

Folder Found : C:\Users\Martin\AppData\Roaming\Babylon

Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\extensions\ffxtlbr@babylon.com

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Program Files (x86)\BabylonToolbar
 

***** [Registry] *****
 

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

[x64] Key Found : HKCU\Software\BabylonToolbar

[x64] Key Found : HKCU\Software\Conduit

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

[x64] Key Found : HKLM\SOFTWARE\Classes\b

[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v4.0 (de)
 

Profile name : default 

File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js
 

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101641");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 26);

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Found : user_pref("extensions.BabylonToolbar.hmpg", false);

Found : user_pref("extensions.BabylonToolbar.id", "48db77da000000000000001e8cb438b3");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15365");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.lastDP", 26);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:10:49");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");

Found : user_pref("extensions.BabylonToolbar.newTab", true);

Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 66172142);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:10:49");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101641");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "48db77da000000000000001e8cb438b3");

Found : user_pref("extensions.BabylonToolbar_i.id", "48db77da000000000000001e8cb438b3");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15365");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:10:49");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
 

*************************
 

AdwCleaner[R1].txt - [12534 octets] - [10/07/2012 15:17:58]
 

########## EOF - C:\AdwCleaner[R1].txt - [12663 octets] ##########

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

bitte schön :)

Code:

# AdwCleaner v1.701 - Logfile created 07/10/2012 at 21:31:51

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : x - x-PC

# Running from : C:\Users\x\Desktop\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Martin\AppData\Local\Babylon

Folder Deleted : C:\Users\Martin\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\extensions\ffxtlbr@babylon.com

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files (x86)\BabylonToolbar
 

***** [Registry] *****
 

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
 

***** [Registre - GUID] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v4.0 (de)
 

Profile name : default 

File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js
 

C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\user.js ... Deleted !
 

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101641");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "48db77da000000000000001e8cb438b3");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15365");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:10:49");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 66172142);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:10:49");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101641");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "48db77da000000000000001e8cb438b3");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "48db77da000000000000001e8cb438b3");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15365");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:10:49");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
 

*************************
 

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]

AdwCleaner[S1].txt - [10328 octets] - [10/07/2012 21:31:51]
 

########## EOF - C:\AdwCleaner[S1].txt - [10457 octets] ##########

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

anbei das neue OTL log
OTL Logfile:

Code:

OTL logfile created on: 11.07.2012 12:50:29 - Run 2

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\x\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,84% Memory free

8,00 Gb Paging File | 6,64 Gb Available in Paging File | 83,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 24,41 Gb Total Space | 0,31 Gb Free Space | 1,27% Space Free | Partition Type: NTFS

Drive D: | 149,04 Gb Total Space | 89,12 Gb Free Space | 59,79% Space Free | Partition Type: NTFS

Drive E: | 83,98 Gb Total Space | 74,28 Gb Free Space | 88,45% Space Free | Partition Type: NTFS

Drive F: | 110,81 Gb Total Space | 21,10 Gb Free Space | 19,04% Space Free | Partition Type: NTFS

 

Computer Name: x-PC | User Name: x | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\x\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - E:\pdf24\pdf24.exe (Geek Software GmbH)

PRC - C:\Users\x\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Users\x\temp\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Users\x\temp\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - E:\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()

MOD - C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll ()

MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll ()

MOD - C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (TeamViewer7) -- C:\Users\x\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (CVPND) -- E:\cvpnd.exe (Cisco Systems, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (LVPrcS64) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)

DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)

DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)

DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()

DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)

DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (LVUVC64) Logitech QuickCam E3500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)

DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 0F 6C D3 42 EA CB 01  [binary data]

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\..\SearchScopes,DefaultScope = {1EF7B734-BF65-458A-A548-0DEEF5609EC1}

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\..\SearchScopes\{1EF7B734-BF65-458A-A548-0DEEF5609EC1}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\..\SearchScopes\{E718EC99-DBB3-453B-A5BD-30223E3D6D94}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}

IE - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: E:\components [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: E:\plugins [2012.07.04 20:06:17 | 000,000,000 | ---D | M]

 

[2011.03.26 23:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions

[2012.07.10 21:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Firefox\Profiles\vkgqzmab.default\extensions

[2011.05.17 22:02:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\x\AppData\Roaming\mozilla\Firefox\Profiles\vkgqzmab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office14\URLREDIR.DLL (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDFPrint] E:\pdf24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001..\Run: [KiesPDLR] C:\Windows\system32\External\FirmwareUpdate\KiesPDLR.exe File not found

O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - E:\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: An OneNote s&enden - E:\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F92F7101-64C1-4B7C-9B0E-30833D2CCECF}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

System Restore Service not available.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.11 12:49:14 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe

[2012.07.10 13:10:19 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2012.07.09 16:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.07.05 20:23:47 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Malwarebytes

[2012.07.05 20:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.05 20:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.05 20:23:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.05 20:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.07.05 20:22:33 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\x\Desktop\mbam-setup-1.61.0.1400.exe

[2012.07.04 20:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix

[2012.07.04 20:06:17 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\ICAClient

[2012.07.04 20:06:17 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Citrix

[2012.07.04 20:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.11 12:49:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe

[2012.07.11 12:45:03 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.11 12:45:03 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.11 12:41:58 | 001,484,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.11 12:41:58 | 000,649,090 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.11 12:41:58 | 000,611,668 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.11 12:41:58 | 000,127,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.11 12:41:58 | 000,104,246 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.11 12:37:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.11 12:37:23 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.10 15:17:50 | 000,618,655 | ---- | M] () -- C:\Users\x\Desktop\adwcleaner.exe

[2012.07.05 20:23:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.05 20:18:30 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\x\Desktop\mbam-setup-1.61.0.1400.exe

[2012.07.05 19:01:55 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad

[2012.07.05 19:00:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.07.04 22:36:27 | 000,001,883 | ---- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.07.10 15:17:50 | 000,618,655 | ---- | C] () -- C:\Users\x\Desktop\adwcleaner.exe

[2012.07.05 20:23:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.04 22:36:27 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad

[2012.07.04 22:36:27 | 000,001,883 | ---- | C] () -- C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.01.26 15:13:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.10.11 00:08:49 | 000,033,134 | ---- | C] () -- C:\Users\x\AppData\Roaming\UserTile.png

[2011.10.01 15:39:35 | 000,000,017 | ---- | C] () -- C:\Users\x\AppData\Local\resmon.resmoncfg

[2011.05.28 23:01:23 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.03.24 19:13:29 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

 
 ========== LOP Check ==========

 

[2012.02.22 23:08:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Amazon

[2012.02.08 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft

[2011.05.17 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.04.09 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FutureShip

[2012.07.04 20:10:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ICAClient

[2011.03.24 19:05:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Leadertech

[2012.02.17 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MyPhoneExplorer

[2011.10.11 00:08:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PeerNetworking

[2011.10.10 22:28:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Samsung

[2012.01.12 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer

[2012.02.15 10:20:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.03.28 00:38:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe

[2012.02.22 23:08:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Amazon

[2011.05.01 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CyberLink

[2012.02.08 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft

[2011.05.17 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.04.09 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FutureShip

[2012.07.04 20:10:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ICAClient

[2011.03.24 17:50:28 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities

[2011.03.24 19:05:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Leadertech

[2011.03.24 19:04:44 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Logishrd

[2011.03.24 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Logitech

[2011.03.24 19:17:59 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia

[2012.07.05 20:23:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes

[2011.04.06 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MathWorks

[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs

[2012.01.03 16:13:02 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft

[2011.03.26 23:02:44 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla

[2012.02.17 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MyPhoneExplorer

[2012.01.24 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\NCH Software

[2011.10.11 00:08:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PeerNetworking

[2011.10.10 22:28:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Samsung

[2012.07.10 16:55:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Skype

[2012.01.12 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer

[2011.08.14 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2012.01.03 16:13:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\x\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2007.11.27 08:41:32 | 000,405,504 | ---- | M] () -- C:\Users\x\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Files

C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache

E:\Exploits

C:\Program Files (x86)\BabylonToolbar

C:\ProgramData\l_u0_0.pad

C:\Windows\SysNative\drivers\lvuvc.hs

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

und nochmal ein Log :)

Code:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3963999717-2235169476-1634751954-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

========== FILES ==========

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

E:\Exploits folder moved successfully.

File\Folder C:\Program Files (x86)\BabylonToolbar not found.

C:\ProgramData\l_u0_0.pad moved successfully.

C:\Windows\SysNative\drivers\lvuvc.hs moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: x

->Temp folder emptied: 41065723 bytes

->Temporary Internet Files folder emptied: 760307209 bytes

->FireFox cache emptied: 135561126 bytes

->Flash cache emptied: 37606 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 388464120 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.264,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: x

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_150957
 

Files\Folders moved on Reboot...

