Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Weiterleitung über andere Adresse im Browser

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.03.2013, 14:44   #1
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Hallo zusammen!

Ich habe folgendes Problem:
Wenn ich z.B. auf Amazon.de gehe oder auch auf videogameszone.de werde teilweise erst andere Adressen angezeigt und ich lande dann auf der gewünschten Seite oder ich werde auf eine andere Seite weitergeleietet auf die ich gar nicht wollte.

Sowas taucht z.B. auf wenn ich auf Amazon gehen will:
hxxp://search.gutscheinfilter.de/?PHPSESSID=003265380064ca700064ca70ffcd9ac7
oder sowas
hxxp://www.pricerunner.de/track/scripts/transition.php?bt=b2ZmZXI%3D&if=1&mi=29454&ca=223&cn=Computer%3A+Desktop&cp=U3RydWN0dXJlZA%3D%3D&hp=SW5mb3JtYXRpcXVlKDIpLT5PcmRpbmF0ZXVycygyMik%3D&cy= &pi=2721358&pn=HP+Compaq+6200+Pro+Intel+Core+i3-2100+3.1GHz+%2F+2GB+%2F+250GB+%2F+DVDRW+%2F+Win+7+Pro&cc=q-s&du=aHR0cDovL3d3dy5paHJlaXQuZGUvcHJvZHVjdF9pbmZvLnBocD9wcm9kdWN0c19pZD0xNDM2OQ%3D%3D
das leitet mich dann auf diese Seite weiter:
hxxp://www.ihreit.de/?XTCsid=5g7othnf641digrdf6p65tuqg1

Ab und an taucht auch diese Adresse auf:
hxxp://parking.supernova-advertising.com/?PHPSESSID=000e6103001cc206001cc206fff19efc
oder diese


Ich hoffe ihr könnt mir helfen
Habe alles nach Anleitung durchgeführt und als erstes Defogger benutzt und hier folgen die verschiedenen Logfiles:

OTL Log
Zitat:
OTL logfile created on: 10.03.2013 14:44:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ash\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,72% Memory free
3,99 Gb Paging File | 3,08 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 126,52 Gb Free Space | 44,38% Space Free | Partition Type: NTFS

Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.10 14:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
PRC - [2013.02.17 08:04:12 | 000,067,584 | ---- | M] () -- C:\Windows\System32\mtdtcprx.exe
PRC - [2013.02.17 08:03:40 | 000,896,512 | ---- | M] () -- C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.07.19 14:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.11 10:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV - [2013.03.08 13:08:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 05:07:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.17 08:04:12 | 000,067,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\mtdtcprx.exe -- (dqapimig)
SRV - [2013.02.17 08:03:40 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.03 02:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.07.19 14:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 13:30:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.06.11 10:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2013.01.31 04:18:18 | 000,350,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symtdiv.sys -- (SYMTDIv)
DRV - [2013.01.31 04:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.sys -- (SymEFA)
DRV - [2013.01.29 02:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013.01.29 02:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013.01.26 04:54:59 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130309.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.26 04:54:59 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.26 04:54:59 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130309.003\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.22 03:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symds.sys -- (SymDS)
DRV - [2013.01.20 09:17:38 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.01.18 16:43:10 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130308.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.16 03:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ironx86.sys -- (SymIRON)
DRV - [2012.11.16 03:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.09 03:49:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 19:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.03.26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2008.07.19 02:22:49 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.19 02:22:23 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.06.11 10:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=1&o=vp32&d=0809&m=et1300
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKCU\..\SearchScopes\{FFCF1B73-CB48-445D-9D70-F9594D75F8DF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE378
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "OFDb - Alles"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.movie-infos.net"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: EscCloseTab%40Simplest.Ever:1.2
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 17:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.03.10 13:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.01.20 09:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\Ash\AppData\Roaming\Helper
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 13:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 13:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.23 17:18:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.24 10:57:19 | 000,000,000 | ---D | M]

[2010.05.08 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Extensions
[2010.05.08 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.09 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions
[2013.01.31 04:31:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.24 10:03:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.09 17:51:45 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.05.08 11:33:45 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\add-to-searchbox@maltekraus.de
[2013.02.17 08:09:10 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\foxyproxy@eric.h.jung
[2012.03.16 18:47:13 | 000,001,253 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\EscCloseTab@Simplest.Ever.xpi
[2013.03.04 19:20:12 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.03.24 10:25:31 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013.02.09 04:36:02 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.02.14 07:07:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 15:17:40 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.01 05:22:49 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.02.17 08:19:54 | 000,002,243 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\amazon-decouk.xml
[2013.02.17 08:19:54 | 000,012,770 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\imdb.xml
[2013.02.17 08:19:54 | 000,005,455 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\ofdb---alles.xml
[2013.02.22 13:39:37 | 000,001,328 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\wikipedia-de.xml
[2013.02.17 08:19:54 | 000,002,168 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\youtube-videosuche.xml
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 13:08:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 13:08:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 08:19:54 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 08:19:54 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 08:19:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 08:19:54 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 08:19:54 | 000,001,876 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2013.02.17 08:04:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 08:19:54 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.11.24 13:38:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKCU..\Run: [Wallpaper4U] C:\Program Files\Wallpaper4U\Wallpaper4U.exe -w File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15B3D8A5-804A-43E3-A3CB-8DFA9BF9C9FC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ash\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ash\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.10 14:43:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2013.03.09 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\QuickScan
[2013.03.08 13:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.06 06:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.06 06:39:04 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.03.06 06:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.03.05 19:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.02.24 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\ActivePresenter
[2013.02.24 12:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2013.02.24 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATOMI
[2013.02.24 11:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.02.24 11:20:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.02.23 17:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.02.22 17:09:10 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013.02.22 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Broad Intelligence
[2013.02.22 14:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2013.02.17 08:27:46 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\IObit
[2013.02.17 08:19:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.02.17 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Opera
[2013.02.17 08:03:57 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.02.17 08:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.17 08:03:43 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\DesktopIconForAmazon
[2013.02.17 08:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\OCS
[2013.02.16 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2013.02.16 09:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.02.15 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2013.02.15 13:47:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\MAGIX Downloads
[2013.02.15 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\MAGIX
[2013.02.15 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Logitech® Webcam-Software
[2013.02.15 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Leadertech
[2013.02.15 12:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.02.15 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2013.02.15 12:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.15 12:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2013.02.15 12:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.15 12:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.02.09 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Unity

========== Files - Modified Within 30 Days ==========

[2013.03.10 14:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2013.03.10 14:42:25 | 000,000,000 | ---- | M] () -- C:\Users\Ash\defogger_reenable
[2013.03.10 14:40:54 | 000,050,477 | ---- | M] () -- C:\Users\Ash\Desktop\Defogger.exe
[2013.03.10 14:33:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.10 14:20:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18774119-C679-4AA5-B698-E5A37E721850}.job
[2013.03.10 14:07:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 13:35:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.03.10 13:34:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.10 13:34:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.03.10 13:34:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 13:34:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 13:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 13:34:27 | 2011,566,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 15:21:39 | 000,215,040 | ---- | M] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.07 07:35:11 | 055,996,697 | ---- | M] () -- C:\Users\Ash\Desktop\PC vs. Konsole Cut.mp3
[2013.03.06 06:30:16 | 002,037,347 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.04 07:35:00 | 000,633,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 07:35:00 | 000,599,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 07:35:00 | 000,128,784 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 07:35:00 | 000,105,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.03 09:45:34 | 000,372,026 | ---- | M] () -- C:\Users\Ash\Desktop\doc(1).pdf
[2013.02.28 18:08:41 | 110,547,293 | ---- | M] () -- C:\Users\Ash\Desktop\PC vs. Konsole.mp3
[2013.02.27 16:44:15 | 040,701,114 | ---- | M] () -- C:\Users\Ash\Desktop\P3_Podcast_102.mp3
[2013.02.17 08:04:12 | 000,067,584 | ---- | M] () -- C:\Windows\System32\mtdtcprx.exe
[2013.02.15 06:13:21 | 000,323,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 20:59:51 | 000,005,241 | ---- | M] () -- C:\Users\Ash\.recently-used.xbel
[2013.02.14 18:39:41 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\isolate.ini
[2013.02.09 13:13:34 | 050,069,252 | ---- | M] () -- C:\Users\Ash\Desktop\P3_Podcast_101.mp3

========== Files Created - No Company Name ==========

[2013.03.10 14:42:25 | 000,000,000 | ---- | C] () -- C:\Users\Ash\defogger_reenable
[2013.03.10 14:40:51 | 000,050,477 | ---- | C] () -- C:\Users\Ash\Desktop\Defogger.exe
[2013.03.10 13:35:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.03.07 07:26:53 | 055,996,697 | ---- | C] () -- C:\Users\Ash\Desktop\PC vs. Konsole Cut.mp3
[2013.03.03 09:45:34 | 000,372,026 | ---- | C] () -- C:\Users\Ash\Desktop\doc(1).pdf
[2013.02.28 18:07:03 | 110,547,293 | ---- | C] () -- C:\Users\Ash\Desktop\PC vs. Konsole.mp3
[2013.02.27 16:39:51 | 040,701,114 | ---- | C] () -- C:\Users\Ash\Desktop\P3_Podcast_102.mp3
[2013.02.17 08:04:12 | 000,067,584 | ---- | C] () -- C:\Windows\System32\mtdtcprx.exe
[2013.02.17 08:03:57 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.02.14 20:59:51 | 000,005,241 | ---- | C] () -- C:\Users\Ash\.recently-used.xbel
[2013.02.09 13:07:52 | 050,069,252 | ---- | C] () -- C:\Users\Ash\Desktop\P3_Podcast_101.mp3
[2012.04.06 14:55:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 02:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.06.07 09:15:57 | 000,604,160 | ---- | C] () -- C:\Windows\System32\SetupExt.dll
[2010.07.24 13:11:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.11 15:19:11 | 000,215,040 | ---- | C] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 16:14:58 | 000,008,698 | ---- | C] () -- C:\Users\Ash\clearance.wav
[2010.05.08 16:10:30 | 000,027,498 | ---- | C] () -- C:\Users\Ash\alertsnd.wav
[2010.05.08 16:03:54 | 000,030,517 | ---- | C] () -- C:\Users\Ash\avatar-15609.png

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.02.24 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\ActivePresenter
[2010.05.09 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Amazon
[2010.12.19 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Boomzap
[2013.02.22 15:11:32 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Broad Intelligence
[2012.12.14 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012.12.14 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\com.wb.DC2
[2013.02.17 08:03:44 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\DesktopIconForAmazon
[2013.02.14 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\gtk-2.0
[2012.11.27 07:08:53 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\ICQ
[2013.02.17 08:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\IObit
[2013.02.15 12:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Leadertech
[2013.02.15 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\MAGIX
[2013.02.17 08:03:39 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\OCS
[2010.05.15 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\OpenOffice.org
[2013.02.17 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Opera
[2010.12.19 10:56:07 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\PlayFirst
[2013.03.09 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\QuickScan
[2010.10.23 14:09:41 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\SanDisk
[2010.05.08 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Thunderbird
[2010.07.18 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Warsow 0.5
[2010.12.19 10:28:49 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
Extras Log
Zitat:
OTL Extras logfile created on: 10.03.2013 14:44:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ash\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,72% Memory free
3,99 Gb Paging File | 3,08 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 126,52 Gb Free Space | 44,38% Space Free | Partition Type: NTFS

Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{226E7B6F-B201-4DC3-9D04-64E132332EE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{31121D26-AC3E-4A49-A8DA-77B5D23AFFD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B65471E-D5B6-4133-B0C5-C5EAA1898212}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45003CE0-CD5B-4F29-A1C8-22D8D7D005DB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{9D63B296-CE71-4427-A5B6-8F9AF753709B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A54C109D-F0B6-4DCB-953D-6000DB90F8E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7FB3953-CA0C-42BE-B2A5-0AAD45937F62}" = lport=138 | protocol=17 | dir=in | app=system |
"{B807494E-6575-4C56-A782-F4FE6A375DAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{B921C124-F4B6-43B6-AF1A-9754733F83E8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0D294A4-AB56-4F7C-98E7-7B02AEAC2D5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBD79618-23C0-4F70-A532-5DF3E4EF7B5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5F5B347-BD4A-4E2F-8104-FD9087AD885D}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFB4F871-188A-4BE8-984A-1E05806B74E4}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D3B0B8-D2C3-4383-A63C-68713271B3F6}" = dir=out | app=c:\program files\atomi\activepresenter\rlactivator.exe |
"{0358B9CF-E43A-4672-985D-5AF0D5D58EB1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0910446B-0E4C-4F13-9389-1A4CBEA04FE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BA25DA5-5394-410A-AB6B-F184441C2D6B}" = dir=out | app=c:\program files\atomi\activepresenter\activepresenter.exe |
"{0F487081-ADD3-430A-8F0A-E6208FB86781}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{18904E82-FBFB-4C13-855F-E106DF5A74A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2747C3E9-A73E-44A5-86DB-FC43007DEEE3}" = dir=out | app=c:\program files\atomi\activepresenter\rlupdater.exe |
"{354E4271-3276-4E25-86F2-24615D342AA9}" = dir=in | app=c:\program files\atomi\activepresenter\activepresenter.exe |
"{3AF706B2-B671-47DB-A708-2BA8D787B6FB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3B5C933B-ED98-45EC-A5E0-D799003F6941}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{44632013-250B-4EFF-92DF-CEBC5A12E706}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4B38D425-6E93-40A8-93E2-D762F32722C9}" = dir=in | app=c:\program files\atomi\activepresenter\rlactivator.exe |
"{564D7B6C-D752-43CD-AB6E-702E608A4E02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D015A0D-E30C-43C1-A195-508EE2DF7360}" = dir=in | app=c:\program files\atomi\activepresenter\rlupdater.exe |
"{61DE506D-ECB7-436A-99E3-D8146CF6C620}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{61FD1D47-ED4A-4BAF-B265-79B43277A411}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74ECE3D3-EB1E-4624-B416-CB5FE8B5775F}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{84DF2D96-4B64-4356-A6B4-A80D049FCD19}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{92A25B97-96AF-4AB4-A470-FE7106E3D7C1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{A11DA26B-6C59-40FD-B8B5-31834D1761AD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B4B35A1A-A5D3-4AE7-A2BC-C3C659221BE4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C07A38CE-8AA1-4615-9E24-9D42F778C717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C0FD9C45-84D1-4A11-A7DD-13B40783885A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3CE635A-9C02-455A-A884-E674DEA2B632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D10F4455-2314-4CBE-AB67-7E329D2D771B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D976E55F-A827-4C31-9DA5-83FC087E9BFA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E7699D2A-9FE4-4DEF-B0C4-8C51AAC7D8E1}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{E8A4D729-DC7C-4716-918B-1EC63BB44703}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{EB9E387D-0A00-4032-905C-7FC41F19FEDC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F5EACE9C-6CAF-4E02-BCFC-B531FE9D4968}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F83544EA-B906-496D-8ADF-7B489D2827A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1" = ActivePresenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}" = NWZ-B170 WALKMAN Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup" = DivX-Setup
"Episode 1" = Back to the Future The Game - Episode 1
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.45
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.67
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Recover My Files v5_is1" = Recover My Files
"Red Dead Redemption" = Red Dead Redemption Screen Saver
"Steam App 400" = Portal
"VLC media player" = VLC media player 2.0.5
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.08.2012 05:09:06 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.08.2012 10:14:57 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.08.2012 01:24:14 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.08.2012 04:55:27 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.08.2012 09:18:56 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.08.2012 01:30:01 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.08.2012 09:11:52 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.08.2012 12:09:16 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.08.2012 00:30:25 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.08.2012 13:30:37 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 30.07.2010 12:36:51 | Computer Name = Ash-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 527
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07.03.2013 13:06:47 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 07.03.2013 14:41:12 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 07.03.2013 23:28:53 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 08.03.2013 07:50:48 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 08.03.2013 14:05:39 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 08.03.2013 23:29:46 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 09.03.2013 07:27:27 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 09.03.2013 11:20:51 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 10.03.2013 02:26:25 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =

Error - 10.03.2013 08:34:39 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =


< End of report >
Gmer Log
Zitat:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 15:29:11
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000059 Hitachi_ rev.ST2O 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Ash\AppData\Local\Temp\pwldrpow.sys


---- Processes - GMER 2.1 ----

Process (*** hidden *** ) [4] 83F96C10

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Alt 11.03.2013, 10:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.03.2013, 10:51   #3
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Hallo cosinus

Ich kann dir noch den Verlauf von Norton anbieten, von dem Tag wo alles angefangen hat.

Code:
ATTFilter
Kategorie: Scan - Ergebnisse
Datum/Uhrzeit,Risiko,Aktivität,Status,Scandauer (T:S:M:S),Insgesamt gescannte Elemente,Dateien und Verzeichnisse,Registrierungseinträge,Prozesse und Elemente beim Start,Netzwerk- und Browserelemente,Andere,Vertrauenswürdige Dateien,Übersprungene Dateien,Insgesamt erkannte Sicherheitsrisiken,Insgesamt behobene Sicherheitsrisiken,"Sicherkeitsrisiken insgesamt, die ein Eingreifen erfordern"
17.02.2013 12:23:10,Infos,Schnellscan - Ergebnisse,Abgeschlossen,0:00:05:43,11.710,3.131,339,4.502,3.729,9,918,0,0,0,0


Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
17.02.2013 08:04:52,Hoch,gfiltersvc.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\system32\gfiltersvc.exe
17.02.2012 13:41:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,


Kategorie: Quarantäne
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
17.02.2013 08:04:52,Hoch,gfiltersvc.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\system32\gfiltersvc.exe


Kategorie: SONAR-Aktivität
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
17.02.2013 08:04:52,Hoch,gfiltersvc.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\system32\gfiltersvc.exe


Kategorie: Angriffsschutz
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Standardaktionen,Durchgeführte Aktion
17.02.2013 19:48:45,Infos,Version der Angriffsschutz-Engine: 5.1.1.7 Version des Definitionssatzes: 20130215.001,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 19:48:45,Infos,Angriffsschutz überwacht 2654 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 19:48:45,Infos,Angriffsschutz wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 15:18:14,Infos,Angriffsschutz wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 15:18:14,Infos,Version der Angriffsschutz-Engine: 5.1.1.7 Version des Definitionssatzes: 20130215.001,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 15:18:14,Infos,Angriffsschutz überwacht 2654 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 11:57:29,Infos,Angriffsschutz wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 11:57:29,Infos,Angriffsschutz überwacht 2654 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 11:57:29,Infos,Version der Angriffsschutz-Engine: 5.1.1.7 Version des Definitionssatzes: 20130215.001,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 08:08:18,Infos,Angriffsschutz wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 08:08:18,Infos,Angriffsschutz überwacht 2654 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 08:08:18,Infos,Version der Angriffsschutz-Engine: 5.1.1.7 Version des Definitionssatzes: 20130215.001,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 06:41:50,Infos,Angriffsschutz wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 06:41:50,Infos,Version der Angriffsschutz-Engine: 5.1.1.7 Version des Definitionssatzes: 20130215.001,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich
17.02.2013 06:41:50,Infos,Angriffsschutz überwacht 2654 Signaturen. Treiberversion: 11.1.1.5,Erkannt,Keine Aktion erforderlich,Angriffsschutz,Keine Aktion erforderlich,Keine Aktion erforderlich


Kategorie: Download-Insight
Datum/Uhrzeit,Risiko,Aktivität,Status,Pfad - Dateiname
17.02.2013 08:24:58,Infos,Download-Insight stellte den Start von iobituninstallerportable_2.4.6.325.paf.exe fest,Zugriff zugelassen,c:\users\ash\desktop\iobituninstallerportable_2.4.6.325.paf.exe
17.02.2013 08:24:30,Infos,Download-Insight analysierte IObitUninstallerPortable_2.4.6.325.paf.exe,Zugriff zugelassen,c:\Users\Ash\Desktop\IObitUninstallerPortable_2.4.6.325.paf.exe
17.02.2013 08:01:34,Infos,Download-Insight stellte den Start von setup_v11.0.3_full-downloader.exe fest,Zugriff zugelassen,c:\users\ash\desktop\setup_v11.0.3_full-downloader.exe


Kategorie: Identität
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion
17.02.2013 07:02:52,Infos,Antiphishing-Definitionsversion 20130217.001 wurde heruntergeladen,Erkannt,Keine Aktion erforderlich
17.02.2013 07:02:51,Infos,Verwende Antiphishing-Definitionsversion 20130217.001,Erkannt,Keine Aktion erforderlich


Kategorie: Norton-Produktmanipulationsschutz
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Datum,Quelle,Quell-PID,Ziel,Ziel-PID,Aktion,Reaktion,Terminalsitzung
17.02.2013 20:00:54,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Thread-Daten),Blockiert,Keine Aktion erforderlich,17.02.2013 20:00:54,C:\WINDOWS\SYSTEM32\SERVICES.EXE,676,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2908,Zugriff auf Thread-Daten,Nicht autorisierter Zugriff blockiert,
17.02.2013 19:53:45,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 19:53:45,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2408,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\cltlmh.exe,4456,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 19:51:07,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 19:51:07,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2408,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\wscstub.exe,2396,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 19:50:13,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 19:50:13,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2408,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2908,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 16:45:07,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Thread-Daten),Blockiert,Keine Aktion erforderlich,17.02.2013 16:45:07,C:\WINDOWS\SYSTEM32\SERVICES.EXE,612,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2280,Zugriff auf Thread-Daten,Nicht autorisierter Zugriff blockiert,
17.02.2013 15:54:11,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 15:54:11,C:\PROGRAM FILES\COMMON FILES\LOGISHRD\LQCVFX\COCIMANAGER.EXE,1304,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,3352,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,1
17.02.2013 15:53:39,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 15:53:39,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,288,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\cltrt.exe,3188,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 15:35:08,Mittel,Nicht autorisierter Zugriff blockiert (Registrierungssicherheitsschlüssel einrichten),Blockiert,Keine Aktion erforderlich,17.02.2013 15:35:08,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,820,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86\0000\Control\,0,Registrierungssicherheitsschlüssel einrichten,Nicht autorisierter Zugriff blockiert,
17.02.2013 15:23:07,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 15:23:07,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,288,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\cltlmh.exe,5704,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 15:19:22,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 15:19:22,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,288,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2280,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 13:46:59,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Thread-Daten),Blockiert,Keine Aktion erforderlich,17.02.2013 13:46:59,C:\WINDOWS\SYSTEM32\SERVICES.EXE,684,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2560,Zugriff auf Thread-Daten,Nicht autorisierter Zugriff blockiert,
17.02.2013 12:33:01,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 12:33:01,C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,6036,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2560,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 12:33:01,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 12:33:01,C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3548,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2560,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 12:12:25,Mittel,Nicht autorisierter Zugriff blockiert (Registrierungssicherheitsschlüssel einrichten),Blockiert,Keine Aktion erforderlich,17.02.2013 12:12:25,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,920,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86\0000\Control\,0,Registrierungssicherheitsschlüssel einrichten,Nicht autorisierter Zugriff blockiert,
17.02.2013 12:02:21,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 12:02:21,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2060,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\cltlmh.exe,5956,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 11:59:54,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 11:59:54,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2060,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\wscstub.exe,4856,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 11:58:28,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 11:58:28,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2060,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2560,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 09:05:38,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Thread-Daten),Blockiert,Keine Aktion erforderlich,17.02.2013 09:05:38,C:\WINDOWS\SYSTEM32\SERVICES.EXE,620,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2436,Zugriff auf Thread-Daten,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:24:20,Mittel,Nicht autorisierter Zugriff blockiert (Registrierungssicherheitsschlüssel einrichten),Blockiert,Keine Aktion erforderlich,17.02.2013 08:24:20,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,832,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86\0000\Control\,0,Registrierungssicherheitsschlüssel einrichten,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:13:13,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 08:13:13,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2096,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\cltlmh.exe,4464,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:10:34,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 08:10:34,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2096,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\wscstub.exe,1552,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:09:47,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 08:09:47,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,2096,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,2436,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:06:19,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Thread-Daten),Blockiert,Keine Aktion erforderlich,17.02.2013 08:06:19,C:\WINDOWS\SYSTEM32\SERVICES.EXE,612,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,1332,Zugriff auf Thread-Daten,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:05:52,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 08:05:52,C:\WINDOWS\SYSTEM32\MTDTCPRX.EXE,4208,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,1332,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:04:06,Mittel,Nicht autorisierter Zugriff blockiert (Änderungen an Symantec-Diensten über SCM blockieren),Blockiert,Keine Aktion erforderlich,17.02.2013 08:04:06,C:\USERS\ASH\APPDATA\LOCAL\TEMP\OCS\DOWNLOADS\0674E23D6502B36621D489F1B4FBD22A\AD436001F5FD38F69BD6676517882B7C\GUTSCHEINFILTER_R686.EXE,1644,NIS,0,Änderungen an Symantec-Diensten über SCM blockieren,Nicht autorisierter Zugriff blockiert,1
17.02.2013 08:04:04,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,17.02.2013 08:04:04,C:\USERS\ASH\APPDATA\LOCAL\TEMP\OCS\DOWNLOADS\0674E23D6502B36621D489F1B4FBD22A\8A2438A7AA1E858526CAFF1F4DEAB159\ADDONSHELPER.EXE,4352,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,3500,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,
17.02.2013 08:03:55,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,17.02.2013 08:03:55,C:\USERS\ASH\APPDATA\LOCAL\TEMP\OCS\DOWNLOADS\0674E23D6502B36621D489F1B4FBD22A\8A2438A7AA1E858526CAFF1F4DEAB159\ADDONSHELPER.EXE,4352,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,1332,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert,
17.02.2013 07:33:01,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 07:33:01,C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,5416,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,1332,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 07:33:00,Mittel,Nicht autorisierter Zugriff blockiert (Prozess-Token öffnen),Blockiert,Keine Aktion erforderlich,17.02.2013 07:33:00,C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,5940,C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe,1332,Prozess-Token öffnen,Nicht autorisierter Zugriff blockiert,
17.02.2013 06:55:25,Mittel,Nicht autorisierter Zugriff blockiert (Registrierungssicherheitsschlüssel einrichten),Blockiert,Keine Aktion erforderlich,17.02.2013 06:55:25,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,816,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86\0000\Control\,0,Registrierungssicherheitsschlüssel einrichten,Nicht autorisierter Zugriff blockiert,


Kategorie: LiveUpdate
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Art des Update,Ergebnis,Datum/Uhrzeit,Angewendete Updates (gesamt),Norton Web Protection Definitions,Norton Smart Virus Definitions,Norton Pulse Updates,Neustart erforderlich,Risiko
17.02.2013 07:02:52,Infos,LiveUpdate-Sitzung,Abgeschlossen,Keine Aktion erforderlich,Automatisch,Norton LiveUpdate wurde erfolgreich abgeschlossen. Ihr Norton-Produkt hat nun die neuesten Schutz-Updates.,17.02.2013 07:02:52,3,"Erfolgreich (22,27KB)","Erfolgreich (169,27KB)","Erfolgreich (4,26KB)",Nein,Infos
         
__________________

Alt 11.03.2013, 11:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 08:42   #5
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Habe alle drei Programme ausgeführt und soweit lief auch alles nach Plan. mbar hat nicht angeschlagen dafür die anderen beiden. Wollte dann von MBR das Logfile öffnen und Windows sagte mir dass das Dateiformat nicht geöffnet/unterstützt werden kann. Hab's in eine .txt Datei geändert, was auch nicht geholfen hat, da dann nur Zeichen Kauderwelsch auftauchte. Wollte dann nochmal MBR starten um das Logfile halt direkt als txt Datei zu speichern. Daraufhin ist der Rechner während des Scans abestürzt, es kam ein blauer Bildschirm der mir sagte das Windows sich selber heruntergefahren hat, da es eine Bedrohung erkannt hat und mich somit davor schützen wollte. Rechner neu gestartet und es läuft alles wieder normal. Kann dir deshalb kein Logfile von MBR anbieten.

mbar Log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Ash :: ASH-PC [administrator]