C:\Users\x\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
 

PendingFileRenameOperations files...

File C:\Users\x\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

[2009.10.07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5

[2009.10.07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hab ich ausgeführt, TDSS Killer hat auch nichts bemängelt.

Code:

15:49:27.0462 0640        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35

15:49:27.0573 0640        ============================================================

15:49:27.0573 0640        Current date / time: 2012/07/11 15:49:27.0573

15:49:27.0573 0640        SystemInfo:

15:49:27.0573 0640        

15:49:27.0573 0640        OS Version: 6.1.7601 ServicePack: 1.0

15:49:27.0573 0640        Product type: Workstation

15:49:27.0573 0640        ComputerName: MARTIN-PC

15:49:27.0574 0640        UserName: Martin

15:49:27.0574 0640        Windows directory: C:\Windows

15:49:27.0574 0640        System windows directory: C:\Windows

15:49:27.0574 0640        Running under WOW64

15:49:27.0574 0640        Processor architecture: Intel x64

15:49:27.0574 0640        Number of processors: 2

15:49:27.0574 0640        Page size: 0x1000

15:49:27.0574 0640        Boot type: Normal boot

15:49:27.0574 0640        ============================================================

15:49:28.0242 0640        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:28.0246 0640        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:28.0249 0640        ============================================================

15:49:28.0249 0640        \Device\Harddisk1\DR1:

15:49:28.0250 0640        MBR partitions:

15:49:28.0250 0640        \Device\Harddisk0\DR0:

15:49:28.0250 0640        MBR partitions:

15:49:28.0250 0640        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74

15:49:28.0263 0640        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0xA7F6A8D

15:49:28.0275 0640        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF422FBE, BlocksNum 0xDD9D702

15:49:28.0275 0640        ============================================================

15:49:28.0300 0640        C: <-> \Device\Harddisk0\DR0\Partition0

15:49:28.0344 0640        E: <-> \Device\Harddisk0\DR0\Partition1

15:49:28.0367 0640        F: <-> \Device\Harddisk0\DR0\Partition2

15:49:28.0367 0640        ============================================================

15:49:28.0367 0640        Initialize success

15:49:28.0367 0640        ============================================================

15:49:57.0632 4972        ============================================================

15:49:57.0632 4972        Scan started

15:49:57.0632 4972        Mode: Manual; SigCheck; TDLFS; 

15:49:57.0632 4972        ============================================================

15:49:57.0896 4972        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:49:57.0975 4972        1394ohci - ok

15:49:58.0031 4972        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:49:58.0048 4972        ACPI - ok

15:49:58.0093 4972        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:49:58.0151 4972        AcpiPmi - ok

15:49:58.0270 4972        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:49:58.0279 4972        AdobeARMservice - ok

15:49:58.0334 4972        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:49:58.0354 4972        adp94xx - ok

15:49:58.0369 4972        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:49:58.0382 4972        adpahci - ok

15:49:58.0401 4972        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:49:58.0412 4972        adpu320 - ok

15:49:58.0436 4972        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:49:58.0558 4972        AeLookupSvc - ok

15:49:58.0613 4972        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:49:58.0669 4972        AFD - ok

15:49:58.0709 4972        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:49:58.0721 4972        agp440 - ok

15:49:58.0737 4972        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:49:58.0789 4972        ALG - ok

15:49:58.0808 4972        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:49:58.0819 4972        aliide - ok

15:49:58.0823 4972        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:49:58.0834 4972        amdide - ok

15:49:58.0880 4972        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:49:58.0923 4972        AmdK8 - ok

15:49:58.0930 4972        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:49:58.0951 4972        AmdPPM - ok

15:49:58.0968 4972        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:49:58.0980 4972        amdsata - ok

15:49:59.0001 4972        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:49:59.0015 4972        amdsbs - ok

15:49:59.0025 4972        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:49:59.0033 4972        amdxata - ok

15:49:59.0059 4972        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

15:49:59.0107 4972        androidusb - ok

15:49:59.0166 4972        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:49:59.0288 4972        AppID - ok

15:49:59.0317 4972        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:49:59.0359 4972        AppIDSvc - ok

15:49:59.0405 4972        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:49:59.0448 4972        Appinfo - ok

15:49:59.0497 4972        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

15:49:59.0537 4972        AppMgmt - ok

15:49:59.0568 4972        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:49:59.0580 4972        arc - ok

15:49:59.0592 4972        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:49:59.0604 4972        arcsas - ok

15:49:59.0623 4972        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:49:59.0677 4972        AsyncMac - ok

15:49:59.0710 4972        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:49:59.0718 4972        atapi - ok

15:49:59.0752 4972        AtcL001         (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys

15:49:59.0790 4972        AtcL001 - ok

15:49:59.0848 4972        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:49:59.0899 4972        AudioEndpointBuilder - ok

15:49:59.0906 4972        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:49:59.0938 4972        AudioSrv - ok

15:49:59.0982 4972        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:50:00.0039 4972        AxInstSV - ok

15:50:00.0088 4972        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:50:00.0138 4972        b06bdrv - ok

15:50:00.0173 4972        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:50:00.0217 4972        b57nd60a - ok

15:50:00.0257 4972        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:50:00.0278 4972        BDESVC - ok

15:50:00.0286 4972        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:50:00.0332 4972        Beep - ok

15:50:00.0430 4972        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:50:00.0472 4972        BFE - ok

15:50:00.0554 4972        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

15:50:00.0618 4972        BITS - ok

15:50:00.0673 4972        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:50:00.0701 4972        blbdrive - ok

15:50:00.0746 4972        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:50:00.0792 4972        bowser - ok

15:50:00.0823 4972        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:50:00.0881 4972        BrFiltLo - ok

15:50:00.0884 4972        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:50:00.0900 4972        BrFiltUp - ok

15:50:00.0937 4972        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:50:00.0996 4972        Browser - ok

15:50:01.0031 4972        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:50:01.0085 4972        Brserid - ok

15:50:01.0090 4972        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:50:01.0120 4972        BrSerWdm - ok

15:50:01.0124 4972        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:50:01.0141 4972        BrUsbMdm - ok

15:50:01.0144 4972        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:50:01.0160 4972        BrUsbSer - ok

15:50:01.0165 4972        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:50:01.0185 4972        BTHMODEM - ok

15:50:01.0220 4972        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:50:01.0262 4972        bthserv - ok

15:50:01.0278 4972        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:50:01.0307 4972        cdfs - ok

15:50:01.0356 4972        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:50:01.0379 4972        cdrom - ok

15:50:01.0430 4972        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:50:01.0473 4972        CertPropSvc - ok

15:50:01.0519 4972        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:50:01.0567 4972        circlass - ok

15:50:01.0651 4972        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:50:01.0667 4972        CLFS - ok

15:50:01.0733 4972        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:50:01.0743 4972        clr_optimization_v2.0.50727_32 - ok

15:50:01.0787 4972        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:50:01.0796 4972        clr_optimization_v2.0.50727_64 - ok

15:50:01.0871 4972        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:50:01.0880 4972        clr_optimization_v4.0.30319_32 - ok

15:50:01.0911 4972        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:50:01.0921 4972        clr_optimization_v4.0.30319_64 - ok

15:50:01.0959 4972        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:50:01.0972 4972        CmBatt - ok

15:50:01.0993 4972        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:50:02.0003 4972        cmdide - ok

15:50:02.0038 4972        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

15:50:02.0064 4972        CNG - ok

15:50:02.0081 4972        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:50:02.0092 4972        Compbatt - ok

15:50:02.0130 4972        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:50:02.0160 4972        CompositeBus - ok

15:50:02.0171 4972        COMSysApp - ok

15:50:02.0214 4972        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:50:02.0225 4972        crcdisk - ok

15:50:02.0276 4972        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

15:50:02.0325 4972        CryptSvc - ok

15:50:02.0365 4972        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

15:50:02.0406 4972        CSC - ok

15:50:02.0444 4972        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

15:50:02.0475 4972        CscService - ok

15:50:02.0547 4972        ctxusbm         (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

15:50:02.0555 4972        ctxusbm - ok

15:50:02.0579 4972        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

15:50:02.0586 4972        CVirtA - ok

15:50:02.0671 4972        CVPND           (66257cb4e4fb69887cddc71663741435) E:\cvpnd.exe

15:50:02.0708 4972        CVPND - ok

15:50:02.0759 4972        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

15:50:02.0770 4972        CVPNDRVA - ok

15:50:02.0831 4972        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:50:02.0891 4972        DcomLaunch - ok

15:50:02.0926 4972        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:50:02.0962 4972        defragsvc - ok

15:50:03.0006 4972        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:50:03.0050 4972        DfsC - ok