12.03.2013 08:31:49
mbar-log-2013-03-12 (08-31-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28722
Time elapsed: 14 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
TDSSKiller Log
Code:
ATTFilter
09:20:55.0848 4480  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:20:56.0192 4480  ============================================================
09:20:56.0192 4480  Current date / time: 2013/03/12 09:20:56.0192
09:20:56.0192 4480  SystemInfo:
09:20:56.0192 4480  
09:20:56.0192 4480  OS Version: 6.0.6001 ServicePack: 1.0
09:20:56.0192 4480  Product type: Workstation
09:20:56.0192 4480  ComputerName: ASH-PC
09:20:56.0192 4480  UserName: Ash
09:20:56.0192 4480  Windows directory: C:\Windows
09:20:56.0192 4480  System windows directory: C:\Windows
09:20:56.0192 4480  Processor architecture: Intel x86
09:20:56.0192 4480  Number of processors: 2
09:20:56.0192 4480  Page size: 0x1000
09:20:56.0192 4480  Boot type: Normal boot
09:20:56.0192 4480  ============================================================
09:20:56.0973 4480  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:20:57.0053 4480  ============================================================
09:20:57.0053 4480  \Device\Harddisk0\DR0:
09:20:57.0089 4480  MBR partitions:
09:20:57.0089 4480  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x23A2DAB0
09:20:57.0089 4480  ============================================================
09:20:57.0123 4480  C: <-> \Device\Harddisk0\DR0\Partition1
09:20:57.0160 4480  ============================================================
09:20:57.0160 4480  Initialize success
09:20:57.0160 4480  ============================================================
09:21:50.0213 4996  ============================================================
09:21:50.0213 4996  Scan started
09:21:50.0213 4996  Mode: Manual; SigCheck; TDLFS; 
09:21:50.0213 4996  ============================================================
09:21:50.0487 4996  ================ Scan system memory ========================
09:21:50.0488 4996  System memory - ok
09:21:50.0488 4996  ================ Scan services =============================
09:21:50.0817 4996  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:21:50.0988 4996  ACPI - ok
09:21:51.0836 4996  [ DBD5934D88CDD8B8C255D857DF9F689B ] AddonsHelper    C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
09:21:52.0066 4996  AddonsHelper ( UnsignedFile.Multi.Generic ) - warning
09:21:52.0066 4996  AddonsHelper - detected UnsignedFile.Multi.Generic (1)
09:21:52.0254 4996  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:52.0277 4996  AdobeFlashPlayerUpdateSvc - ok
09:21:52.0343 4996  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:21:52.0373 4996  adp94xx - ok
09:21:52.0570 4996  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:21:52.0607 4996  adpahci - ok
09:21:52.0670 4996  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:21:52.0703 4996  adpu160m - ok
09:21:52.0800 4996  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:21:52.0819 4996  adpu320 - ok
09:21:52.0988 4996  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:21:53.0092 4996  AeLookupSvc - ok
09:21:53.0189 4996  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
09:21:53.0279 4996  AFD - ok
09:21:53.0367 4996  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:21:53.0386 4996  agp440 - ok
09:21:53.0428 4996  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:21:53.0448 4996  aic78xx - ok
09:21:53.0477 4996  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
09:21:53.0582 4996  ALG - ok
09:21:53.0613 4996  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:21:53.0640 4996  aliide - ok
09:21:53.0662 4996  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:21:53.0679 4996  amdagp - ok
09:21:53.0707 4996  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:21:53.0736 4996  amdide - ok
09:21:53.0759 4996  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:21:53.0824 4996  AmdK7 - ok
09:21:53.0877 4996  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:21:53.0938 4996  AmdK8 - ok
09:21:53.0969 4996  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
09:21:54.0035 4996  Appinfo - ok
09:21:54.0074 4996  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
09:21:54.0092 4996  arc - ok
09:21:54.0153 4996  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:21:54.0163 4996  arcsas - ok
09:21:54.0197 4996  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:21:54.0242 4996  AsyncMac - ok
09:21:54.0261 4996  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:21:54.0270 4996  atapi - ok
09:21:54.0304 4996  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:21:54.0359 4996  AudioEndpointBuilder - ok
09:21:54.0367 4996  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:21:54.0411 4996  Audiosrv - ok
09:21:54.0467 4996  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:21:54.0543 4996  Beep - ok
09:21:54.0590 4996  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
09:21:54.0668 4996  BFE - ok
09:21:55.0112 4996  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
09:21:55.0353 4996  BHDrvx86 - ok
09:21:55.0408 4996  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\system32\qmgr.dll
09:21:55.0525 4996  BITS - ok
09:21:55.0565 4996  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:21:55.0638 4996  blbdrive - ok
09:21:55.0677 4996  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:21:55.0727 4996  bowser - ok
09:21:55.0765 4996  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:21:55.0820 4996  BrFiltLo - ok
09:21:55.0861 4996  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:21:55.0910 4996  BrFiltUp - ok
09:21:55.0981 4996  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
09:21:56.0065 4996  Browser - ok
09:21:56.0131 4996  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:21:56.0308 4996  Brserid - ok
09:21:56.0346 4996  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:21:56.0423 4996  BrSerWdm - ok
09:21:56.0460 4996  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:21:56.0518 4996  BrUsbMdm - ok
09:21:56.0524 4996  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:21:56.0599 4996  BrUsbSer - ok
09:21:56.0639 4996  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:21:56.0682 4996  BTHMODEM - ok
09:21:56.0854 4996  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1403000.024\ccSetx86.sys
09:21:56.0885 4996  ccSet_NIS - ok
09:21:56.0908 4996  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:21:56.0968 4996  cdfs - ok
09:21:57.0033 4996  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:21:57.0101 4996  cdrom - ok
09:21:57.0141 4996  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
09:21:57.0202 4996  CertPropSvc - ok
09:21:57.0238 4996  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
09:21:57.0318 4996  circlass - ok
09:21:57.0343 4996  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
09:21:57.0367 4996  CLFS - ok
09:21:57.0429 4996  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:57.0448 4996  clr_optimization_v2.0.50727_32 - ok
09:21:57.0524 4996  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:21:57.0560 4996  clr_optimization_v4.0.30319_32 - ok
09:21:57.0586 4996  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:21:57.0618 4996  cmdide - ok
09:21:57.0847 4996  [ 360959BBD4F451E1AB811F4304232766 ] CodeMeter.exe   C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
09:21:58.0028 4996  CodeMeter.exe - ok
09:21:58.0052 4996  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:21:58.0069 4996  Compbatt - ok
09:21:58.0077 4996  COMSysApp - ok
09:21:58.0160 4996  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:21:58.0189 4996  crcdisk - ok
09:21:58.0215 4996  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:21:58.0258 4996  Crusoe - ok
09:21:58.0302 4996  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:21:58.0348 4996  CryptSvc - ok
09:21:58.0554 4996  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:21:58.0647 4996  DcomLaunch - ok
09:21:58.0708 4996  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:21:58.0770 4996  DfsC - ok
09:21:58.0844 4996  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
09:21:58.0956 4996  DFSR - ok
09:21:58.0999 4996  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:21:59.0025 4996  Dhcp - ok
09:21:59.0084 4996  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
09:21:59.0093 4996  disk - ok
09:21:59.0232 4996  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:21:59.0362 4996  Dnscache - ok
09:21:59.0491 4996  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:21:59.0607 4996  dot3svc - ok
09:21:59.0729 4996  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
09:21:59.0833 4996  DPS - ok
09:21:59.0946 4996  [ 80D4BC8FBCA4EAAF0F199D2786E66E0D ] dqapimig        C:\Windows\system32\mtdtcprx.exe
09:22:00.0002 4996  dqapimig ( UnsignedFile.Multi.Generic ) - warning
09:22:00.0002 4996  dqapimig - detected UnsignedFile.Multi.Generic (1)
09:22:00.0038 4996  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:22:00.0088 4996  drmkaud - ok
09:22:00.0135 4996  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:22:00.0237 4996  DXGKrnl - ok
09:22:00.0276 4996  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:22:00.0330 4996  E1G60 - ok
09:22:00.0435 4996  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
09:22:00.0523 4996  EapHost - ok
09:22:00.0580 4996  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:22:00.0601 4996  Ecache - ok
09:22:00.0992 4996  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:22:01.0030 4996  eeCtrl - ok
09:22:01.0096 4996  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:22:01.0149 4996  ehRecvr - ok
09:22:01.0166 4996  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
09:22:01.0223 4996  ehSched - ok
09:22:01.0246 4996  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
09:22:01.0316 4996  ehstart - ok
09:22:01.0366 4996  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:22:01.0394 4996  elxstor - ok
09:22:01.0579 4996  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:22:01.0670 4996  EMDMgmt - ok
09:22:01.0699 4996  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:22:01.0715 4996  EraserUtilRebootDrv - ok
09:22:01.0756 4996  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:22:01.0815 4996  ErrDev - ok
09:22:01.0879 4996  [ 4D06D9A26227AC485305133916888DF1 ] ETService       C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
09:22:01.0937 4996  ETService ( UnsignedFile.Multi.Generic ) - warning
09:22:01.0937 4996  ETService - detected UnsignedFile.Multi.Generic (1)
09:22:01.0982 4996  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
09:22:02.0034 4996  EventSystem - ok
09:22:02.0067 4996  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
09:22:02.0137 4996  exfat - ok
09:22:02.0180 4996  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:22:02.0231 4996  fastfat - ok
09:22:02.0302 4996  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:22:02.0374 4996  fdc - ok
09:22:02.0405 4996  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:22:02.0446 4996  fdPHost - ok
09:22:02.0453 4996  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:22:02.0510 4996  FDResPub - ok
09:22:02.0534 4996  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:22:02.0545 4996  FileInfo - ok
09:22:02.0574 4996  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:22:02.0619 4996  Filetrace - ok
09:22:02.0638 4996  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:22:02.0677 4996  flpydisk - ok
09:22:02.0805 4996  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:22:02.0834 4996  FltMgr - ok
09:22:02.0912 4996  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:22:02.0927 4996  FontCache3.0.0.0 - ok
09:22:02.0958 4996  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:22:03.0022 4996  Fs_Rec - ok
09:22:03.0073 4996  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:22:03.0111 4996  gagp30kx - ok
09:22:03.0317 4996  [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
09:22:03.0367 4996  GameConsoleService - ok
09:22:03.0409 4996  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
09:22:03.0525 4996  gpsvc - ok
09:22:03.0627 4996  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:22:03.0659 4996  gupdate - ok
09:22:03.0674 4996  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:22:03.0690 4996  gupdatem - ok
09:22:03.0724 4996  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:22:03.0813 4996  HdAudAddService - ok
09:22:03.0831 4996  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:22:03.0885 4996  HDAudBus - ok
09:22:03.0915 4996  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:22:04.0008 4996  HidBth - ok
09:22:04.0041 4996  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:22:04.0112 4996  HidIr - ok
09:22:04.0144 4996  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
09:22:04.0185 4996  hidserv - ok
09:22:04.0199 4996  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:22:04.0240 4996  HidUsb - ok
09:22:04.0257 4996  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:22:04.0293 4996  hkmsvc - ok
09:22:04.0335 4996  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:22:04.0351 4996  HpCISSs - ok
09:22:04.0425 4996  [ BEF7D9760E0B00973E0F7EFCE68875C1 ] hshld           C:\Program Files\Hotspot Shield\bin\openvpnas.exe
09:22:04.0453 4996  hshld - ok
09:22:04.0502 4996  [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
09:22:04.0516 4996  HssDRV6 - ok
09:22:04.0622 4996  [ 01947D3CBAFCFEF066E1EB45DADC182D ] HssSrv          C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
09:22:04.0637 4996  HssSrv - ok
09:22:04.0687 4996  [ 5527CF1FF457E819112EAC7DC0AA69CB ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
09:22:04.0703 4996  HssTrayService - ok
09:22:04.0855 4996  [ F4C1B3C4847BBA031ACFDCE5A3F0CFCB ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
09:22:04.0882 4996  HssWd - ok
09:22:04.0937 4996  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:22:05.0019 4996  HTTP - ok
09:22:05.0065 4996  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:22:05.0106 4996  i2omp - ok
09:22:05.0154 4996  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:22:05.0204 4996  i8042prt - ok
09:22:05.0360 4996  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:22:05.0398 4996  iaStorV - ok
09:22:05.0466 4996  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:22:05.0515 4996  idsvc - ok
09:22:05.0758 4996  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130309.001\IDSvix86.sys
09:22:05.0812 4996  IDSVix86 - ok
09:22:05.0857 4996  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:22:05.0887 4996  iirsp - ok
09:22:05.0914 4996  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
09:22:06.0003 4996  IKEEXT - ok
09:22:06.0037 4996  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Windows\system32\drivers\int15.sys
09:22:06.0059 4996  int15 - ok
09:22:06.0158 4996  [ 38D5B498C555403EF637806937AB6639 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:22:06.0280 4996  IntcAzAudAddService - ok
09:22:06.0340 4996  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:22:06.0356 4996  intelide - ok
09:22:06.0399 4996  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:22:06.0460 4996  intelppm - ok
09:22:06.0512 4996  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:22:06.0579 4996  IPBusEnum - ok
09:22:06.0619 4996  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:22:06.0687 4996  IpFilterDriver - ok
09:22:06.0849 4996  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:22:06.0925 4996  iphlpsvc - ok
09:22:06.0955 4996  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:22:07.0030 4996  IPMIDRV - ok
09:22:07.0071 4996  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:22:07.0116 4996  IPNAT - ok
09:22:07.0139 4996  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:22:07.0200 4996  IRENUM - ok
09:22:07.0227 4996  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:22:07.0252 4996  isapnp - ok
09:22:07.0272 4996  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:22:07.0293 4996  iScsiPrt - ok
09:22:07.0328 4996  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:22:07.0367 4996  iteatapi - ok
09:22:07.0398 4996  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:22:07.0414 4996  iteraid - ok
09:22:07.0439 4996  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:22:07.0455 4996  kbdclass - ok
09:22:07.0467 4996  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:22:07.0523 4996  kbdhid - ok
09:22:07.0560 4996  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
09:22:07.0605 4996  KeyIso - ok
09:22:07.0628 4996  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:22:07.0662 4996  KSecDD - ok
09:22:07.0712 4996  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:22:07.0775 4996  KtmRm - ok
09:22:07.0814 4996  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:22:07.0881 4996  LanmanServer - ok
09:22:07.0909 4996  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:22:07.0962 4996  LanmanWorkstation - ok
09:22:08.0014 4996  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:22:08.0079 4996  lltdio - ok
09:22:08.0173 4996  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:22:08.0249 4996  lltdsvc - ok
09:22:08.0274 4996  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:22:08.0346 4996  lmhosts - ok
09:22:08.0388 4996  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:22:08.0406 4996  LSI_FC - ok
09:22:08.0426 4996  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:22:08.0438 4996  LSI_SAS - ok
09:22:08.0450 4996  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:22:08.0466 4996  LSI_SCSI - ok
09:22:08.0487 4996  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
09:22:08.0536 4996  luafv - ok
09:22:08.0736 4996  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
09:22:08.0761 4996  LVRS - ok
09:22:08.0889 4996  [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
09:22:09.0126 4996  LVUVC - ok
09:22:09.0215 4996  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:22:09.0267 4996  Mcx2Svc - ok
09:22:09.0309 4996  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:22:09.0349 4996  megasas - ok
09:22:09.0399 4996  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:22:09.0428 4996  MegaSR - ok
09:22:09.0480 4996  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
09:22:09.0545 4996  MMCSS - ok
09:22:09.0589 4996  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
09:22:09.0656 4996  Modem - ok
09:22:09.0688 4996  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:22:09.0731 4996  monitor - ok
09:22:09.0746 4996  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:22:09.0772 4996  mouclass - ok
09:22:09.0792 4996  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:22:09.0865 4996  mouhid - ok
09:22:09.0901 4996  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:22:09.0937 4996  MountMgr - ok
09:22:10.0025 4996  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:22:10.0052 4996  MozillaMaintenance - ok
09:22:10.0102 4996  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:22:10.0121 4996  mpio - ok
09:22:10.0153 4996  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:22:10.0217 4996  mpsdrv - ok
09:22:10.0344 4996  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:22:10.0424 4996  MpsSvc - ok
09:22:10.0445 4996  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:22:10.0458 4996  Mraid35x - ok
09:22:10.0578 4996  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:22:10.0650 4996  MRxDAV - ok
09:22:10.0705 4996  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:22:10.0758 4996  mrxsmb - ok
09:22:10.0796 4996  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:22:10.0843 4996  mrxsmb10 - ok
09:22:10.0890 4996  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:22:10.0963 4996  mrxsmb20 - ok
09:22:11.0038 4996  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
09:22:11.0086 4996  msahci - ok
09:22:11.0128 4996  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:22:11.0170 4996  msdsm - ok
09:22:11.0199 4996  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
09:22:11.0246 4996  MSDTC - ok
09:22:11.0283 4996  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:22:11.0337 4996  Msfs - ok
09:22:11.0402 4996  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:22:11.0441 4996  msisadrv - ok
09:22:11.0489 4996  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:22:11.0581 4996  MSiSCSI - ok
09:22:11.0588 4996  msiserver - ok
09:22:11.0620 4996  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:22:11.0652 4996  MSKSSRV - ok
09:22:11.0681 4996  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:22:11.0722 4996  MSPCLOCK - ok
09:22:11.0757 4996  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:22:11.0796 4996  MSPQM - ok
09:22:11.0824 4996  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:22:11.0837 4996  MsRPC - ok
09:22:11.0856 4996  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:22:11.0865 4996  mssmbios - ok
09:22:11.0898 4996  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:22:11.0922 4996  MSTEE - ok
09:22:11.0947 4996  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
09:22:11.0964 4996  Mup - ok
09:22:12.0008 4996  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
09:22:12.0042 4996  napagent - ok
09:22:12.0076 4996  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:22:12.0111 4996  NativeWifiP - ok
09:22:12.0244 4996  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130311.016\NAVENG.SYS
09:22:12.0288 4996  NAVENG - ok
09:22:12.0362 4996  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130311.016\NAVEX15.SYS
09:22:12.0443 4996  NAVEX15 - ok
09:22:12.0485 4996  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:22:12.0519 4996  NDIS - ok
09:22:12.0553 4996  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:22:12.0629 4996  NdisTapi - ok
09:22:12.0656 4996  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:22:12.0713 4996  Ndisuio - ok
09:22:12.0757 4996  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:22:12.0804 4996  NdisWan - ok
09:22:12.0810 4996  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:22:12.0839 4996  NDProxy - ok
09:22:12.0866 4996  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:22:12.0908 4996  NetBIOS - ok
09:22:12.0926 4996  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:22:12.0976 4996  netbt - ok
09:22:12.0993 4996  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
09:22:13.0016 4996  Netlogon - ok
09:22:13.0117 4996  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:22:13.0194 4996  Netman - ok
09:22:13.0214 4996  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:22:13.0255 4996  netprofm - ok
09:22:13.0385 4996  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:22:13.0425 4996  NetTcpPortSharing - ok
09:22:13.0464 4996  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:22:13.0500 4996  nfrd960 - ok
09:22:14.0119 4996  [ 241BD3019FB31E812A51B31B06906335 ] NIS             C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
09:22:14.0137 4996  NIS - ok
09:22:14.0264 4996  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:22:14.0351 4996  NlaSvc - ok
09:22:14.0376 4996  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:22:14.0440 4996  Npfs - ok
09:22:14.0470 4996  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
09:22:14.0514 4996  nsi - ok
09:22:14.0533 4996  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:22:14.0591 4996  nsiproxy - ok
09:22:14.0806 4996  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:22:14.0871 4996  Ntfs - ok
09:22:14.0912 4996  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:22:14.0993 4996  ntrigdigi - ok
09:22:15.0013 4996  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:22:15.0057 4996  Null - ok
09:22:15.0148 4996  [ C7859D19648D45EE888666C044ECAB23 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:22:15.0202 4996  NVENETFD - ok
09:22:16.0005 4996  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:22:16.0554 4996  nvlddmkm - ok
09:22:16.0607 4996  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:22:16.0618 4996  nvraid - ok
09:22:16.0639 4996  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:22:16.0665 4996  nvstor - ok
09:22:16.0688 4996  [ A1CE1A6FD74C046F029448FCFA5E386D ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
09:22:16.0699 4996  nvstor32 - ok
09:22:16.0763 4996  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:22:16.0796 4996  nvsvc - ok
09:22:16.0930 4996  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:22:16.0965 4996  nvUpdatusService - ok
09:22:17.0057 4996  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:22:17.0128 4996  nv_agp - ok
09:22:17.0567 4996  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:22:17.0618 4996  odserv - ok
09:22:17.0653 4996  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:22:17.0729 4996  ohci1394 - ok
09:22:17.0790 4996  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:22:17.0809 4996  ose - ok
09:22:17.0878 4996  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:22:17.0963 4996  p2pimsvc - ok
09:22:17.0978 4996  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:22:18.0016 4996  p2psvc - ok
09:22:18.0080 4996  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
09:22:18.0121 4996  Parport - ok
09:22:18.0133 4996  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:22:18.0144 4996  partmgr - ok
09:22:18.0166 4996  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:22:18.0217 4996  Parvdm - ok
09:22:18.0273 4996  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:22:18.0312 4996  PcaSvc - ok
09:22:18.0341 4996  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
09:22:18.0353 4996  pci - ok
09:22:18.0372 4996  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
09:22:18.0381 4996  pciide - ok
09:22:18.0398 4996  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:22:18.0410 4996  pcmcia - ok
09:22:18.0438 4996  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:22:18.0502 4996  PEAUTH - ok
09:22:18.0968 4996  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
09:22:19.0125 4996  pla - ok
09:22:19.0200 4996  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:22:19.0282 4996  PlugPlay - ok
09:22:19.0521 4996  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:22:19.0563 4996  PNRPAutoReg - ok
09:22:19.0580 4996  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:22:19.0625 4996  PNRPsvc - ok
09:22:19.0749 4996  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:22:19.0821 4996  PolicyAgent - ok
09:22:19.0857 4996  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:22:19.0892 4996  PptpMiniport - ok
09:22:19.0909 4996  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:22:19.0945 4996  Processor - ok
09:22:20.0069 4996  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:22:20.0153 4996  ProfSvc - ok
09:22:20.0192 4996  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:22:20.0213 4996  ProtectedStorage - ok
09:22:20.0248 4996  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:22:20.0310 4996  PSched - ok
09:22:20.0467 4996  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:22:20.0512 4996  ql2300 - ok
09:22:20.0596 4996  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:22:20.0633 4996  ql40xx - ok
09:22:20.0779 4996  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
09:22:20.0829 4996  QWAVE - ok
09:22:20.0852 4996  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:22:20.0886 4996  QWAVEdrv - ok
09:22:20.0914 4996  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:22:20.0972 4996  RasAcd - ok
09:22:21.0002 4996  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
09:22:21.0064 4996  RasAuto - ok
09:22:21.0086 4996  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:22:21.0129 4996  Rasl2tp - ok
09:22:21.0255 4996  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
09:22:21.0331 4996  RasMan - ok
09:22:21.0354 4996  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:22:21.0398 4996  RasPppoe - ok
09:22:21.0558 4996  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:22:21.0616 4996  RasSstp - ok
09:22:21.0630 4996  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:22:21.0678 4996  rdbss - ok
09:22:21.0696 4996  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:22:21.0738 4996  RDPCDD - ok
09:22:21.0790 4996  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:22:21.0853 4996  rdpdr - ok
09:22:21.0878 4996  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:22:21.0950 4996  RDPENCDD - ok
09:22:21.0991 4996  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:22:22.0079 4996  RDPWD - ok
09:22:22.0194 4996  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:22:22.0278 4996  RemoteAccess - ok
09:22:22.0375 4996  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:22:22.0447 4996  RemoteRegistry - ok
09:22:22.0483 4996  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:22:22.0543 4996  RpcLocator - ok
09:22:22.0577 4996  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
09:22:22.0631 4996  RpcSs - ok
09:22:22.0700 4996  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:22:22.0786 4996  rspndr - ok
09:22:22.0808 4996  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
09:22:22.0831 4996  SamSs - ok
09:22:22.0899 4996  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:22:22.0917 4996  sbp2port - ok
09:22:22.0957 4996  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:22:23.0026 4996  SCardSvr - ok
09:22:23.0152 4996  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
09:22:23.0270 4996  Schedule - ok
09:22:23.0287 4996  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:22:23.0330 4996  SCPolicySvc - ok
09:22:23.0541 4996  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:22:23.0614 4996  SDRSVC - ok
09:22:23.0640 4996  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:22:23.0725 4996  secdrv - ok
09:22:23.0844 4996  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:22:23.0959 4996  seclogon - ok
09:22:23.0992 4996  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
09:22:24.0058 4996  SENS - ok
09:22:24.0074 4996  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:22:24.0149 4996  Serenum - ok
09:22:24.0197 4996  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
09:22:24.0309 4996  Serial - ok
09:22:24.0339 4996  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:22:24.0382 4996  sermouse - ok
09:22:24.0466 4996  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:22:24.0515 4996  SessionEnv - ok
09:22:24.0584 4996  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:22:24.0631 4996  sffdisk - ok
09:22:24.0659 4996  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:22:24.0705 4996  sffp_mmc - ok
09:22:24.0723 4996  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:22:24.0798 4996  sffp_sd - ok
09:22:24.0822 4996  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:22:24.0899 4996  sfloppy - ok
09:22:24.0932 4996  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:22:24.0960 4996  SharedAccess - ok
09:22:25.0058 4996  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:22:25.0139 4996  ShellHWDetection - ok
09:22:25.0162 4996  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:22:25.0180 4996  sisagp - ok
09:22:25.0202 4996  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:22:25.0236 4996  SiSRaid2 - ok
09:22:25.0262 4996  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:22:25.0298 4996  SiSRaid4 - ok
09:22:25.0342 4996  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:22:25.0359 4996  SkypeUpdate - ok
09:22:26.0147 4996  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
09:22:26.0321 4996  slsvc - ok
09:22:26.0346 4996  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:22:26.0393 4996  SLUINotify - ok
09:22:26.0420 4996  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:22:26.0483 4996  Smb - ok
09:22:26.0520 4996  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:22:26.0543 4996  SNMPTRAP - ok
09:22:26.0573 4996  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
09:22:26.0610 4996  spldr - ok
09:22:26.0642 4996  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
09:22:26.0694 4996  Spooler - ok
09:22:27.0096 4996  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\NIS\1403000.024\SRTSP.SYS
09:22:27.0131 4996  SRTSP - ok
09:22:27.0176 4996  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NIS\1403000.024\SRTSPX.SYS
09:22:27.0190 4996  SRTSPX - ok
09:22:27.0255 4996  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:22:27.0323 4996  srv - ok
09:22:27.0373 4996  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:22:27.0461 4996  srv2 - ok
09:22:27.0487 4996  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:22:27.0522 4996  srvnet - ok
09:22:27.0571 4996  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:22:27.0637 4996  SSDPSRV - ok
09:22:27.0655 4996  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:22:27.0693 4996  SstpSvc - ok
09:22:27.0712 4996  Steam Client Service - ok
09:22:27.0744 4996  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
09:22:27.0812 4996  stisvc - ok
09:22:27.0871 4996  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:22:27.0894 4996  swenum - ok
09:22:27.0923 4996  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
09:22:28.0006 4996  swprv - ok
09:22:28.0059 4996  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:22:28.0081 4996  Symc8xx - ok
09:22:28.0132 4996  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\NIS\1403000.024\SYMDS.SYS
09:22:28.0168 4996  SymDS - ok
09:22:28.0271 4996  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NIS\1403000.024\SYMEFA.SYS
09:22:28.0319 4996  SymEFA - ok
09:22:28.0383 4996  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
09:22:28.0400 4996  SymEvent - ok
09:22:28.0512 4996  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NIS\1403000.024\Ironx86.SYS
09:22:28.0561 4996  SymIRON - ok
09:22:28.0803 4996  [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv         C:\Windows\System32\Drivers\NIS\1403000.024\SYMTDIV.SYS
09:22:28.0831 4996  SYMTDIv - ok
09:22:28.0856 4996  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:22:28.0893 4996  Sym_hi - ok
09:22:28.0923 4996  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:22:28.0939 4996  Sym_u3 - ok
09:22:28.0978 4996  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
09:22:29.0038 4996  SysMain - ok
09:22:29.0069 4996  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:22:29.0124 4996  TabletInputService - ok
09:22:29.0147 4996  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
09:22:29.0161 4996  taphss - ok
09:22:29.0216 4996  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:22:29.0284 4996  TapiSrv - ok
09:22:29.0301 4996  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
09:22:29.0336 4996  TBS - ok
09:22:29.0413 4996  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:22:29.0445 4996  Tcpip - ok
09:22:29.0462 4996  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:22:29.0504 4996  Tcpip6 - ok
09:22:29.0583 4996  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:22:29.0709 4996  tcpipreg - ok
09:22:29.0733 4996  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:22:29.0793 4996  TDPIPE - ok
09:22:29.0812 4996  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:22:29.0865 4996  TDTCP - ok
09:22:29.0897 4996  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:22:29.0959 4996  tdx - ok
09:22:29.0987 4996  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:22:30.0004 4996  TermDD - ok
09:22:30.0035 4996  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
09:22:30.0098 4996  TermService - ok
09:22:30.0132 4996  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
09:22:30.0161 4996  Themes - ok
09:22:30.0210 4996  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:22:30.0255 4996  THREADORDER - ok
09:22:30.0297 4996  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:22:30.0375 4996  TrkWks - ok
09:22:30.0428 4996  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:22:30.0483 4996  TrustedInstaller - ok
09:22:30.0523 4996  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:22:30.0584 4996  tssecsrv - ok
09:22:30.0603 4996  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:22:30.0637 4996  tunmp - ok
09:22:30.0647 4996  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:22:30.0668 4996  tunnel - ok
09:22:30.0697 4996  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:22:30.0714 4996  uagp35 - ok
09:22:30.0737 4996  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:22:30.0781 4996  udfs - ok
09:22:30.0816 4996  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:22:30.0868 4996  UI0Detect - ok
09:22:30.0903 4996  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:22:30.0913 4996  uliagpkx - ok
09:22:30.0941 4996  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:22:30.0954 4996  uliahci - ok
09:22:30.0969 4996  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:22:30.0980 4996  UlSata - ok
09:22:31.0007 4996  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:22:31.0017 4996  ulsata2 - ok
09:22:31.0037 4996  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:22:31.0091 4996  umbus - ok
09:22:31.0130 4996  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
09:22:31.0181 4996  UMPass - ok
09:22:31.0323 4996  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:22:31.0351 4996  UMVPFSrv - ok
09:22:31.0402 4996  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:22:31.0456 4996  upnphost - ok
09:22:31.0482 4996  [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:22:31.0507 4996  usbaudio - ok
09:22:31.0551 4996  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:22:31.0601 4996  usbccgp - ok
09:22:31.0643 4996  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:22:31.0708 4996  usbcir - ok
09:22:31.0735 4996  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:22:31.0802 4996  usbehci - ok
09:22:31.0824 4996  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:22:31.0886 4996  usbhub - ok
09:22:31.0915 4996  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:22:31.0963 4996  usbohci - ok
09:22:32.0012 4996  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:22:32.0078 4996  usbprint - ok
09:22:32.0107 4996  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:22:32.0170 4996  usbscan - ok
09:22:32.0216 4996  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:22:32.0294 4996  USBSTOR - ok
09:22:32.0321 4996  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:22:32.0388 4996  usbuhci - ok
09:22:32.0478 4996  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:22:32.0545 4996  usbvideo - ok
09:22:32.0575 4996  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
09:22:32.0638 4996  UxSms - ok
09:22:32.0666 4996  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
09:22:32.0722 4996  vds - ok
09:22:32.0774 4996  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:22:32.0820 4996  vga - ok
09:22:32.0844 4996  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:22:32.0898 4996  VgaSave - ok
09:22:32.0928 4996  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:22:32.0946 4996  viaagp - ok
09:22:32.0977 4996  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:22:33.0019 4996  ViaC7 - ok
09:22:33.0048 4996  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:22:33.0065 4996  viaide - ok
09:22:33.0088 4996  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:22:33.0105 4996  volmgr - ok
09:22:33.0130 4996  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:22:33.0155 4996  volmgrx - ok
09:22:33.0219 4996  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:22:33.0246 4996  volsnap - ok
09:22:33.0266 4996  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:22:33.0286 4996  vsmraid - ok
09:22:33.0340 4996  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
09:22:33.0463 4996  VSS - ok
09:22:33.0501 4996  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
09:22:33.0576 4996  W32Time - ok
09:22:33.0591 4996  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:22:33.0666 4996  WacomPen - ok
09:22:33.0717 4996  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:22:33.0795 4996  Wanarp - ok
09:22:33.0801 4996  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:22:33.0839 4996  Wanarpv6 - ok
09:22:33.0942 4996  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:22:34.0011 4996  wcncsvc - ok
09:22:34.0036 4996  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:22:34.0110 4996  WcsPlugInService - ok
09:22:34.0138 4996  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
09:22:34.0167 4996  Wd - ok
09:22:34.0201 4996  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:22:34.0239 4996  Wdf01000 - ok
09:22:34.0285 4996  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:22:34.0351 4996  WdiServiceHost - ok
09:22:34.0357 4996  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:22:34.0403 4996  WdiSystemHost - ok
09:22:34.0564 4996  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
09:22:34.0606 4996  WebClient - ok
09:22:34.0646 4996  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:22:34.0716 4996  Wecsvc - ok
09:22:34.0749 4996  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:22:34.0810 4996  wercplsupport - ok
09:22:34.0904 4996  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:22:34.0965 4996  WerSvc - ok
09:22:35.0024 4996  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:22:35.0056 4996  WinDefend - ok
09:22:35.0065 4996  WinHttpAutoProxySvc - ok
09:22:35.0262 4996  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:22:35.0319 4996  Winmgmt - ok
09:22:35.0377 4996  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:22:35.0482 4996  WinRM - ok
09:22:35.0537 4996  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:22:35.0641 4996  Wlansvc - ok
09:22:35.0671 4996  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:22:35.0703 4996  WmiAcpi - ok
09:22:35.0739 4996  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:22:35.0796 4996  wmiApSrv - ok
09:22:35.0861 4996  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:22:35.0914 4996  WMPNetworkSvc - ok
09:22:35.0943 4996  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:22:35.0969 4996  WPCSvc - ok
09:22:35.0986 4996  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:22:36.0039 4996  WPDBusEnum - ok
09:22:36.0073 4996  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:22:36.0118 4996  WpdUsb - ok
09:22:36.0214 4996  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:22:36.0256 4996  WPFFontCache_v0400 - ok
09:22:36.0314 4996  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:22:36.0369 4996  ws2ifsl - ok
09:22:36.0399 4996  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\system32\wscsvc.dll
09:22:36.0431 4996  wscsvc - ok
09:22:36.0438 4996  WSearch - ok
09:22:36.0682 4996  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:22:36.0772 4996  wuauserv - ok
09:22:36.0821 4996  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:22:36.0867 4996  WUDFRd - ok
09:22:36.0894 4996  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:22:36.0943 4996  wudfsvc - ok
09:22:36.0955 4996  ================ Scan global ===============================
09:22:36.0980 4996  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:22:37.0021 4996  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:22:37.0039 4996  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:22:37.0071 4996  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
09:22:37.0078 4996  [Global] - ok
09:22:37.0079 4996  ================ Scan MBR ==================================
09:22:37.0091 4996  [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
09:22:40.0403 4996  \Device\Harddisk0\DR0 - ok
09:22:40.0403 4996  ================ Scan VBR ==================================
09:22:40.0445 4996  [ B82E5927CFF7F048430299B0CDC4E928 ] \Device\Harddisk0\DR0\Partition1
09:22:40.0546 4996  \Device\Harddisk0\DR0\Partition1 - ok
09:22:40.0547 4996  ============================================================
09:22:40.0547 4996  Scan finished
09:22:40.0547 4996  ============================================================
09:22:40.0568 4228  Detected object count: 3
09:22:40.0569 4228  Actual detected object count: 3
09:22:51.0650 4228  AddonsHelper ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:51.0650 4228  AddonsHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:22:51.0655 4228  dqapimig ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:51.0655 4228  dqapimig ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:22:51.0656 4228  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:51.0656 4228  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:22:57.0921 2996  Deinitialize success
         