15:50:03.0063 4972        dgderdrv - ok

15:50:03.0070 4972        DgiVecp - ok

15:50:03.0112 4972        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:50:03.0162 4972        Dhcp - ok

15:50:03.0183 4972        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:50:03.0231 4972        discache - ok

15:50:03.0257 4972        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:50:03.0265 4972        Disk - ok

15:50:03.0297 4972        DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

15:50:03.0304 4972        DNE - ok

15:50:03.0340 4972        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:50:03.0389 4972        Dnscache - ok

15:50:03.0422 4972        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:50:03.0471 4972        dot3svc - ok

15:50:03.0505 4972        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:50:03.0543 4972        DPS - ok

15:50:03.0587 4972        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:50:03.0603 4972        drmkaud - ok

15:50:03.0676 4972        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:50:03.0700 4972        DXGKrnl - ok

15:50:03.0737 4972        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:50:03.0788 4972        EapHost - ok

15:50:03.0935 4972        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:50:04.0005 4972        ebdrv - ok

15:50:04.0095 4972        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:50:04.0137 4972        EFS - ok

15:50:04.0212 4972        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:50:04.0258 4972        ehRecvr - ok

15:50:04.0281 4972        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:50:04.0321 4972        ehSched - ok

15:50:04.0377 4972        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:50:04.0399 4972        elxstor - ok

15:50:04.0430 4972        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:50:04.0457 4972        ErrDev - ok

15:50:04.0506 4972        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:50:04.0560 4972        EventSystem - ok

15:50:04.0590 4972        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:50:04.0629 4972        exfat - ok

15:50:04.0653 4972        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:50:04.0697 4972        fastfat - ok

15:50:04.0757 4972        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:50:04.0801 4972        Fax - ok

15:50:04.0814 4972        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:50:04.0824 4972        fdc - ok

15:50:04.0840 4972        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:50:04.0880 4972        fdPHost - ok

15:50:04.0892 4972        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:50:04.0932 4972        FDResPub - ok

15:50:04.0950 4972        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:50:04.0958 4972        FileInfo - ok

15:50:04.0978 4972        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:50:05.0024 4972        Filetrace - ok

15:50:05.0082 4972        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:50:05.0095 4972        flpydisk - ok

15:50:05.0139 4972        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:50:05.0155 4972        FltMgr - ok

15:50:05.0228 4972        FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll

15:50:05.0292 4972        FontCache - ok

15:50:05.0356 4972        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:50:05.0365 4972        FontCache3.0.0.0 - ok

15:50:05.0400 4972        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:50:05.0411 4972        FsDepends - ok

15:50:05.0423 4972        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:50:05.0433 4972        Fs_Rec - ok

15:50:05.0486 4972        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:50:05.0504 4972        fvevol - ok

15:50:05.0526 4972        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:50:05.0534 4972        gagp30kx - ok

15:50:05.0587 4972        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:50:05.0636 4972        gpsvc - ok

15:50:05.0652 4972        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:50:05.0690 4972        hcw85cir - ok

15:50:05.0747 4972        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:50:05.0767 4972        HdAudAddService - ok

15:50:05.0816 4972        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:50:05.0841 4972        HDAudBus - ok

15:50:05.0845 4972        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:50:05.0865 4972        HidBatt - ok

15:50:05.0885 4972        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:50:05.0899 4972        HidBth - ok

15:50:05.0903 4972        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:50:05.0930 4972        HidIr - ok

15:50:05.0954 4972        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:50:05.0998 4972        hidserv - ok

15:50:06.0039 4972        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

15:50:06.0049 4972        HidUsb - ok

15:50:06.0082 4972        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:50:06.0121 4972        hkmsvc - ok

15:50:06.0153 4972        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:50:06.0188 4972        HomeGroupListener - ok

15:50:06.0218 4972        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:50:06.0244 4972        HomeGroupProvider - ok

15:50:06.0293 4972        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:50:06.0304 4972        HpSAMD - ok

15:50:06.0371 4972        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:50:06.0434 4972        HTTP - ok

15:50:06.0461 4972        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:50:06.0468 4972        hwpolicy - ok

15:50:06.0504 4972        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:50:06.0515 4972        i8042prt - ok

15:50:06.0554 4972        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:50:06.0569 4972        iaStorV - ok

15:50:06.0671 4972        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:50:06.0697 4972        idsvc - ok

15:50:06.0717 4972        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:50:06.0726 4972        iirsp - ok

15:50:06.0772 4972        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:50:06.0824 4972        IKEEXT - ok

15:50:06.0845 4972        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:50:06.0853 4972        intelide - ok

15:50:06.0879 4972        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:50:06.0890 4972        intelppm - ok

15:50:06.0918 4972        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:50:06.0947 4972        IPBusEnum - ok

15:50:06.0976 4972        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:50:07.0017 4972        IpFilterDriver - ok

15:50:07.0064 4972        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:50:07.0098 4972        iphlpsvc - ok

15:50:07.0128 4972        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:50:07.0138 4972        IPMIDRV - ok

15:50:07.0162 4972        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:50:07.0213 4972        IPNAT - ok

15:50:07.0248 4972        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:50:07.0274 4972        IRENUM - ok

15:50:07.0309 4972        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:50:07.0320 4972        isapnp - ok

15:50:07.0343 4972        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:50:07.0359 4972        iScsiPrt - ok

15:50:07.0396 4972        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:50:07.0406 4972        kbdclass - ok

15:50:07.0426 4972        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

15:50:07.0452 4972        kbdhid - ok

15:50:07.0479 4972        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:50:07.0492 4972        KeyIso - ok

15:50:07.0503 4972        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

15:50:07.0515 4972        KSecDD - ok

15:50:07.0545 4972        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

15:50:07.0557 4972        KSecPkg - ok

15:50:07.0569 4972        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:50:07.0610 4972        ksthunk - ok

15:50:07.0647 4972        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:50:07.0689 4972        KtmRm - ok

15:50:07.0733 4972        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

15:50:07.0787 4972        LanmanServer - ok

15:50:07.0811 4972        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:50:07.0850 4972        LanmanWorkstation - ok

15:50:07.0967 4972        LBTServ         (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

15:50:07.0983 4972        LBTServ - ok

15:50:08.0014 4972        LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys

15:50:08.0020 4972        LHidFilt - ok

15:50:08.0052 4972        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:50:08.0090 4972        lltdio - ok

15:50:08.0121 4972        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:50:08.0168 4972        lltdsvc - ok

15:50:08.0188 4972        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:50:08.0216 4972        lmhosts - ok

15:50:08.0236 4972        LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys

15:50:08.0243 4972        LMouFilt - ok

15:50:08.0274 4972        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:50:08.0284 4972        LSI_FC - ok

15:50:08.0297 4972        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:50:08.0306 4972        LSI_SAS - ok

15:50:08.0323 4972        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:50:08.0332 4972        LSI_SAS2 - ok

15:50:08.0354 4972        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:50:08.0363 4972        LSI_SCSI - ok

15:50:08.0395 4972        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:50:08.0433 4972        luafv - ok

15:50:08.0479 4972        LVPr2M64        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

15:50:08.0486 4972        LVPr2M64 - ok

15:50:08.0500 4972        LVPr2Mon        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

15:50:08.0506 4972        LVPr2Mon - ok

15:50:08.0576 4972        LVPrcS64        (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

15:50:08.0585 4972        LVPrcS64 - ok

15:50:08.0632 4972        LVRS64          (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

15:50:08.0643 4972        LVRS64 - ok

15:50:08.0916 4972        LVUVC64         (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

15:50:09.0006 4972        LVUVC64 - ok

15:50:09.0135 4972        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

15:50:09.0144 4972        MBAMProtector - ok

15:50:09.0226 4972        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:50:09.0243 4972        MBAMService - ok

15:50:09.0278 4972        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:50:09.0299 4972        Mcx2Svc - ok

15:50:09.0322 4972        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:50:09.0331 4972        megasas - ok

15:50:09.0357 4972        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:50:09.0369 4972        MegaSR - ok

15:50:09.0400 4972        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:50:09.0442 4972        MMCSS - ok

15:50:09.0469 4972        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:50:09.0510 4972        Modem - ok

15:50:09.0530 4972        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:50:09.0552 4972        monitor - ok

15:50:09.0594 4972        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:50:09.0605 4972        mouclass - ok

15:50:09.0639 4972        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:50:09.0665 4972        mouhid - ok

15:50:09.0694 4972        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:50:09.0705 4972        mountmgr - ok

15:50:09.0738 4972        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:50:09.0751 4972        mpio - ok

15:50:09.0762 4972        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:50:09.0798 4972        mpsdrv - ok

15:50:09.0858 4972        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:50:09.0914 4972        MpsSvc - ok

15:50:09.0943 4972        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:50:09.0958 4972        MRxDAV - ok