Alt 12.03.2013, 15:18   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Zitat:
09:22:51.0655 4228 dqapimig ( UnsignedFile.Multi.Generic ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
--> Weiterleitung über andere Adresse im Browser

Alt 12.03.2013, 15:30   #7
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Habe den TDSSKiller nach deinen Angaben eingesetzt und nochmal neu gescannt, hier ist das neue Logfile:
Code:
ATTFilter
16:27:00.0709 4968  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:27:01.0039 4968  ============================================================
16:27:01.0039 4968  Current date / time: 2013/03/12 16:27:01.0039
16:27:01.0039 4968  SystemInfo:
16:27:01.0039 4968  
16:27:01.0039 4968  OS Version: 6.0.6001 ServicePack: 1.0
16:27:01.0039 4968  Product type: Workstation
16:27:01.0039 4968  ComputerName: ASH-PC
16:27:01.0039 4968  UserName: Ash
16:27:01.0039 4968  Windows directory: C:\Windows
16:27:01.0039 4968  System windows directory: C:\Windows
16:27:01.0039 4968  Processor architecture: Intel x86
16:27:01.0039 4968  Number of processors: 2
16:27:01.0039 4968  Page size: 0x1000
16:27:01.0039 4968  Boot type: Normal boot
16:27:01.0039 4968  ============================================================
16:27:01.0434 4968  BG loaded
16:27:02.0039 4968  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:27:02.0109 4968  ============================================================
16:27:02.0109 4968  \Device\Harddisk0\DR0:
16:27:02.0139 4968  MBR partitions:
16:27:02.0139 4968  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x23A2DAB0
16:27:02.0139 4968  ============================================================
16:27:02.0214 4968  C: <-> \Device\Harddisk0\DR0\Partition1
16:27:02.0214 4968  ============================================================
16:27:02.0214 4968  Initialize success
16:27:02.0214 4968  ============================================================
16:27:13.0314 5316  ============================================================
16:27:13.0314 5316  Scan started
16:27:13.0314 5316  Mode: Manual; SigCheck; TDLFS; 
16:27:13.0314 5316  ============================================================
16:27:13.0919 5316  ================ Scan system memory ========================
16:27:13.0919 5316  System memory - ok
16:27:13.0919 5316  ================ Scan services =============================
16:27:14.0339 5316  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:27:14.0519 5316  ACPI - ok
16:27:15.0494 5316  [ DBD5934D88CDD8B8C255D857DF9F689B ] AddonsHelper    C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
16:27:15.0749 5316  AddonsHelper ( UnsignedFile.Multi.Generic ) - warning
16:27:15.0749 5316  AddonsHelper - detected UnsignedFile.Multi.Generic (1)
16:27:15.0979 5316  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:27:16.0004 5316  AdobeFlashPlayerUpdateSvc - ok
16:27:16.0084 5316  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:27:16.0114 5316  adp94xx - ok
16:27:16.0334 5316  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:27:16.0379 5316  adpahci - ok
16:27:16.0459 5316  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:27:16.0479 5316  adpu160m - ok
16:27:16.0589 5316  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:27:16.0644 5316  adpu320 - ok
16:27:16.0719 5316  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:27:16.0919 5316  AeLookupSvc - ok
16:27:16.0974 5316  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
16:27:17.0079 5316  AFD - ok
16:27:17.0119 5316  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:27:17.0134 5316  agp440 - ok
16:27:17.0154 5316  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:27:17.0174 5316  aic78xx - ok
16:27:17.0219 5316  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:27:17.0299 5316  ALG - ok
16:27:17.0344 5316  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:27:17.0374 5316  aliide - ok
16:27:17.0399 5316  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:27:17.0419 5316  amdagp - ok
16:27:17.0454 5316  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:27:17.0504 5316  amdide - ok
16:27:17.0524 5316  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:27:17.0579 5316  AmdK7 - ok
16:27:17.0619 5316  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:27:17.0789 5316  AmdK8 - ok
16:27:17.0824 5316  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:27:17.0889 5316  Appinfo - ok
16:27:17.0929 5316  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
16:27:17.0949 5316  arc - ok
16:27:17.0994 5316  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:27:18.0014 5316  arcsas - ok
16:27:18.0049 5316  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:18.0114 5316  AsyncMac - ok
16:27:18.0134 5316  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:27:18.0144 5316  atapi - ok
16:27:18.0194 5316  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:27:18.0219 5316  AudioEndpointBuilder - ok
16:27:18.0229 5316  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:27:18.0254 5316  Audiosrv - ok
16:27:18.0309 5316  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:27:18.0379 5316  Beep - ok
16:27:18.0414 5316  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
16:27:18.0474 5316  BFE - ok
16:27:18.0769 5316  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
16:27:18.0864 5316  BHDrvx86 - ok
16:27:18.0924 5316  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\system32\qmgr.dll
16:27:19.0034 5316  BITS - ok
16:27:19.0074 5316  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:27:19.0129 5316  blbdrive - ok
16:27:19.0159 5316  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:27:19.0204 5316  bowser - ok
16:27:19.0254 5316  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:27:19.0299 5316  BrFiltLo - ok
16:27:19.0334 5316  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:27:19.0389 5316  BrFiltUp - ok
16:27:19.0424 5316  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:27:19.0504 5316  Browser - ok
16:27:19.0574 5316  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:27:20.0749 5316  Brserid - ok
16:27:20.0789 5316  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:27:20.0884 5316  BrSerWdm - ok
16:27:20.0924 5316  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:27:20.0984 5316  BrUsbMdm - ok
16:27:20.0989 5316  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:27:21.0049 5316  BrUsbSer - ok
16:27:21.0089 5316  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:27:21.0144 5316  BTHMODEM - ok
16:27:21.0259 5316  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1403000.024\ccSetx86.sys
16:27:21.0269 5316  ccSet_NIS - ok
16:27:21.0309 5316  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:27:21.0349 5316  cdfs - ok
16:27:21.0389 5316  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:27:21.0429 5316  cdrom - ok
16:27:21.0459 5316  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
16:27:21.0494 5316  CertPropSvc - ok
16:27:21.0529 5316  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
16:27:21.0569 5316  circlass - ok
16:27:21.0599 5316  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
16:27:21.0614 5316  CLFS - ok
16:27:21.0689 5316  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:27:21.0699 5316  clr_optimization_v2.0.50727_32 - ok
16:27:21.0774 5316  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:27:21.0839 5316  clr_optimization_v4.0.30319_32 - ok
16:27:21.0884 5316  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:27:21.0894 5316  cmdide - ok
16:27:22.0034 5316  [ 360959BBD4F451E1AB811F4304232766 ] CodeMeter.exe   C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
16:27:22.0124 5316  CodeMeter.exe - ok
16:27:22.0144 5316  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:27:22.0154 5316  Compbatt - ok
16:27:22.0159 5316  COMSysApp - ok
16:27:22.0194 5316  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:27:22.0199 5316  crcdisk - ok
16:27:22.0254 5316  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:27:23.0149 5316  Crusoe - ok
16:27:23.0199 5316  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:27:23.0254 5316  CryptSvc - ok
16:27:23.0299 5316  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:27:23.0399 5316  DcomLaunch - ok
16:27:23.0439 5316  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:27:23.0519 5316  DfsC - ok
16:27:23.0669 5316  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
16:27:23.0829 5316  DFSR - ok
16:27:23.0884 5316  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:27:23.0929 5316  Dhcp - ok
16:27:23.0964 5316  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
16:27:23.0984 5316  disk - ok
16:27:24.0034 5316  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:27:24.0129 5316  Dnscache - ok
16:27:24.0224 5316  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:27:24.0269 5316  dot3svc - ok
16:27:24.0319 5316  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:27:24.0409 5316  DPS - ok
16:27:24.0454 5316  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:27:24.0519 5316  drmkaud - ok
16:27:24.0684 5316  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:27:24.0794 5316  DXGKrnl - ok
16:27:24.0834 5316  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:27:24.0889 5316  E1G60 - ok
16:27:24.0924 5316  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:27:24.0959 5316  EapHost - ok
16:27:24.0989 5316  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:27:25.0009 5316  Ecache - ok
16:27:25.0199 5316  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:27:25.0214 5316  eeCtrl - ok
16:27:25.0429 5316  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:27:25.0494 5316  ehRecvr - ok
16:27:25.0509 5316  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:27:25.0564 5316  ehSched - ok
16:27:25.0589 5316  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:27:25.0609 5316  ehstart - ok
16:27:25.0654 5316  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:27:25.0684 5316  elxstor - ok
16:27:25.0779 5316  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:27:25.0944 5316  EMDMgmt - ok
16:27:25.0974 5316  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:27:25.0989 5316  EraserUtilRebootDrv - ok
16:27:26.0039 5316  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:27:26.0104 5316  ErrDev - ok
16:27:26.0169 5316  [ 4D06D9A26227AC485305133916888DF1 ] ETService       C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
16:27:26.0204 5316  ETService ( UnsignedFile.Multi.Generic ) - warning
16:27:26.0209 5316  ETService - detected UnsignedFile.Multi.Generic (1)
16:27:26.0274 5316  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
16:27:26.0324 5316  EventSystem - ok
16:27:26.0359 5316  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
16:27:26.0414 5316  exfat - ok
16:27:26.0459 5316  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:27:26.0524 5316  fastfat - ok
16:27:26.0569 5316  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:27:26.0624 5316  fdc - ok
16:27:26.0669 5316  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:27:26.0734 5316  fdPHost - ok
16:27:26.0749 5316  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:27:26.0819 5316  FDResPub - ok
16:27:26.0849 5316  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:27:26.0859 5316  FileInfo - ok
16:27:26.0889 5316  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:27:26.0934 5316  Filetrace - ok
16:27:26.0954 5316  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:27:27.0014 5316  flpydisk - ok
16:27:27.0064 5316  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:27:27.0074 5316  FltMgr - ok
16:27:27.0209 5316  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:27:27.0249 5316  FontCache3.0.0.0 - ok
16:27:27.0264 5316  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:27:27.0299 5316  Fs_Rec - ok
16:27:27.0329 5316  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:27:27.0339 5316  gagp30kx - ok
16:27:27.0549 5316  [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
16:27:27.0589 5316  GameConsoleService - ok
16:27:27.0689 5316  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
16:27:27.0789 5316  gpsvc - ok
16:27:27.0909 5316  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:27:27.0924 5316  gupdate - ok
16:27:27.0949 5316  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:27:27.0964 5316  gupdatem - ok
16:27:28.0064 5316  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:27:28.0179 5316  HdAudAddService - ok
16:27:28.0199 5316  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:27:28.0254 5316  HDAudBus - ok
16:27:28.0279 5316  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:27:28.0359 5316  HidBth - ok
16:27:28.0399 5316  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:27:28.0459 5316  HidIr - ok
16:27:28.0484 5316  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
16:27:28.0524 5316  hidserv - ok
16:27:28.0579 5316  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:27:28.0614 5316  HidUsb - ok
16:27:28.0669 5316  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:27:28.0774 5316  hkmsvc - ok
16:27:28.0879 5316  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:27:28.0959 5316  HpCISSs - ok
16:27:29.0314 5316  [ BEF7D9760E0B00973E0F7EFCE68875C1 ] hshld           C:\Program Files\Hotspot Shield\bin\openvpnas.exe
16:27:29.0354 5316  hshld - ok
16:27:29.0424 5316  [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
16:27:29.0439 5316  HssDRV6 - ok
16:27:29.0709 5316  [ 01947D3CBAFCFEF066E1EB45DADC182D ] HssSrv          C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
16:27:29.0754 5316  HssSrv - ok
16:27:29.0819 5316  [ 5527CF1FF457E819112EAC7DC0AA69CB ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
16:27:29.0874 5316  HssTrayService - ok
16:27:29.0959 5316  [ F4C1B3C4847BBA031ACFDCE5A3F0CFCB ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
16:27:29.0984 5316  HssWd - ok
16:27:30.0394 5316  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:27:30.0519 5316  HTTP - ok
16:27:30.0579 5316  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:27:30.0654 5316  i2omp - ok
16:27:30.0689 5316  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:27:30.0739 5316  i8042prt - ok
16:27:30.0949 5316  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:27:31.0019 5316  iaStorV - ok
16:27:31.0664 5316  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:27:31.0759 5316  idsvc - ok
16:27:32.0084 5316  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130309.001\IDSvix86.sys
16:27:32.0119 5316  IDSVix86 - ok
16:27:32.0179 5316  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:27:32.0229 5316  iirsp - ok
16:27:32.0294 5316  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
16:27:32.0369 5316  IKEEXT - ok
16:27:32.0429 5316  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Windows\system32\drivers\int15.sys
16:27:32.0439 5316  int15 - ok
16:27:32.0599 5316  [ 38D5B498C555403EF637806937AB6639 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:27:32.0739 5316  IntcAzAudAddService - ok
16:27:32.0789 5316  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:27:32.0804 5316  intelide - ok
16:27:32.0849 5316  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:27:32.0909 5316  intelppm - ok
16:27:32.0944 5316  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:27:33.0019 5316  IPBusEnum - ok
16:27:33.0049 5316  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:33.0094 5316  IpFilterDriver - ok
16:27:33.0204 5316  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:27:33.0264 5316  iphlpsvc - ok
16:27:33.0294 5316  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:27:33.0359 5316  IPMIDRV - ok
16:27:33.0389 5316  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:27:33.0434 5316  IPNAT - ok
16:27:33.0454 5316  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:27:33.0479 5316  IRENUM - ok
16:27:33.0519 5316  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:27:33.0524 5316  isapnp - ok
16:27:33.0554 5316  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:27:33.0569 5316  iScsiPrt - ok
16:27:33.0654 5316  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:27:33.0734 5316  iteatapi - ok
16:27:33.0749 5316  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:27:33.0764 5316  iteraid - ok
16:27:33.0789 5316  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:27:33.0804 5316  kbdclass - ok
16:27:33.0839 5316  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:27:33.0889 5316  kbdhid - ok
16:27:33.0919 5316  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
16:27:33.0954 5316  KeyIso - ok
16:27:33.0974 5316  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:27:33.0994 5316  KSecDD - ok
16:27:34.0059 5316  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:27:34.0104 5316  KtmRm - ok
16:27:34.0149 5316  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:27:34.0239 5316  LanmanServer - ok
16:27:34.0269 5316  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:27:34.0319 5316  LanmanWorkstation - ok
16:27:34.0349 5316  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:27:34.0419 5316  lltdio - ok
16:27:34.0504 5316  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:27:34.0589 5316  lltdsvc - ok
16:27:34.0604 5316  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:27:34.0684 5316  lmhosts - ok
16:27:34.0774 5316  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:27:34.0804 5316  LSI_FC - ok
16:27:34.0824 5316  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:27:34.0844 5316  LSI_SAS - ok
16:27:34.0869 5316  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:27:34.0899 5316  LSI_SCSI - ok
16:27:34.0929 5316  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:27:34.0999 5316  luafv - ok
16:27:35.0279 5316  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
16:27:35.0304 5316  LVRS - ok
16:27:35.0529 5316  [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
16:27:35.0804 5316  LVUVC - ok
16:27:35.0864 5316  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:27:35.0889 5316  Mcx2Svc - ok
16:27:35.0934 5316  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:27:35.0974 5316  megasas - ok
16:27:36.0064 5316  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:27:36.0094 5316  MegaSR - ok
16:27:36.0164 5316  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:27:36.0229 5316  MMCSS - ok
16:27:36.0269 5316  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:27:36.0399 5316  Modem - ok
16:27:36.0439 5316  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:27:36.0489 5316  monitor - ok
16:27:36.0514 5316  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:27:36.0529 5316  mouclass - ok
16:27:36.0539 5316  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:27:36.0604 5316  mouhid - ok
16:27:36.0634 5316  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:27:36.0649 5316  MountMgr - ok
16:27:36.0699 5316  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:27:36.0719 5316  MozillaMaintenance - ok
16:27:36.0769 5316  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:27:36.0789 5316  mpio - ok
16:27:36.0809 5316  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:27:36.0864 5316  mpsdrv - ok
16:27:37.0044 5316  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:27:37.0104 5316  MpsSvc - ok
16:27:37.0144 5316  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:27:37.0189 5316  Mraid35x - ok
16:27:37.0209 5316  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:27:37.0249 5316  MRxDAV - ok
16:27:37.0339 5316  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:37.0399 5316  mrxsmb - ok
16:27:37.0434 5316  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:37.0449 5316  mrxsmb10 - ok
16:27:37.0489 5316  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:37.0524 5316  mrxsmb20 - ok
16:27:37.0569 5316  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:27:37.0599 5316  msahci - ok
16:27:37.0629 5316  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:27:37.0639 5316  msdsm - ok
16:27:37.0654 5316  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:27:37.0684 5316  MSDTC - ok
16:27:37.0709 5316  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:27:37.0744 5316  Msfs - ok
16:27:37.0774 5316  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:27:37.0794 5316  msisadrv - ok
16:27:37.0844 5316  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:27:37.0874 5316  MSiSCSI - ok
16:27:37.0884 5316  msiserver - ok
16:27:37.0909 5316  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:27:37.0944 5316  MSKSSRV - ok
16:27:37.0974 5316  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:37.0994 5316  MSPCLOCK - ok
16:27:38.0039 5316  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:27:38.0089 5316  MSPQM - ok
16:27:38.0119 5316  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:27:38.0134 5316  MsRPC - ok
16:27:38.0149 5316  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:27:38.0154 5316  mssmbios - ok
16:27:38.0199 5316  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:27:38.0239 5316  MSTEE - ok
16:27:38.0264 5316  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:27:38.0274 5316  Mup - ok
16:27:38.0299 5316  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
16:27:38.0324 5316  napagent - ok
16:27:38.0384 5316  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:27:38.0424 5316  NativeWifiP - ok
16:27:38.0514 5316  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130311.025\NAVENG.SYS
16:27:38.0534 5316  NAVENG - ok
16:27:39.0439 5316  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130311.025\NAVEX15.SYS
16:27:39.0509 5316  NAVEX15 - ok
16:27:39.0594 5316  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:27:39.0614 5316  NDIS - ok
16:27:39.0654 5316  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:39.0689 5316  NdisTapi - ok
16:27:39.0754 5316  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:39.0779 5316  Ndisuio - ok
16:27:39.0839 5316  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:39.0864 5316  NdisWan - ok
16:27:39.0884 5316  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:27:39.0909 5316  NDProxy - ok
16:27:39.0974 5316  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:27:40.0059 5316  NetBIOS - ok
16:27:40.0084 5316  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:27:40.0134 5316  netbt - ok
16:27:40.0149 5316  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
16:27:40.0164 5316  Netlogon - ok
16:27:40.0189 5316  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:27:40.0234 5316  Netman - ok
16:27:40.0264 5316  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:27:40.0329 5316  netprofm - ok
16:27:40.0374 5316  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:27:40.0384 5316  NetTcpPortSharing - ok
16:27:40.0454 5316  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:27:40.0474 5316  nfrd960 - ok
16:27:40.0944 5316  [ 241BD3019FB31E812A51B31B06906335 ] NIS             C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
16:27:40.0964 5316  NIS - ok
16:27:41.0029 5316  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:27:41.0294 5316  NlaSvc - ok
16:27:41.0369 5316  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:27:41.0409 5316  Npfs - ok
16:27:41.0679 5316  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:27:41.0729 5316  nsi - ok
16:27:41.0764 5316  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:27:41.0839 5316  nsiproxy - ok
16:27:41.0889 5316  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:27:41.0939 5316  Ntfs - ok
16:27:41.0979 5316  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:27:42.0024 5316  ntrigdigi - ok
16:27:42.0039 5316  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:27:42.0059 5316  Null - ok
16:27:42.0179 5316  [ C7859D19648D45EE888666C044ECAB23 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:27:42.0209 5316  NVENETFD - ok
16:27:42.0724 5316  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:27:43.0049 5316  nvlddmkm - ok
16:27:43.0124 5316  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:27:43.0149 5316  nvraid - ok
16:27:43.0174 5316  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:27:43.0194 5316  nvstor - ok
16:27:43.0219 5316  [ A1CE1A6FD74C046F029448FCFA5E386D ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
16:27:43.0229 5316  nvstor32 - ok
16:27:43.0569 5316  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:27:43.0614 5316  nvsvc - ok
16:27:43.0949 5316  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:27:44.0064 5316  nvUpdatusService - ok
16:27:44.0189 5316  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:27:44.0239 5316  nv_agp - ok
16:27:44.0409 5316  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:27:44.0449 5316  odserv - ok
16:27:44.0504 5316  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:27:44.0574 5316  ohci1394 - ok
16:27:44.0664 5316  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:44.0704 5316  ose - ok
16:27:44.0914 5316  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:27:45.0029 5316  p2pimsvc - ok
16:27:45.0054 5316  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:27:45.0089 5316  p2psvc - ok
16:27:45.0179 5316  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
16:27:45.0284 5316  Parport - ok
16:27:45.0339 5316  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:27:45.0374 5316  partmgr - ok
16:27:45.0414 5316  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:27:45.0514 5316  Parvdm - ok
16:27:45.0554 5316  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:27:45.0644 5316  PcaSvc - ok
16:27:45.0709 5316  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
16:27:45.0729 5316  pci - ok
16:27:45.0754 5316  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
16:27:45.0769 5316  pciide - ok
16:27:45.0929 5316  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:27:45.0999 5316  pcmcia - ok
16:27:46.0029 5316  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:27:46.0099 5316  PEAUTH - ok
16:27:46.0424 5316  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:27:46.0559 5316  pla - ok
16:27:46.0709 5316  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:27:46.0814 5316  PlugPlay - ok
16:27:46.0844 5316  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:27:46.0984 5316  PNRPAutoReg - ok
16:27:47.0304 5316  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:27:47.0489 5316  PNRPsvc - ok
16:27:47.0544 5316  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:27:47.0609 5316  PolicyAgent - ok
16:27:47.0689 5316  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:27:47.0749 5316  PptpMiniport - ok
16:27:47.0764 5316  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:27:47.0819 5316  Processor - ok
16:27:47.0889 5316  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:27:47.0949 5316  ProfSvc - ok
16:27:47.0964 5316  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:27:47.0979 5316  ProtectedStorage - ok
16:27:48.0009 5316  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:27:48.0084 5316  PSched - ok
16:27:48.0384 5316  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:27:48.0474 5316  ql2300 - ok
16:27:48.0514 5316  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:27:48.0529 5316  ql40xx - ok
16:27:48.0644 5316  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:27:48.0704 5316  QWAVE - ok
16:27:48.0724 5316  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:27:48.0784 5316  QWAVEdrv - ok
16:27:48.0819 5316  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:27:48.0879 5316  RasAcd - ok
16:27:48.0934 5316  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:27:49.0014 5316  RasAuto - ok
16:27:49.0044 5316  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:49.0104 5316  Rasl2tp - ok
16:27:49.0219 5316  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
16:27:49.0304 5316  RasMan - ok
16:27:49.0329 5316  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:49.0369 5316  RasPppoe - ok
16:27:49.0434 5316  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:27:49.0534 5316  RasSstp - ok
16:27:49.0569 5316  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:27:49.0619 5316  rdbss - ok
16:27:49.0669 5316  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:49.0714 5316  RDPCDD - ok
16:27:49.0809 5316  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:27:49.0849 5316  rdpdr - ok
16:27:49.0889 5316  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:27:49.0924 5316  RDPENCDD - ok
16:27:49.0989 5316  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:27:50.0059 5316  RDPWD - ok
16:27:50.0144 5316  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:27:50.0169 5316  RemoteAccess - ok
16:27:50.0274 5316  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:27:50.0334 5316  RemoteRegistry - ok
16:27:50.0389 5316  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:27:50.0459 5316  RpcLocator - ok
16:27:50.0674 5316  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
16:27:50.0704 5316  RpcSs - ok
16:27:50.0759 5316  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:27:50.0799 5316  rspndr - ok
16:27:50.0859 5316  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
16:27:50.0879 5316  SamSs - ok
16:27:50.0969 5316  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:27:50.0999 5316  sbp2port - ok
16:27:51.0109 5316  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:27:51.0159 5316  SCardSvr - ok
16:27:51.0334 5316  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
16:27:51.0394 5316  Schedule - ok
16:27:51.0454 5316  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:27:51.0474 5316  SCPolicySvc - ok
16:27:51.0514 5316  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:27:51.0584 5316  SDRSVC - ok
16:27:51.0604 5316  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:27:51.0669 5316  secdrv - ok
16:27:51.0719 5316  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:27:51.0764 5316  seclogon - ok
16:27:51.0784 5316  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
16:27:51.0824 5316  SENS - ok
16:27:51.0849 5316  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:27:51.0914 5316  Serenum - ok
16:27:51.0964 5316  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
16:27:52.0019 5316  Serial - ok
16:27:52.0044 5316  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:27:52.0069 5316  sermouse - ok
16:27:52.0099 5316  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:27:52.0124 5316  SessionEnv - ok
16:27:52.0139 5316  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:27:52.0159 5316  sffdisk - ok
16:27:52.0214 5316  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:27:52.0269 5316  sffp_mmc - ok
16:27:52.0329 5316  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:27:52.0464 5316  sffp_sd - ok
16:27:52.0489 5316  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:27:52.0569 5316  sfloppy - ok
16:27:52.0714 5316  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:27:52.0924 5316  SharedAccess - ok
16:27:52.0964 5316  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:27:53.0044 5316  ShellHWDetection - ok
16:27:53.0084 5316  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:27:53.0114 5316  sisagp - ok
16:27:53.0144 5316  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:27:53.0244 5316  SiSRaid2 - ok
16:27:53.0284 5316  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:27:53.0349 5316  SiSRaid4 - ok
16:27:53.0414 5316  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:27:53.0549 5316  SkypeUpdate - ok
16:27:53.0659 5316  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
16:27:53.0909 5316  slsvc - ok
16:27:53.0934 5316  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:27:53.0959 5316  SLUINotify - ok
16:27:53.0979 5316  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:27:54.0054 5316  Smb - ok
16:27:54.0109 5316  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:27:54.0134 5316  SNMPTRAP - ok
16:27:54.0164 5316  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:27:54.0179 5316  spldr - ok
16:27:54.0209 5316  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
16:27:54.0259 5316  Spooler - ok
16:27:54.0374 5316  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\NIS\1403000.024\SRTSP.SYS
16:27:54.0409 5316  SRTSP - ok
16:27:54.0459 5316  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NIS\1403000.024\SRTSPX.SYS
16:27:54.0474 5316  SRTSPX - ok
16:27:54.0514 5316  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:27:54.0554 5316  srv - ok
16:27:54.0619 5316  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:27:54.0649 5316  srv2 - ok
16:27:54.0669 5316  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:27:54.0714 5316  srvnet - ok
16:27:54.0764 5316  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:27:54.0809 5316  SSDPSRV - ok
16:27:54.0854 5316  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:27:54.0899 5316  SstpSvc - ok
16:27:54.0929 5316  Steam Client Service - ok
16:27:54.0989 5316  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
16:27:55.0019 5316  stisvc - ok
16:27:55.0079 5316  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:27:55.0094 5316  swenum - ok
16:27:55.0249 5316  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
16:27:55.0324 5316  swprv - ok
16:27:55.0359 5316  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:27:55.0374 5316  Symc8xx - ok
16:27:55.0429 5316  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\NIS\1403000.024\SYMDS.SYS
16:27:55.0454 5316  SymDS - ok
16:27:55.0769 5316  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NIS\1403000.024\SYMEFA.SYS
16:27:55.0814 5316  SymEFA - ok
16:27:55.0874 5316  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
16:27:55.0889 5316  SymEvent - ok
16:27:55.0959 5316  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NIS\1403000.024\Ironx86.SYS
16:27:55.0979 5316  SymIRON - ok
16:27:56.0024 5316  [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv         C:\Windows\System32\Drivers\NIS\1403000.024\SYMTDIV.SYS
16:27:56.0049 5316  SYMTDIv - ok
16:27:56.0079 5316  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:27:56.0109 5316  Sym_hi - ok
16:27:56.0149 5316  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:27:56.0164 5316  Sym_u3 - ok
16:27:56.0199 5316  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
16:27:56.0259 5316  SysMain - ok
16:27:56.0284 5316  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:27:56.0339 5316  TabletInputService - ok
16:27:56.0389 5316  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
16:27:56.0399 5316  taphss - ok
16:27:56.0454 5316  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:27:56.0489 5316  TapiSrv - ok
16:27:56.0509 5316  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:27:56.0559 5316  TBS - ok
16:27:56.0804 5316  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:27:56.0874 5316  Tcpip - ok
16:27:56.0899 5316  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:27:56.0944 5316  Tcpip6 - ok
16:27:56.0974 5316  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:27:57.0034 5316  tcpipreg - ok
16:27:57.0059 5316  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:27:57.0099 5316  TDPIPE - ok
16:27:57.0119 5316  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:27:57.0204 5316  TDTCP - ok
16:27:57.0229 5316  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:27:57.0289 5316  tdx - ok
16:27:57.0354 5316  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:27:57.0369 5316  TermDD - ok
16:27:57.0419 5316  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
16:27:57.0509 5316  TermService - ok
16:27:57.0549 5316  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
16:27:57.0574 5316  Themes - ok
16:27:57.0619 5316  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:27:57.0669 5316  THREADORDER - ok
16:27:57.0714 5316  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:27:57.0779 5316  TrkWks - ok
16:27:57.0859 5316  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:27:57.0914 5316  TrustedInstaller - ok
16:27:57.0999 5316  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:58.0074 5316  tssecsrv - ok
16:27:58.0094 5316  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:27:58.0154 5316  tunmp - ok
16:27:58.0164 5316  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:27:58.0184 5316  tunnel - ok
16:27:58.0269 5316  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:27:58.0344 5316  uagp35 - ok
16:27:58.0379 5316  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:27:58.0424 5316  udfs - ok
16:27:58.0539 5316  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:27:58.0619 5316  UI0Detect - ok
16:27:58.0659 5316  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:27:58.0709 5316  uliagpkx - ok
16:27:58.0774 5316  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:27:58.0799 5316  uliahci - ok
16:27:58.0879 5316  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:27:58.0909 5316  UlSata - ok
16:27:58.0979 5316  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:27:59.0074 5316  ulsata2 - ok
16:27:59.0104 5316  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:27:59.0174 5316  umbus - ok
16:27:59.0219 5316  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
16:27:59.0274 5316  UMPass - ok
16:27:59.0569 5316  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:27:59.0609 5316  UMVPFSrv - ok
16:27:59.0749 5316  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:27:59.0799 5316  upnphost - ok
16:27:59.0864 5316  [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:27:59.0909 5316  usbaudio - ok
16:28:00.0004 5316  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:00.0064 5316  usbccgp - ok
16:28:00.0109 5316  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:28:00.0184 5316  usbcir - ok
16:28:00.0224 5316  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:28:00.0249 5316  usbehci - ok
16:28:00.0289 5316  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:28:00.0349 5316  usbhub - ok
16:28:00.0379 5316  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:28:00.0419 5316  usbohci - ok
16:28:00.0459 5316  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:28:00.0519 5316  usbprint - ok
16:28:00.0589 5316  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:28:00.0679 5316  usbscan - ok
16:28:00.0754 5316  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:00.0799 5316  USBSTOR - ok
16:28:00.0819 5316  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:28:00.0869 5316  usbuhci - ok
16:28:00.0929 5316  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:28:01.0004 5316  usbvideo - ok
16:28:01.0064 5316  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
16:28:01.0139 5316  UxSms - ok
16:28:01.0424 5316  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
16:28:01.0479 5316  vds - ok
16:28:01.0524 5316  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:01.0599 5316  vga - ok
16:28:01.0634 5316  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:28:01.0694 5316  VgaSave - ok
16:28:01.0744 5316  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:28:01.0784 5316  viaagp - ok
16:28:01.0809 5316  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:28:01.0854 5316  ViaC7 - ok
16:28:01.0869 5316  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
16:28:01.0889 5316  viaide - ok
16:28:01.0909 5316  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:28:01.0919 5316  volmgr - ok
16:28:01.0939 5316  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:28:01.0954 5316  volmgrx - ok
16:28:02.0084 5316  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:28:02.0134 5316  volsnap - ok
16:28:02.0154 5316  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:28:02.0169 5316  vsmraid - ok
16:28:02.0209 5316  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
16:28:02.0319 5316  VSS - ok
16:28:02.0389 5316  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
16:28:02.0459 5316  W32Time - ok
16:28:02.0489 5316  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:28:02.0604 5316  WacomPen - ok
16:28:02.0634 5316  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:28:02.0704 5316  Wanarp - ok
16:28:02.0709 5316  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:28:02.0739 5316  Wanarpv6 - ok
16:28:02.0864 5316  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:28:02.0919 5316  wcncsvc - ok
16:28:02.0949 5316  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:02.0999 5316  WcsPlugInService - ok
16:28:03.0029 5316  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
16:28:03.0059 5316  Wd - ok
16:28:03.0374 5316  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:28:03.0409 5316  Wdf01000 - ok
16:28:03.0454 5316  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:28:03.0514 5316  WdiServiceHost - ok
16:28:03.0519 5316  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:28:03.0569 5316  WdiSystemHost - ok
16:28:03.0604 5316  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
16:28:03.0644 5316  WebClient - ok
16:28:03.0744 5316  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:28:03.0849 5316  Wecsvc - ok
16:28:03.0914 5316  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:28:03.0974 5316  wercplsupport - ok
16:28:04.0019 5316  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:28:04.0049 5316  WerSvc - ok
16:28:04.0344 5316  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:28:04.0419 5316  WinDefend - ok
16:28:04.0429 5316  WinHttpAutoProxySvc - ok
16:28:04.0669 5316  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:28:04.0724 5316  Winmgmt - ok
16:28:04.0994 5316  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:28:05.0114 5316  WinRM - ok
16:28:05.0229 5316  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:28:05.0324 5316  Wlansvc - ok
16:28:05.0354 5316  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:28:05.0389 5316  WmiAcpi - ok
16:28:05.0429 5316  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:28:05.0489 5316  wmiApSrv - ok
16:28:05.0844 5316  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:28:05.0944 5316  WMPNetworkSvc - ok
16:28:06.0044 5316  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:28:06.0079 5316  WPCSvc - ok
16:28:06.0104 5316  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:28:06.0149 5316  WPDBusEnum - ok
16:28:06.0189 5316  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:28:06.0234 5316  WpdUsb - ok
16:28:06.0489 5316  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:28:06.0549 5316  WPFFontCache_v0400 - ok
16:28:06.0589 5316  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:28:06.0629 5316  ws2ifsl - ok
16:28:06.0674 5316  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\system32\wscsvc.dll
16:28:06.0699 5316  wscsvc - ok
16:28:06.0704 5316  WSearch - ok
16:28:07.0384 5316  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:28:07.0464 5316  wuauserv - ok
16:28:07.0509 5316  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:07.0554 5316  WUDFRd - ok
16:28:07.0584 5316  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:28:07.0619 5316  wudfsvc - ok
16:28:07.0634 5316  ================ Scan global ===============================
16:28:07.0739 5316  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:28:07.0824 5316  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:28:07.0849 5316  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:28:07.0884 5316  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
16:28:07.0889 5316  [Global] - ok
16:28:07.0889 5316  ================ Scan MBR ==================================
16:28:07.0954 5316  [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
16:28:10.0949 5316  \Device\Harddisk0\DR0 - ok
16:28:10.0949 5316  ================ Scan VBR ==================================
16:28:10.0979 5316  [ B82E5927CFF7F048430299B0CDC4E928 ] \Device\Harddisk0\DR0\Partition1
16:28:10.0999 5316  \Device\Harddisk0\DR0\Partition1 - ok
16:28:11.0004 5316  ============================================================
16:28:11.0004 5316  Scan finished
16:28:11.0004 5316  ============================================================
16:28:11.0019 5308  Detected object count: 2
16:28:11.0019 5308  Actual detected object count: 2
16:28:15.0304 5308  AddonsHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:28:15.0304 5308  AddonsHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:28:15.0304 5308  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
16:28:15.0304 5308  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:10.0805 4076  Deinitialize success
         