15:50:09.0987 4972        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:50:10.0029 4972        mrxsmb - ok

15:50:10.0082 4972        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:50:10.0109 4972        mrxsmb10 - ok

15:50:10.0129 4972        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:50:10.0143 4972        mrxsmb20 - ok

15:50:10.0172 4972        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:50:10.0181 4972        msahci - ok

15:50:10.0215 4972        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:50:10.0228 4972        msdsm - ok

15:50:10.0255 4972        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:50:10.0271 4972        MSDTC - ok

15:50:10.0303 4972        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:50:10.0338 4972        Msfs - ok

15:50:10.0349 4972        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:50:10.0389 4972        mshidkmdf - ok

15:50:10.0407 4972        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:50:10.0415 4972        msisadrv - ok

15:50:10.0457 4972        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:50:10.0513 4972        MSiSCSI - ok

15:50:10.0516 4972        msiserver - ok

15:50:10.0547 4972        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:50:10.0588 4972        MSKSSRV - ok

15:50:10.0603 4972        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:50:10.0643 4972        MSPCLOCK - ok

15:50:10.0661 4972        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:50:10.0704 4972        MSPQM - ok

15:50:10.0744 4972        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:50:10.0758 4972        MsRPC - ok

15:50:10.0775 4972        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:50:10.0783 4972        mssmbios - ok

15:50:10.0800 4972        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:50:10.0848 4972        MSTEE - ok

15:50:10.0874 4972        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:50:10.0883 4972        MTConfig - ok

15:50:10.0916 4972        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

15:50:10.0949 4972        MTsensor - ok

15:50:10.0976 4972        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:50:10.0987 4972        Mup - ok

15:50:11.0039 4972        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:50:11.0090 4972        napagent - ok

15:50:11.0132 4972        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:50:11.0149 4972        NativeWifiP - ok

15:50:11.0202 4972        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:50:11.0224 4972        NDIS - ok

15:50:11.0236 4972        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:50:11.0275 4972        NdisCap - ok

15:50:11.0299 4972        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:50:11.0340 4972        NdisTapi - ok

15:50:11.0368 4972        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:50:11.0415 4972        Ndisuio - ok

15:50:11.0442 4972        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:50:11.0486 4972        NdisWan - ok

15:50:11.0537 4972        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:50:11.0578 4972        NDProxy - ok

15:50:11.0600 4972        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:50:11.0638 4972        NetBIOS - ok

15:50:11.0798 4972        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:50:11.0850 4972        NetBT - ok

15:50:11.0875 4972        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:50:11.0888 4972        Netlogon - ok

15:50:11.0931 4972        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:50:11.0988 4972        Netman - ok

15:50:12.0029 4972        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:50:12.0075 4972        netprofm - ok

15:50:12.0147 4972        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:50:12.0157 4972        NetTcpPortSharing - ok

15:50:12.0185 4972        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:50:12.0194 4972        nfrd960 - ok

15:50:12.0242 4972        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:50:12.0295 4972        NlaSvc - ok

15:50:12.0311 4972        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:50:12.0348 4972        Npfs - ok

15:50:12.0358 4972        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:50:12.0400 4972        nsi - ok

15:50:12.0417 4972        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:50:12.0454 4972        nsiproxy - ok

15:50:12.0541 4972        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:50:12.0585 4972        Ntfs - ok

15:50:12.0680 4972        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:50:12.0725 4972        Null - ok

15:50:13.0295 4972        nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:50:13.0466 4972        nvlddmkm - ok

15:50:13.0594 4972        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:50:13.0607 4972        nvraid - ok

15:50:13.0615 4972        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:50:13.0628 4972        nvstor - ok

15:50:13.0710 4972        NVSvc           (dd9d86051b8f7669aabf693530f380fe) C:\Windows\system32\nvvsvc.exe

15:50:13.0731 4972        NVSvc - ok

15:50:13.0870 4972        nvUpdatusService (4472183de09f80cb1b56f217d8e0ab9b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

15:50:13.0910 4972        nvUpdatusService - ok

15:50:13.0995 4972        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:50:14.0007 4972        nv_agp - ok

15:50:14.0035 4972        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:50:14.0061 4972        ohci1394 - ok

15:50:14.0107 4972        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:50:14.0117 4972        ose - ok

15:50:14.0350 4972        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:50:14.0424 4972        osppsvc - ok

15:50:14.0504 4972        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:50:14.0544 4972        p2pimsvc - ok

15:50:14.0573 4972        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:50:14.0592 4972        p2psvc - ok

15:50:14.0631 4972        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:50:14.0645 4972        Parport - ok

15:50:14.0670 4972        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

15:50:14.0681 4972        partmgr - ok

15:50:14.0697 4972        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:50:14.0728 4972        PcaSvc - ok

15:50:14.0756 4972        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:50:14.0769 4972        pci - ok

15:50:14.0781 4972        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:50:14.0788 4972        pciide - ok

15:50:14.0798 4972        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:50:14.0809 4972        pcmcia - ok

15:50:14.0820 4972        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:50:14.0828 4972        pcw - ok

15:50:14.0870 4972        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:50:14.0929 4972        PEAUTH - ok

15:50:15.0005 4972        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

15:50:15.0073 4972        PeerDistSvc - ok

15:50:15.0154 4972        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:50:15.0179 4972        PerfHost - ok

15:50:15.0315 4972        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:50:15.0385 4972        pla - ok

15:50:15.0442 4972        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:50:15.0475 4972        PlugPlay - ok

15:50:15.0498 4972        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:50:15.0523 4972        PNRPAutoReg - ok

15:50:15.0550 4972        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:50:15.0566 4972        PNRPsvc - ok

15:50:15.0611 4972        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:50:15.0666 4972        PolicyAgent - ok

15:50:15.0698 4972        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:50:15.0753 4972        Power - ok

15:50:15.0827 4972        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:50:15.0873 4972        PptpMiniport - ok

15:50:15.0897 4972        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:50:15.0919 4972        Processor - ok

15:50:15.0968 4972        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

15:50:16.0011 4972        ProfSvc - ok

15:50:16.0038 4972        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:50:16.0048 4972        ProtectedStorage - ok

15:50:16.0086 4972        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:50:16.0115 4972        Psched - ok

15:50:16.0185 4972        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:50:16.0218 4972        ql2300 - ok

15:50:16.0314 4972        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:50:16.0327 4972        ql40xx - ok

15:50:16.0356 4972        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:50:16.0384 4972        QWAVE - ok

15:50:16.0401 4972        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:50:16.0429 4972        QWAVEdrv - ok

15:50:16.0448 4972        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:50:16.0489 4972        RasAcd - ok

15:50:16.0523 4972        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:50:16.0552 4972        RasAgileVpn - ok

15:50:16.0567 4972        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:50:16.0597 4972        RasAuto - ok

15:50:16.0631 4972        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:50:16.0680 4972        Rasl2tp - ok

15:50:16.0718 4972        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:50:16.0759 4972        RasMan - ok

15:50:16.0780 4972        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:50:16.0817 4972        RasPppoe - ok

15:50:16.0848 4972        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:50:16.0886 4972        RasSstp - ok

15:50:16.0941 4972        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:50:16.0977 4972        rdbss - ok

15:50:16.0988 4972        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:50:17.0009 4972        rdpbus - ok

15:50:17.0034 4972        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:50:17.0076 4972        RDPCDD - ok

15:50:17.0104 4972        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

15:50:17.0125 4972        RDPDR - ok

15:50:17.0140 4972        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:50:17.0183 4972        RDPENCDD - ok

15:50:17.0203 4972        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:50:17.0230 4972        RDPREFMP - ok

15:50:17.0269 4972        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

15:50:17.0304 4972        RDPWD - ok

15:50:17.0340 4972        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:50:17.0351 4972        rdyboost - ok

15:50:17.0377 4972        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:50:17.0420 4972        RemoteAccess - ok

15:50:17.0451 4972        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:50:17.0495 4972        RemoteRegistry - ok

15:50:17.0514 4972        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:50:17.0554 4972        RpcEptMapper - ok

15:50:17.0565 4972        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:50:17.0587 4972        RpcLocator - ok

15:50:17.0620 4972        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:50:17.0652 4972        RpcSs - ok

15:50:17.0683 4972        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:50:17.0721 4972        rspndr - ok

15:50:17.0749 4972        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

15:50:17.0782 4972        s3cap - ok

15:50:17.0805 4972        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:50:17.0817 4972        SamSs - ok

15:50:17.0832 4972        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:50:17.0844 4972        sbp2port - ok

15:50:17.0873 4972        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:50:17.0908 4972        SCardSvr - ok

15:50:17.0940 4972        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:50:17.0988 4972        scfilter - ok

15:50:18.0060 4972        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:50:18.0121 4972        Schedule - ok