Alt 12.03.2013, 16:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 07:30   #9
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Guten Morgen cosinus

ComboFix ausgeführt und hier ist das Log:

Code:
ATTFilter
ComboFix 13-03-12.02 - Ash 13.03.2013   8:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1918.1103 [GMT 1:00]
ausgeführt von:: c:\users\Ash\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\invokesi.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-13 bis 2013-03-13  ))))))))))))))))))))))))))))))
.
.
2013-03-13 07:17 . 2013-03-13 07:17	--------	d-----w-	c:\users\Ash\AppData\Local\temp
2013-03-13 07:17 . 2013-03-13 07:17	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-13 07:17 . 2013-03-13 07:17	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-03-13 07:17 . 2013-03-13 07:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-12 15:23 . 2013-03-12 15:23	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-03-12 06:50 . 2013-03-12 07:14	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-03-09 16:51 . 2013-03-09 16:51	--------	d-----w-	c:\users\Ash\AppData\Roaming\QuickScan
2013-03-06 05:39 . 2013-03-06 05:39	--------	d-----w-	c:\programdata\Sophos
2013-03-06 05:39 . 2013-03-06 05:39	73728	----a-r-	c:\users\Ash\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-06 05:39 . 2013-03-06 05:39	73728	----a-r-	c:\users\Ash\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-06 05:39 . 2013-03-06 05:39	73728	----a-r-	c:\users\Ash\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-06 05:38 . 2013-03-06 05:38	--------	d-----w-	c:\program files\Sophos
2013-03-05 18:31 . 2013-03-05 18:31	--------	d-----w-	c:\program files\ESET
2013-02-27 03:51 . 2013-03-06 05:28	--------	d-----w-	c:\windows\system32\drivers\NIS\1403000.024
2013-02-24 11:22 . 2013-02-24 11:28	--------	d-----w-	c:\users\Ash\AppData\Roaming\ActivePresenter
2013-02-24 11:22 . 2013-02-24 11:22	--------	d-----w-	c:\program files\ATOMI
2013-02-24 10:20 . 2013-02-24 10:42	--------	d-----w-	C:\Fraps
2013-02-22 13:52 . 2013-02-22 14:11	--------	d-----w-	c:\users\Ash\AppData\Roaming\Broad Intelligence
2013-02-22 13:52 . 2013-02-22 14:11	--------	d-----w-	c:\program files\MediaCoder
2013-02-17 07:27 . 2013-02-17 07:27	--------	d-----w-	c:\users\Ash\AppData\Roaming\IObit
2013-02-17 07:19 . 2013-02-17 07:19	--------	d-----w-	c:\windows\system32\IO
2013-02-17 07:03 . 2011-05-13 12:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2013-02-17 07:03 . 2011-03-25 20:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
2013-02-17 07:03 . 2013-02-17 07:03	--------	d-----w-	c:\programdata\DNSErrorHelper
2013-02-17 07:03 . 2013-02-17 07:03	--------	d-----w-	c:\users\Ash\AppData\Roaming\DesktopIconForAmazon
2013-02-17 07:03 . 2013-02-17 07:03	--------	d-----w-	c:\users\Ash\AppData\Roaming\OCS
2013-02-16 08:31 . 2013-02-16 08:31	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2013-02-16 08:29 . 2013-02-16 08:29	--------	d-----w-	c:\program files\MSXML 4.0
2013-02-15 18:58 . 2013-02-15 18:58	106088	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 12:53 . 2013-02-15 12:54	--------	d-----w-	c:\programdata\MAGIX
2013-02-15 12:53 . 2013-02-15 12:53	--------	d-----w-	c:\program files\MAGIX
2013-02-15 12:47 . 2013-02-15 12:54	--------	d-----w-	c:\users\Ash\AppData\Roaming\MAGIX
2013-02-15 11:54 . 2013-02-15 11:54	--------	d-----w-	c:\users\Ash\AppData\Local\Logitech® Webcam-Software
2013-02-15 11:50 . 2013-02-15 11:50	--------	d-----w-	c:\users\Ash\AppData\Roaming\Leadertech
2013-02-15 11:50 . 2013-02-15 11:50	53248	----a-r-	c:\users\Ash\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-15 11:48 . 2013-02-15 11:48	--------	d-----w-	c:\programdata\Logitech
2013-02-15 11:48 . 2013-02-15 11:48	--------	d-----w-	c:\program files\Common Files\LWS
2013-02-15 11:48 . 2013-02-15 11:51	--------	d-----w-	c:\program files\Common Files\LogiShrd
2013-02-15 11:48 . 2013-02-15 11:48	--------	d-----w-	c:\programdata\LogiShrd
2013-02-15 11:48 . 2013-02-15 11:50	--------	d-----w-	c:\program files\Logitech
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 04:07 . 2012-07-27 15:09	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-28 04:07 . 2011-06-17 04:11	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 08:17 . 2010-05-08 08:56	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-08 12:08 . 2013-03-08 12:08	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-11-04 57344]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AddonsHelper;AddonsHelper;c:\users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 04:07]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 09:19]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 09:19]
.
2013-03-13 c:\windows\Tasks\User_Feed_Synchronization-{18774119-C679-4AA5-B698-E5A37E721850}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=1&o=vp32&d=0809&m=et1300
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\ukqv6mwg.default\
FF - prefs.js: browser.search.selectedEngine - amazon+ (co.uk)
FF - prefs.js: browser.startup.homepage - www.movie-infos.net
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-16 04:46; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-03-09 17:51; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-03-12 09:36; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Wallpaper4U - c:\program files\Wallpaper4U\Wallpaper4U.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
SafeBoot-96832198.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-13 08:17
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
Zeit der Fertigstellung: 2013-03-13  08:20:48
ComboFix-quarantined-files.txt  2013-03-13 07:20
.
Vor Suchlauf: 18 Verzeichnis(se), 136.215.302.144 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 136.284.614.656 Bytes frei
.
- - End Of File - - FDD39FA2D1EB6E3F89F5ED861A05BEAA
         