15:50:18.0150 4972        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:50:18.0178 4972        SCPolicySvc - ok

15:50:18.0213 4972        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:50:18.0246 4972        SDRSVC - ok

15:50:18.0295 4972        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:50:18.0345 4972        secdrv - ok

15:50:18.0359 4972        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:50:18.0389 4972        seclogon - ok

15:50:18.0419 4972        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:50:18.0448 4972        SENS - ok

15:50:18.0462 4972        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:50:18.0493 4972        SensrSvc - ok

15:50:18.0512 4972        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:50:18.0522 4972        Serenum - ok

15:50:18.0534 4972        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:50:18.0553 4972        Serial - ok

15:50:18.0570 4972        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:50:18.0594 4972        sermouse - ok

15:50:18.0630 4972        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:50:18.0671 4972        SessionEnv - ok

15:50:18.0691 4972        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:50:18.0722 4972        sffdisk - ok

15:50:18.0726 4972        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:50:18.0748 4972        sffp_mmc - ok

15:50:18.0761 4972        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:50:18.0787 4972        sffp_sd - ok

15:50:18.0800 4972        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:50:18.0825 4972        sfloppy - ok

15:50:18.0861 4972        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:50:18.0894 4972        SharedAccess - ok

15:50:18.0923 4972        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:50:18.0955 4972        ShellHWDetection - ok

15:50:18.0972 4972        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:50:18.0980 4972        SiSRaid2 - ok

15:50:18.0998 4972        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:50:19.0007 4972        SiSRaid4 - ok

15:50:19.0037 4972        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:50:19.0082 4972        Smb - ok

15:50:19.0116 4972        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:50:19.0127 4972        SNMPTRAP - ok

15:50:19.0138 4972        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:50:19.0145 4972        spldr - ok

15:50:19.0186 4972        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:50:19.0221 4972        Spooler - ok

15:50:19.0390 4972        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:50:19.0463 4972        sppsvc - ok

15:50:19.0554 4972        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:50:19.0605 4972        sppuinotify - ok

15:50:19.0664 4972        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:50:19.0746 4972        srv - ok

15:50:19.0784 4972        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:50:19.0819 4972        srv2 - ok

15:50:19.0841 4972        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:50:19.0871 4972        srvnet - ok

15:50:19.0905 4972        ssadbus         (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys

15:50:19.0945 4972        ssadbus - ok

15:50:19.0967 4972        ssadmdfl        (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys

15:50:19.0998 4972        ssadmdfl - ok

15:50:20.0022 4972        ssadmdm         (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys

15:50:20.0047 4972        ssadmdm - ok

15:50:20.0094 4972        sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys

15:50:20.0104 4972        sscdbus - ok

15:50:20.0125 4972        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys

15:50:20.0132 4972        sscdmdfl - ok

15:50:20.0158 4972        sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys

15:50:20.0167 4972        sscdmdm - ok

15:50:20.0205 4972        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:50:20.0260 4972        SSDPSRV - ok

15:50:20.0285 4972        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys

15:50:20.0291 4972        SSPORT - ok

15:50:20.0313 4972        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:50:20.0343 4972        SstpSvc - ok

15:50:20.0437 4972        Stereo Service  (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

15:50:20.0447 4972        Stereo Service - ok

15:50:20.0464 4972        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:50:20.0473 4972        stexstor - ok

15:50:20.0533 4972        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:50:20.0571 4972        stisvc - ok

15:50:20.0623 4972        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

15:50:20.0633 4972        storflt - ok

15:50:20.0661 4972        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

15:50:20.0695 4972        StorSvc - ok

15:50:20.0720 4972        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

15:50:20.0730 4972        storvsc - ok

15:50:20.0755 4972        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:50:20.0765 4972        swenum - ok

15:50:20.0806 4972        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:50:20.0862 4972        swprv - ok

15:50:20.0951 4972        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:50:21.0000 4972        SysMain - ok

15:50:21.0104 4972        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:50:21.0134 4972        TabletInputService - ok

15:50:21.0165 4972        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:50:21.0222 4972        TapiSrv - ok

15:50:21.0250 4972        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:50:21.0309 4972        TBS - ok

15:50:21.0435 4972        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

15:50:21.0478 4972        Tcpip - ok

15:50:21.0614 4972        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

15:50:21.0651 4972        TCPIP6 - ok

15:50:21.0703 4972        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:50:21.0751 4972        tcpipreg - ok

15:50:21.0779 4972        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:50:21.0807 4972        TDPIPE - ok

15:50:21.0810 4972        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

15:50:21.0847 4972        TDTCP - ok

15:50:21.0895 4972        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:50:21.0928 4972        tdx - ok

15:50:22.0129 4972        TeamViewer7     (33966a658ff37e0c65d46e59f37e2380) C:\Users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe

15:50:22.0175 4972        TeamViewer7 - ok

15:50:22.0273 4972        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:50:22.0283 4972        TermDD - ok

15:50:22.0324 4972        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:50:22.0385 4972        TermService - ok

15:50:22.0413 4972        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:50:22.0448 4972        Themes - ok

15:50:22.0471 4972        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:50:22.0508 4972        THREADORDER - ok

15:50:22.0540 4972        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:50:22.0580 4972        TrkWks - ok

15:50:22.0632 4972        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:50:22.0676 4972        TrustedInstaller - ok

15:50:22.0700 4972        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:50:22.0727 4972        tssecsrv - ok

15:50:22.0766 4972        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:50:22.0808 4972        TsUsbFlt - ok

15:50:22.0850 4972        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:50:22.0902 4972        tunnel - ok

15:50:22.0932 4972        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:50:22.0941 4972        uagp35 - ok

15:50:22.0990 4972        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:50:23.0036 4972        udfs - ok

15:50:23.0078 4972        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:50:23.0106 4972        UI0Detect - ok

15:50:23.0145 4972        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:50:23.0156 4972        uliagpkx - ok

15:50:23.0206 4972        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:50:23.0219 4972        umbus - ok

15:50:23.0222 4972        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:50:23.0245 4972        UmPass - ok

15:50:23.0274 4972        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

15:50:23.0298 4972        UmRdpService - ok

15:50:23.0401 4972        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:50:23.0443 4972        upnphost - ok

15:50:23.0475 4972        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

15:50:23.0488 4972        usbaudio - ok

15:50:23.0503 4972        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:50:23.0533 4972        usbccgp - ok

15:50:23.0569 4972        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:50:23.0582 4972        usbcir - ok

15:50:23.0594 4972        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

15:50:23.0619 4972        usbehci - ok

15:50:23.0662 4972        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:50:23.0692 4972        usbhub - ok

15:50:23.0719 4972        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:50:23.0744 4972        usbohci - ok

15:50:23.0776 4972        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:50:23.0806 4972        usbprint - ok

15:50:23.0828 4972        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:50:23.0867 4972        USBSTOR - ok

15:50:23.0888 4972        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

15:50:23.0916 4972        usbuhci - ok

15:50:23.0942 4972        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:50:23.0989 4972        UxSms - ok

15:50:24.0017 4972        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:50:24.0027 4972        VaultSvc - ok

15:50:24.0052 4972        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:50:24.0060 4972        vdrvroot - ok

15:50:24.0109 4972        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:50:24.0164 4972        vds - ok

15:50:24.0181 4972        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:50:24.0194 4972        vga - ok

15:50:24.0212 4972        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:50:24.0249 4972        VgaSave - ok

15:50:24.0278 4972        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:50:24.0289 4972        vhdmp - ok

15:50:24.0304 4972        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:50:24.0312 4972        viaide - ok

15:50:24.0345 4972        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

15:50:24.0359 4972        vmbus - ok

15:50:24.0387 4972        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

15:50:24.0411 4972        VMBusHID - ok

15:50:24.0431 4972        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:50:24.0442 4972        volmgr - ok

15:50:24.0483 4972        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:50:24.0501 4972        volmgrx - ok

15:50:24.0540 4972        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:50:24.0556 4972        volsnap - ok

15:50:24.0571 4972        vpnva - ok

15:50:24.0603 4972        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:50:24.0617 4972        vsmraid - ok

15:50:24.0708 4972        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:50:24.0783 4972        VSS - ok

15:50:24.0873 4972        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

15:50:24.0896 4972        vwifibus - ok

15:50:24.0940 4972        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:50:24.0981 4972        W32Time - ok

15:50:25.0000 4972        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:50:25.0026 4972        WacomPen - ok

15:50:25.0077 4972        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:50:25.0126 4972        WANARP - ok

15:50:25.0128 4972        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:50:25.0156 4972        Wanarpv6 - ok

15:50:25.0237 4972        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:50:25.0275 4972        wbengine - ok

15:50:25.0355 4972        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:50:25.0376 4972        WbioSrvc - ok

15:50:25.0419 4972        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:50:25.0443 4972        wcncsvc - ok

15:50:25.0461 4972        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:50:25.0485 4972        WcsPlugInService - ok

15:50:25.0527 4972        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:50:25.0537 4972        Wd - ok

15:50:25.0581 4972        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:50:25.0605 4972        Wdf01000 - ok

15:50:25.0618 4972        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:50:25.0680 4972        WdiServiceHost - ok

15:50:25.0683 4972        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:50:25.0700 4972        WdiSystemHost - ok

15:50:25.0735 4972        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:50:25.0765 4972        WebClient - ok

15:50:25.0786 4972        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:50:25.0837 4972        Wecsvc - ok

15:50:25.0852 4972        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:50:25.0882 4972        wercplsupport - ok

15:50:25.0908 4972        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:50:25.0938 4972        WerSvc - ok

15:50:25.0993 4972        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:50:26.0028 4972        WfpLwf - ok

15:50:26.0040 4972        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:50:26.0049 4972        WIMMount - ok

15:50:26.0072 4972        WinDefend - ok

15:50:26.0077 4972        WinHttpAutoProxySvc - ok

15:50:26.0133 4972        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:50:26.0166 4972        Winmgmt - ok

15:50:26.0263 4972        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:50:26.0318 4972        WinRM - ok

15:50:26.0416 4972        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

15:50:26.0443 4972        WinUsb - ok

15:50:26.0502 4972        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:50:26.0549 4972        Wlansvc - ok

15:50:26.0586 4972        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:50:26.0598 4972        WmiAcpi - ok

15:50:26.0653 4972        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:50:26.0683 4972        wmiApSrv - ok

15:50:26.0727 4972        WMPNetworkSvc - ok

15:50:26.0742 4972        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:50:26.0768 4972        WPCSvc - ok

15:50:26.0806 4972        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:50:26.0823 4972        WPDBusEnum - ok

15:50:26.0860 4972        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:50:26.0906 4972        ws2ifsl - ok

15:50:26.0928 4972        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

15:50:26.0953 4972        wscsvc - ok

15:50:26.0956 4972        WSearch - ok

15:50:27.0082 4972        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

15:50:27.0170 4972        wuauserv - ok

15:50:27.0255 4972        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:50:27.0300 4972        WudfPf - ok

15:50:27.0320 4972        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:50:27.0363 4972        WUDFRd - ok

15:50:27.0385 4972        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:50:27.0414 4972        wudfsvc - ok

15:50:27.0451 4972        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:50:27.0492 4972        WwanSvc - ok

15:50:27.0515 4972        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1

15:50:27.0790 4972        \Device\Harddisk1\DR1 - ok

15:50:27.0803 4972        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:50:28.0389 4972        \Device\Harddisk0\DR0 - ok

15:50:28.0392 4972        Boot (0x1200)   (f1c432d3024b43ccf054647569d83ec5) \Device\Harddisk0\DR0\Partition0

15:50:28.0393 4972        \Device\Harddisk0\DR0\Partition0 - ok

15:50:28.0396 4972        Boot (0x1200)   (4819214da170bfb43ad0d455e06fc66e) \Device\Harddisk0\DR0\Partition1

15:50:28.0398 4972        \Device\Harddisk0\DR0\Partition1 - ok

15:50:28.0414 4972        Boot (0x1200)   (723f5836c958e6c728d3cd50cabc1e9e) \Device\Harddisk0\DR0\Partition2

15:50:28.0416 4972        \Device\Harddisk0\DR0\Partition2 - ok

15:50:28.0416 4972        ============================================================

15:50:28.0416 4972        Scan finished

15:50:28.0416 4972        ============================================================

15:50:28.0427 4996        Detected object count: 0

15:50:28.0427 4996        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

combo fix done :)

[code]
Combofix Logfile:

Code:

ComboFix 12-07-11.03 - Martin 11.07.2012  16:08:28.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2800 [GMT 2:00]

ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

c:\windows\SysWow64\muzapp.exe

E:\setup.exe

F:\install.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))

.

.

2012-07-11 13:09 . 2012-07-11 13:09        --------        dc----w-        C:\_OTL

2012-07-10 11:10 . 2012-07-10 11:10        --------        dc----w-        C:\NVIDIA

2012-07-09 14:03 . 2012-07-09 14:03        --------        d-----w-        c:\program files (x86)\ESET

2012-07-05 18:23 . 2012-07-05 18:23        --------        d-----w-        c:\users\Martin\AppData\Roaming\Malwarebytes

2012-07-05 18:23 . 2012-07-05 18:23        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-05 18:23 . 2012-07-05 18:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-05 18:23 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-04 18:06 . 2012-07-04 18:06        --------        d-----w-        c:\programdata\Citrix

2012-07-04 18:06 . 2012-07-04 18:10        --------        d-----w-        c:\users\Martin\AppData\Roaming\ICAClient

2012-07-04 18:06 . 2012-07-04 18:06        --------        d-----w-        c:\users\Martin\AppData\Local\Citrix

2012-07-04 18:06 . 2012-07-04 18:06        --------        d-----w-        c:\program files (x86)\Citrix

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"PDFPrint"="e:\pdf24\pdf24.exe" [2011-12-16 220744]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]

S2 TeamViewer7;TeamViewer 7;c:\users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]

S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - e:\office14\ONBttnIE.dll/105

IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - e:\office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-KiesPDLR - c:\windows\system32\External\FirmwareUpdate\KiesPDLR.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*C*]

@=multi:"\00ÿÿ\00\00"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

E:\cvpnd.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\users\Martin\temp\TeamViewer\Version7\TeamViewer.exe

c:\users\Martin\temp\TeamViewer\Version7\tv_w32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-11  16:18:33 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-11 14:18

.

Vor Suchlauf: 1.235.206.144 Bytes frei

Nach Suchlauf: 1.117.290.496 Bytes frei

.

- - End Of File - - B453EA9A4789BD5C3D55A54ECE0654F4

--- --- ---

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

und hier das adw log

Code:

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 17:27:26

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : x - x-PC

# Running from : C:\Users\x\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v4.0 (de)
 

Profile name : default 

File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]

AdwCleaner[S1].txt - [10431 octets] - [10/07/2012 21:31:51]

AdwCleaner[R2].txt - [827 octets] - [12/07/2012 17:27:26]
 

########## EOF - C:\AdwCleaner[R2].txt - [954 octets] ##########

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

so anbei schonmal das mgr und osam log. beim ausführen von aswMBR trat nach einer zeit ein Fehler auf " avast! Antirootkit funktioniert nicht mehr... Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen udn Sie werden benachrichtigt, wenn eien Lösung verfügbar ist."

Code:

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 17:27:26

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : x - x-PC

# Running from : C:\Users\x\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v4.0 (de)
 

Profile name : default 

File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]

AdwCleaner[S1].txt - [10431 octets] - [10/07/2012 21:31:51]

AdwCleaner[R2].txt - [827 octets] - [12/07/2012 17:27:26]
 

########## EOF - C:\AdwCleaner[R2].txt - [954 octets] ##########

und osam

[code]
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:46:36 on 12.07.2012
 

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - E:\Office14\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva64.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)

"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys

"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)

"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - E:\7-Zip\7-zip.dll

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office14\VISSHE.DLL

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office14\VISSHE.DLL

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\Office14\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - E:\Office14\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\Office14\OLKFSTUB.DLL
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\Office14\ONBttnIE.dll

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - E:\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - E:\Office14\URLREDIR.DLL

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Logitech Vid" - "Logitech Inc." - "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"PDFPrint" - "Geek Software GmbH" - E:\PDF24\pdf24.exe

"Samsung PanelMgr" - ? - C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - E:\cvpnd.exe

"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Process Monitor" (LVPrcS64) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Du hast das adwCleaner Log nochmal gepostet, es fehlt das von aswMBR
Ganz unten zu aswMBR hab ich übrigens noch einen Hinweis gepostet :pfeiff:

ha... :) wer lesen kann.. :) jap sorry

hier jetzt das aswMBR log

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-12 22:18:05

-----------------------------

22:18:05.170    OS Version: Windows x64 6.1.7601 Service Pack 1

22:18:05.170    Number of processors: 2 586 0xF0B

22:18:05.171    ComputerName: MARTIN-PC  UserName: Martin

22:18:05.408    Initialize success

22:18:09.197    AVAST engine defs: 12071201

22:18:19.675    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

22:18:19.678    Disk 0 Vendor: SAMSUNG_HD252KJ CM100-12 Size: 238475MB BusType: 3

22:18:19.680    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

22:18:19.683    Disk 1 Vendor: WDC_WD1600BB-22GUC0 08.02D08 Size: 152627MB BusType: 3

22:18:19.700    Disk 0 MBR read successfully

22:18:19.703    Disk 0 MBR scan

22:18:19.707    Disk 0 Windows 7 default MBR code

22:18:19.710    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        24999 MB offset 63

22:18:19.715    Disk 0 Partition - 00     0F Extended LBA            213465 MB offset 51199155

22:18:19.734    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        85997 MB offset 51199218

22:18:19.739    Disk 0 Partition - 00     05     Extended            113466 MB offset 255995775

22:18:19.755    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       113466 MB offset 255995838

22:18:19.789    Disk 0 scanning C:\Windows\system32\drivers

22:18:27.648    Service scanning

22:18:43.871    Modules scanning

22:18:43.877    Disk 0 trace - called modules:

22:18:43.917    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

22:18:43.922    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004926060]

22:18:43.927    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80047c7e40]

22:18:43.932    5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004472680]

22:18:43.938    Scan finished successfully

22:19:10.875    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"

22:19:10.880    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

Was ist mit GMER? Ging das auch nicht?

Hallo Arne,

GEMR läuft zwar durch und meldet danach no modifications found... aber das log file lässt sich nicht darstellen bzw es ist einfach leer, kopiert auch nichts in die zwischenablage wenn ich auf copy klicke. das selbe im abgesicherten Modus...

gruß

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

okay is gemacht, Malewarebytes hat nix gefunden dafür aber SUPERAntiSpyware...:schmoll:

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.13.10
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Martin :: MARTIN-PC [Administrator]
 

Schutz: Aktiviert
 

13.07.2012 22:22:59

mbam-log-2012-07-13 (22-22-59).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 574631

Laufzeit: 44 Minute(n), 17 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/13/2012 at 11:56 PM
 

Application Version : 5.5.1006
 

Core Rules Database Version : 8898

Trace Rules Database Version: 6710
 

Scan type       : Complete Scan

Total Scan Time : 00:39:57
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 630

Memory threats detected   : 0

Registry items scanned    : 69292

Registry threats detected : 0

File items scanned        : 57930

File threats detected     : 207
 

Adware.Tracking Cookie

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\RZJH4N3Q.txt [ /tracking.mlsat02.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\YTMHKMML.txt [ /serving-sys.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\LXD4GGDM.txt [ /www.googleadservices.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\X070RZX1.txt [ /de.sitestat.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\OZZZT2U1.txt [ /track.adform.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\V8FBA4M2.txt [ /c.atdmt.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\83F1VX80.txt [ /ad.zanox.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\DVHTG2CB.txt [ /banners.mennation.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\NRNGVVAP.txt [ /amazon-adsystem.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\RJ2PAWHZ.txt [ /clickfuse.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\I35TEK33.txt [ /statcounter.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\S10TZ7GF.txt [ /zbox.zanox.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\1ZEG775D.txt [ /adtech.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\9QBBQ916.txt [ /doubleclick.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\XWLTX8AY.txt [ /kabelbw.112.2o7.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\X0T3JALU.txt [ /ad.360yield.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\3PECZW2D.txt [ /apmebf.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\QJZ2212D.txt [ /adfarm1.adition.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\B3V00AEN.txt [ /audiag.112.2o7.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\SRFI7UF2.txt [ /www.zanox-affiliate.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\M6HN3CZE.txt [ /imrworldwide.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\BWDMV88Q.txt [ /ads.gayboystube.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\7XA8KHF7.txt [ /fastclick.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\6KHYUPZW.txt [ /teufel-media.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\2KRVLTRY.txt [ /zanox-affiliate.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\9OX6WHRU.txt [ /adform.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\8WL3UQM6.txt [ /ad4.adfarm1.adition.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\2GZLJKMO.txt [ /zanox.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\MVM5UX1O.txt [ /stats.paypal.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\XKIRV8P5.txt [ /ads.immobilienscout24.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\K9W6NYU4.txt [ /mediaplex.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\EZ0EK8DK.txt [ /smartadserver.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\VDBJGFDT.txt [ /adultfriendfinder.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\THRN47YA.txt [ /tracking.mobile.de ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\6FTB6FQC.txt [ /revsci.net ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\AN2RPKOC.txt [ /atdmt.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\FXK2GZ3I.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\T7BSY396.txt [ /ad.yieldmanager.com ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q7PQQZPM.txt [ Cookie:martin@weborama.fr/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQ7VX8K9.txt [ Cookie:martin@webmasterplan.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QLU9M1R.txt [ Cookie:martin@e-2dj6wml4kpdpsco.stats.esomniture.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKGWNR66.txt [ Cookie:martin@tribalfusion.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5H0NNSOG.txt [ Cookie:martin@gostats.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ED6SJ7SQ.txt [ Cookie:martin@tradedoubler.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVIT9C10.txt [ Cookie:martin@eas.apm.emediate.eu/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8UNXEO9.txt [ Cookie:martin@ad.dyntracker.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGU4M472.txt [ Cookie:martin@cheaptickets.122.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EF2M1OVR.txt [ Cookie:martin@de.sitestat.com/is24/is24/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FXSZIJ6.txt [ Cookie:martin@yieldmanager.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2EW5UXL.txt [ Cookie:martin@lfstmedia.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0LZBALJO.txt [ Cookie:martin@www.burstnet.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWY43ETP.txt [ Cookie:martin@track.adform.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ESNMYME.txt [ Cookie:martin@pornhub.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0TPBICZ.txt [ Cookie:martin@banners.mennation.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\15U4YX1P.txt [ Cookie:martin@www.active-tracking.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PACEE5C0.txt [ Cookie:martin@ad1.adfarm1.adition.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSA9PW8G.txt [ Cookie:martin@traffictrack.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZKP1T69.txt [ Cookie:martin@amazon-adsystem.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H7TM763A.txt [ Cookie:martin@clickfuse.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLP7HAO2.txt [ Cookie:martin@statcounter.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EIWWUGRT.txt [ Cookie:martin@e-2dj6wfl4ugazigo.stats.esomniture.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBJUVWM5.txt [ Cookie:martin@adtech.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYEXVVIX.txt [ Cookie:martin@pornografish.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\61OJ01XI.txt [ Cookie:martin@doubleclick.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4FB1RV1W.txt [ Cookie:martin@guj.122.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SR6Q62J0.txt [ Cookie:martin@www.googleadservices.com/pagead/conversion/1065452230/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\11Z17PUB.txt [ Cookie:martin@www.usenext.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1LC4ESK.txt [ Cookie:martin@apmebf.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1YTFGJTQ.txt [ Cookie:martin@audiag.112.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y85XO3HL.txt [ Cookie:martin@media6degrees.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ1F0FSS.txt [ Cookie:martin@www.zanox-affiliate.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\50ZK9XMS.txt [ Cookie:martin@partners.webmasterplan.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IX6DJG6H.txt [ Cookie:martin@track.effiliation.com/servlet/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRFBP4PM.txt [ Cookie:martin@imrworldwide.com/cgi-bin ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZFFEO3E.txt [ Cookie:martin@zedo.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\898JDG3P.txt [ Cookie:martin@tracking.quisma.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RVKP1TX.txt [ Cookie:martin@ru4.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSVBUKHC.txt [ Cookie:martin@im.banner.t-online.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5MJAGTJ.txt [ Cookie:martin@tradefx.advertserve.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QX1SK097.txt [ Cookie:martin@eyewonder.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BR8WPW35.txt [ Cookie:martin@www.counter-gratis.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YX2CMW3.txt [ Cookie:martin@www.gotgayporn.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3V6PUTK.txt [ Cookie:martin@paypal.112.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JR0SB6E.txt [ Cookie:martin@twinkteenboys.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZ9ASMJ5.txt [ Cookie:martin@a.revenuemax.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QDG0LS35.txt [ Cookie:martin@zanox-affiliate.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6A0SVO93.txt [ Cookie:martin@www.pornhub.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJFJLJYX.txt [ Cookie:martin@specificclick.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PB20ENF.txt [ Cookie:martin@adform.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5DLS3GSB.txt [ Cookie:martin@stats.paypal.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WM7VNXH9.txt [ Cookie:martin@server.iad.liveperson.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4R5M6UC7.txt [ Cookie:martin@e-2dj6whl4klajico.stats.esomniture.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RYNKHTX.txt [ Cookie:martin@deutschepostag.112.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9GDHOPYP.txt [ Cookie:martin@banners.xxxgaymatch.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ADAYQYVV.txt [ Cookie:martin@collective-media.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJTCDHVZ.txt [ Cookie:martin@4stats.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IS0EUMK4.txt [ Cookie:martin@mediaplex.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\740GOJH9.txt [ Cookie:martin@smartadserver.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AIPGQG12.txt [ Cookie:martin@ww251.smartadserver.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XKV1CZ77.txt [ Cookie:martin@exoclick.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MOXKSX8.txt [ Cookie:martin@eas4.emediate.eu/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZMQJYXR.txt [ Cookie:martin@ad.dyntracker.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QA74SUD1.txt [ Cookie:martin@loccitane.solution.weborama.fr/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9AEKYF7L.txt [ Cookie:martin@ads.crakmedia.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X69AK4E0.txt [ Cookie:martin@daimlerag.122.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSQ4MD43.txt [ Cookie:martin@ad2.adfarm1.adition.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6F613NGI.txt [ Cookie:martin@ad.yieldmanager.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VYOD26T4.txt [ Cookie:martin@lucidmedia.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP78XPXF.txt [ Cookie:martin@tracking.mindshare.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\21ILGU46.txt [ Cookie:martin@loyaltypartner.122.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QBHG5DAQ.txt [ Cookie:martin@liveperson.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00F74KIE.txt [ Cookie:martin@www.etracker.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJ9PIO5Q.txt [ Cookie:martin@www.googleadservices.com/pagead/conversion/1020441494/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NO4O5UXE.txt [ Cookie:martin@e-2dj6aeloggdpwfp.stats.esomniture.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCY4X57K.txt [ Cookie:martin@c.atdmt.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BO8D9OWA.txt [ Cookie:martin@efashionsolutions.122.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMHWC6BL.txt [ Cookie:martin@zbox.zanox.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HEFO1GB.txt [ Cookie:martin@www.googleadservices.com/pagead/conversion/1066927890/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VMAB935.txt [ Cookie:martin@ehg-cheaptickets.hitbox.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C52HMOD3.txt [ Cookie:martin@hightraffic.hugoboss.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JEJ4XTCP.txt [ Cookie:martin@bs.serving-sys.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BU5LHSDB.txt [ Cookie:martin@xiti.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\903UKVX1.txt [ Cookie:martin@e-2dj6aekyajd5gco.stats.esomniture.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AV04REBP.txt [ Cookie:martin@112.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNIJFRPH.txt [ Cookie:martin@ads2.zeusclicks.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYUKQLUC.txt [ Cookie:martin@toplist.cz/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V09K2QU5.txt [ Cookie:martin@www.netdebit-counter.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I5OZUIU0.txt [ Cookie:martin@accounts.google.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J0J8HM31.txt [ Cookie:martin@dmtracker.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KQLLMWDQ.txt [ Cookie:martin@adsys.airbus.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJR84GAM.txt [ Cookie:martin@edates.traffective-tracking.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PU5JABYT.txt [ Cookie:martin@adviva.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3Z7T67S.txt [ Cookie:martin@nhhotelessa.112.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FTHCB6SH.txt [ Cookie:martin@xxxgaymatch.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JP7JKSBO.txt [ Cookie:martin@www.googleadservices.com/pagead/conversion/1042266355/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIJC00HB.txt [ Cookie:martin@labelfinder.gq-magazin.de/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMB21ATV.txt [ Cookie:martin@statse.webtrendslive.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3ES08KM7.txt [ Cookie:martin@adultfriendfinder.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QABNM53P.txt [ Cookie:martin@revsci.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NC57XZN6.txt [ Cookie:martin@advertising.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XU2OHMQD.txt [ Cookie:martin@oms.122.2o7.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WSWU0J9.txt [ Cookie:martin@aim4media.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VEBI6A9L.txt [ Cookie:martin@livestat.derstandard.at/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VR1E9DRL.txt [ Cookie:martin@ad.adition.net/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3V7AHU0.txt [ Cookie:martin@www.googleadservices.com/pagead/conversion/1031060403/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXFNIB2O.txt [ Cookie:martin@geobanner.xxxgaymatch.com/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MYEATJT.txt [ Cookie:martin@www.googleadservices.com/pagead/conversion/1071151030/ ]

        C:\USERS\MARTIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OM4ASHGD.txt [ Cookie:martin@tracking.mobile.de/ ]

        C:\USERS\MARTIN\Cookies\RZJH4N3Q.txt [ Cookie:martin@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\MARTIN\Cookies\X070RZX1.txt [ Cookie:martin@de.sitestat.com/is24/is24/ ]

        C:\USERS\MARTIN\Cookies\OZZZT2U1.txt [ Cookie:martin@track.adform.net/ ]

        C:\USERS\MARTIN\Cookies\V8FBA4M2.txt [ Cookie:martin@c.atdmt.com/ ]

        C:\USERS\MARTIN\Cookies\DVHTG2CB.txt [ Cookie:martin@banners.mennation.com/ ]

        C:\USERS\MARTIN\Cookies\NRNGVVAP.txt [ Cookie:martin@amazon-adsystem.com/ ]

        C:\USERS\MARTIN\Cookies\RJ2PAWHZ.txt [ Cookie:martin@clickfuse.com/ ]

        C:\USERS\MARTIN\Cookies\I35TEK33.txt [ Cookie:martin@statcounter.com/ ]

        C:\USERS\MARTIN\Cookies\S10TZ7GF.txt [ Cookie:martin@zbox.zanox.com/ ]

        C:\USERS\MARTIN\Cookies\1ZEG775D.txt [ Cookie:martin@adtech.de/ ]

        C:\USERS\MARTIN\Cookies\9QBBQ916.txt [ Cookie:martin@doubleclick.net/ ]

        C:\USERS\MARTIN\Cookies\XWLTX8AY.txt [ Cookie:martin@kabelbw.112.2o7.net/ ]

        C:\USERS\MARTIN\Cookies\3PECZW2D.txt [ Cookie:martin@apmebf.com/ ]

        C:\USERS\MARTIN\Cookies\B3V00AEN.txt [ Cookie:martin@audiag.112.2o7.net/ ]

        C:\USERS\MARTIN\Cookies\SRFI7UF2.txt [ Cookie:martin@www.zanox-affiliate.de/ ]

        C:\USERS\MARTIN\Cookies\M6HN3CZE.txt [ Cookie:martin@imrworldwide.com/cgi-bin ]

        C:\USERS\MARTIN\Cookies\6KHYUPZW.txt [ Cookie:martin@teufel-media.de/ ]

        C:\USERS\MARTIN\Cookies\2KRVLTRY.txt [ Cookie:martin@zanox-affiliate.de/ ]

        C:\USERS\MARTIN\Cookies\9OX6WHRU.txt [ Cookie:martin@adform.net/ ]

        C:\USERS\MARTIN\Cookies\MVM5UX1O.txt [ Cookie:martin@stats.paypal.com/ ]

        C:\USERS\MARTIN\Cookies\K9W6NYU4.txt [ Cookie:martin@mediaplex.com/ ]

        C:\USERS\MARTIN\Cookies\EZ0EK8DK.txt [ Cookie:martin@smartadserver.com/ ]

        C:\USERS\MARTIN\Cookies\VDBJGFDT.txt [ Cookie:martin@adultfriendfinder.com/ ]

        C:\USERS\MARTIN\Cookies\THRN47YA.txt [ Cookie:martin@tracking.mobile.de/ ]

        C:\USERS\MARTIN\Cookies\6FTB6FQC.txt [ Cookie:martin@revsci.net/ ]

        C:\USERS\MARTIN\Cookies\FXK2GZ3I.txt [ Cookie:martin@ad2.adfarm1.adition.com/ ]

        C:\USERS\MARTIN\Cookies\T7BSY396.txt [ Cookie:martin@ad.yieldmanager.com/ ]

        .doubleclick.net [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        pornografish.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .banners.xxxgaymatch.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .banners.xxxgaymatch.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .banners.xxxgaymatch.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .banners.xxxgaymatch.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .banners.xxxgaymatch.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .banners.xxxgaymatch.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        teufel-media.de [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        zbox.zanox.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKGQZMAB.DEFAULT\COOKIES.SQLITE ]

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Arne,
ja danke mit den cookies werde ich mir was sinnvolles überlgen. danke. :applaus:

und nochmal :applaus: für die Hilfe bin echt froh drum das ich Euer Fourum gefunden habe, bin zwar nicht völlig unbewandert in sachen IT aber bei sowas is bei mir dann doch Ende :) ein "donate" is auch schon erledigt ;)

PC läuft sauber wie gewohnt. sehr gut.

Zum Abschluss dann doch noch ne Frage. Was war das jetzt genau für ein Trojaner? und wie kann sowas passieren? Und viel wichtiger wie kann ich mich davor effektitv schützen?

Viele Grüße udn danke nochmal, booth :party:

Das war die typosche Ransomware (Erpresser-Software). Verbreitungsweg ist typischerweise durch Sicherheitslücken im Browser bzw. in den Plugins. Immer stark unter Verdacht waren alte Versionen von Java Runtime Environment sowie der Flashplayer und AdobeReader

Halte Dich am besten grob an diese Regeln:

Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
Führe regelmäßig Backups auf externe Medien durch
Arbeite mit eingeschränkten Rechten
Nutze sicherere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen
automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.