Alt 13.03.2013, 10:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 11:31   #11
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Alles nach Anweisung ausgeführt

JRT Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Ash on 13.03.2013 at 12:07:13,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\minidumps [185 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 12:11:35,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adw Log:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 13/03/2013 um 12:14:21 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Ash - ASH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ash\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Ash\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Ash\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FBDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{598B7D72-2C44-4351-BBC8-3DACE2A10CB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\ukqv6mwg.default\prefs.js

Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "firefox%20download%20statusbar||Kate%20Micucci||Stephanie%20Gooch||[...]
Gelöscht : user_pref("icqtoolbar.installTime", "1273310942");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "111194231911339282151273310942855");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1274288014);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

*************************

AdwCleaner[S1].txt - [2127 octets] - [13/03/2013 12:14:21]

########## EOF - C:\AdwCleaner[S1].txt - [2187 octets] ##########
         
OTL Logs:
Code:
ATTFilter
OTL logfile created on: 13.03.2013 12:20:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ash\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 58,54% Memory free
3,99 Gb Paging File | 3,19 Gb Available in Paging File | 80,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 126,55 Gb Free Space | 44,39% Space Free | Partition Type: NTFS
 
Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ash\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AddonsHelper) -- C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Ash\AppData\Local\Temp\catchme.sys File not found
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1403000.024\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130312.024\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130312.024\NAVENG.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1403000.024\symds.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130312.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1403000.024\ironx86.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1403000.024\ccsetx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=1&o=vp32&d=0809&m=et1300
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\SearchScopes\{FFCF1B73-CB48-445D-9D70-F9594D75F8DF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE378
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-155058581-1483213334-3747603030-1001\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.movie-infos.net"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: EscCloseTab%40Simplest.Ever:1.2
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 17:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.03.13 12:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.01.20 09:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\Ash\AppData\Roaming\Helper
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 13:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 13:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.12 07:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.03.12 07:50:54 | 000,000,000 | ---D | M]
 
[2010.05.08 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Extensions
[2010.05.08 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.09 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions
[2013.01.31 04:31:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.24 10:03:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.09 17:51:45 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.05.08 11:33:45 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\add-to-searchbox@maltekraus.de
[2013.02.17 08:09:10 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\foxyproxy@eric.h.jung
[2012.03.16 18:47:13 | 000,001,253 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\EscCloseTab@Simplest.Ever.xpi
[2013.03.04 19:20:12 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.03.24 10:25:31 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013.02.09 04:36:02 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.02.14 07:07:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 15:17:40 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.01 05:22:49 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.02.17 08:19:54 | 000,002,243 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\amazon-decouk.xml
[2013.02.17 08:19:54 | 000,012,770 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\imdb.xml
[2013.02.17 08:19:54 | 000,005,455 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\ofdb---alles.xml
[2013.02.22 13:39:37 | 000,001,328 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\wikipedia-de.xml
[2013.02.17 08:19:54 | 000,002,168 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\youtube-videosuche.xml
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 13:08:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 13:08:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 08:19:54 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 08:19:54 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 08:19:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 08:19:54 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 08:19:54 | 000,001,876 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2013.02.17 08:04:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 08:19:54 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.13 08:17:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKU\S-1-5-21-155058581-1483213334-3747603030-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-155058581-1483213334-3747603030-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-155058581-1483213334-3747603030-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15B3D8A5-804A-43E3-A3CB-8DFA9BF9C9FC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ash\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ash\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-155058581-1483213334-3747603030-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 12:07:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 12:06:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 12:05:48 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ash\Desktop\JRT.exe
[2013.03.13 08:20:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.13 08:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.13 08:20:50 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\temp
[2013.03.13 08:04:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.13 08:04:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.13 08:04:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.13 08:04:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.13 08:04:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.12 17:52:43 | 005,037,887 | R--- | C] (Swearware) -- C:\Users\Ash\Desktop\ComboFix.exe
[2013.03.12 16:23:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.12 09:33:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.12 07:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.11 12:19:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ash\Desktop\tdsskiller.exe
[2013.03.11 12:17:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ash\Desktop\aswMBR.exe
[2013.03.11 12:14:39 | 000,000,000 | ---D | C] -- C:\Users\Ash\Desktop\mbar
[2013.03.11 12:13:45 | 000,000,000 | ---D | C] -- C:\Users\Ash\Desktop\Neuer Ordner1
[2013.03.10 14:43:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2013.03.09 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\QuickScan
[2013.03.08 13:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.06 06:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.06 06:39:04 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.03.06 06:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.03.05 19:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.02.24 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\ActivePresenter
[2013.02.24 12:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2013.02.24 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATOMI
[2013.02.24 11:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.02.24 11:20:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.02.22 17:09:10 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013.02.22 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Broad Intelligence
[2013.02.22 14:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2013.02.17 08:27:46 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\IObit
[2013.02.17 08:19:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.02.17 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Opera
[2013.02.17 08:03:57 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.02.17 08:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.16 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2013.02.16 09:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.02.15 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2013.02.15 13:47:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\MAGIX Downloads
[2013.02.15 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\MAGIX
[2013.02.15 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Logitech® Webcam-Software
[2013.02.15 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Leadertech
[2013.02.15 12:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.02.15 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2013.02.15 12:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.15 12:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2013.02.15 12:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.15 12:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 12:17:26 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.03.13 12:16:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.03.13 12:16:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.13 12:16:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 12:16:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 12:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 12:16:34 | 2011,607,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 12:13:13 | 000,597,667 | ---- | M] () -- C:\Users\Ash\Desktop\adwcleaner.exe
[2013.03.13 12:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 12:05:52 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ash\Desktop\JRT.exe
[2013.03.13 09:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.13 09:07:26 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 09:07:26 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.13 08:17:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.13 08:03:25 | 005,037,887 | R--- | M] (Swearware) -- C:\Users\Ash\Desktop\ComboFix.exe
[2013.03.13 06:40:20 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18774119-C679-4AA5-B698-E5A37E721850}.job
[2013.03.12 12:01:21 | 044,866,501 | ---- | M] () -- C:\Users\Ash\Desktop\P3_Podcast_103.mp3
[2013.03.12 09:33:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2013.03.12 09:33:02 | 320,343,446 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.11 12:19:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ash\Desktop\tdsskiller.exe
[2013.03.11 12:19:07 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ash\Desktop\aswMBR.exe
[2013.03.11 12:14:31 | 013,786,977 | ---- | M] () -- C:\Users\Ash\Desktop\mbar-1.01.0.1021.zip
[2013.03.11 07:03:35 | 000,006,483 | ---- | M] () -- C:\Users\Ash\.recently-used.xbel
[2013.03.11 06:59:32 | 000,003,515 | ---- | M] () -- C:\Users\Ash\Desktop\Unbenannt.jpg
[2013.03.11 06:50:44 | 000,215,040 | ---- | M] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.11 05:05:22 | 000,633,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.11 05:05:22 | 000,599,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.11 05:05:22 | 000,128,784 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.11 05:05:22 | 000,105,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.10 14:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2013.03.10 14:42:25 | 000,000,000 | ---- | M] () -- C:\Users\Ash\defogger_reenable
[2013.03.06 06:30:16 | 002,037,347 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.03 09:45:34 | 000,372,026 | ---- | M] () -- C:\Users\Ash\Desktop\doc(1).pdf
[2013.02.15 06:13:21 | 000,323,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 18:39:41 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2013.03.13 12:17:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.03.13 12:13:09 | 000,597,667 | ---- | C] () -- C:\Users\Ash\Desktop\adwcleaner.exe
[2013.03.13 08:04:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.13 08:04:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.13 08:04:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.13 08:04:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.13 08:04:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.12 11:59:54 | 044,866,501 | ---- | C] () -- C:\Users\Ash\Desktop\P3_Podcast_103.mp3
[2013.03.12 09:33:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2013.03.12 09:32:20 | 320,343,446 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.11 12:14:20 | 013,786,977 | ---- | C] () -- C:\Users\Ash\Desktop\mbar-1.01.0.1021.zip
[2013.03.11 07:03:35 | 000,006,483 | ---- | C] () -- C:\Users\Ash\.recently-used.xbel
[2013.03.11 06:59:32 | 000,003,515 | ---- | C] () -- C:\Users\Ash\Desktop\Unbenannt.jpg
[2013.03.10 14:42:25 | 000,000,000 | ---- | C] () -- C:\Users\Ash\defogger_reenable
[2013.03.03 09:45:34 | 000,372,026 | ---- | C] () -- C:\Users\Ash\Desktop\doc(1).pdf
[2013.02.17 08:03:57 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.04.06 14:55:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 02:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.06.07 09:15:57 | 000,604,160 | ---- | C] () -- C:\Windows\System32\SetupExt.dll
[2010.07.24 13:11:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.11 15:19:11 | 000,215,040 | ---- | C] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 16:14:58 | 000,008,698 | ---- | C] () -- C:\Users\Ash\clearance.wav
[2010.05.08 16:10:30 | 000,027,498 | ---- | C] () -- C:\Users\Ash\alertsnd.wav
[2010.05.08 16:03:54 | 000,030,517 | ---- | C] () -- C:\Users\Ash\avatar-15609.png
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2013 12:20:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ash\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 58,54% Memory free
3,99 Gb Paging File | 3,19 Gb Available in Paging File | 80,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 126,55 Gb Free Space | 44,39% Space Free | Partition Type: NTFS
 
Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-155058581-1483213334-3747603030-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{226E7B6F-B201-4DC3-9D04-64E132332EE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{31121D26-AC3E-4A49-A8DA-77B5D23AFFD7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3B65471E-D5B6-4133-B0C5-C5EAA1898212}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{45003CE0-CD5B-4F29-A1C8-22D8D7D005DB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{9D63B296-CE71-4427-A5B6-8F9AF753709B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A54C109D-F0B6-4DCB-953D-6000DB90F8E6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A7FB3953-CA0C-42BE-B2A5-0AAD45937F62}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B807494E-6575-4C56-A782-F4FE6A375DAB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B921C124-F4B6-43B6-AF1A-9754733F83E8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D0D294A4-AB56-4F7C-98E7-7B02AEAC2D5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EBD79618-23C0-4F70-A532-5DF3E4EF7B5B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F5F5B347-BD4A-4E2F-8104-FD9087AD885D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFB4F871-188A-4BE8-984A-1E05806B74E4}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D3B0B8-D2C3-4383-A63C-68713271B3F6}" = dir=out | app=c:\program files\atomi\activepresenter\rlactivator.exe | 
"{0358B9CF-E43A-4672-985D-5AF0D5D58EB1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{0910446B-0E4C-4F13-9389-1A4CBEA04FE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0BA25DA5-5394-410A-AB6B-F184441C2D6B}" = dir=out | app=c:\program files\atomi\activepresenter\activepresenter.exe | 
"{0F487081-ADD3-430A-8F0A-E6208FB86781}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{18904E82-FBFB-4C13-855F-E106DF5A74A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2747C3E9-A73E-44A5-86DB-FC43007DEEE3}" = dir=out | app=c:\program files\atomi\activepresenter\rlupdater.exe | 
"{354E4271-3276-4E25-86F2-24615D342AA9}" = dir=in | app=c:\program files\atomi\activepresenter\activepresenter.exe | 
"{3AF706B2-B671-47DB-A708-2BA8D787B6FB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{3B5C933B-ED98-45EC-A5E0-D799003F6941}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{44632013-250B-4EFF-92DF-CEBC5A12E706}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{4B38D425-6E93-40A8-93E2-D762F32722C9}" = dir=in | app=c:\program files\atomi\activepresenter\rlactivator.exe | 
"{564D7B6C-D752-43CD-AB6E-702E608A4E02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5D015A0D-E30C-43C1-A195-508EE2DF7360}" = dir=in | app=c:\program files\atomi\activepresenter\rlupdater.exe | 
"{61DE506D-ECB7-436A-99E3-D8146CF6C620}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{61FD1D47-ED4A-4BAF-B265-79B43277A411}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{74ECE3D3-EB1E-4624-B416-CB5FE8B5775F}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{84DF2D96-4B64-4356-A6B4-A80D049FCD19}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{92A25B97-96AF-4AB4-A470-FE7106E3D7C1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{A11DA26B-6C59-40FD-B8B5-31834D1761AD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B4B35A1A-A5D3-4AE7-A2BC-C3C659221BE4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C07A38CE-8AA1-4615-9E24-9D42F778C717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C0FD9C45-84D1-4A11-A7DD-13B40783885A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C3CE635A-9C02-455A-A884-E674DEA2B632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D10F4455-2314-4CBE-AB67-7E329D2D771B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D976E55F-A827-4C31-9DA5-83FC087E9BFA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E7699D2A-9FE4-4DEF-B0C4-8C51AAC7D8E1}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{E8A4D729-DC7C-4716-918B-1EC63BB44703}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{EB9E387D-0A00-4032-905C-7FC41F19FEDC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{F5EACE9C-6CAF-4E02-BCFC-B531FE9D4968}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F83544EA-B906-496D-8ADF-7B489D2827A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1" = ActivePresenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}" = NWZ-B170 WALKMAN Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup" = DivX-Setup
"Episode 1" = Back to the Future The Game - Episode 1
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.45
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.67
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Recover My Files v5_is1" = Recover My Files
"Red Dead Redemption" = Red Dead Redemption Screen Saver
"Steam App 400" = Portal
"VLC media player" = VLC media player 2.0.5
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-155058581-1483213334-3747603030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:17:09 | Computer Name = Ash-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 07:18:07 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 30.07.2010 12:36:51 | Computer Name = Ash-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 527
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.03.2013 07:16:46 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 13.03.2013 07:18:08 | Computer Name = Ash-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 13.03.2013, 11:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 15:50   #13
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Habe Malwarebytes und den Eset Scanner durchlaufen lassen und bei beiden gab es keine Befunde.

Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.13.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Ash :: ASH-PC [Administrator]

13.03.2013 13:03:08
mbam-log-2013-03-13 (13-03-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223040
Laufzeit: 8 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Eset Log:
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e6004fe6ea465d4498b61f8ee93b6a80
# engine=13371
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-13 02:07:37
# local_time=2013-03-13 03:07:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 639298 125780242 0 0
# compatibility_mode=5892 16776574 100 95 162304348 200716385 0 0
# scanned=181340
# found=0
# cleaned=0
# scan_time=6807
         

Alt 13.03.2013, 18:55   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.03.2013, 06:49   #15
Ash85
 
Weiterleitung über andere Adresse im Browser - Standard

Weiterleitung über andere Adresse im Browser



Soweit läuft alles wieder, wurde auch nicht wieder umgeleitet und andere Dinge sind mir nicht aufgefallen.

Kann ich die ganzen Programme jetzt löschen oder einfach drauflassen?

Ich bedanke mich hiermit aufs äußerste für deine tolle Hilfe!

Antwort

Themen zu Weiterleitung über andere Adresse im Browser
7-zip, adobe, audacity, autorun, bho, browser, computer, defender, desktop, error, firefox, flash player, format, home, hotspot, install.exe, mozilla, nodrives, office 2007, popup, problem, realtek, registry, rundll, scan, security, senden, software, svchost.exe, symantec, unknown mbr, vista



Ähnliche Themen: Weiterleitung über andere Adresse im Browser


  1. www.google.de leitet auf andere Adresse um
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (4)
  2. Aufzeichnung IP Adresse/Mac Adresse über Wlan
    Netzwerk und Hardware - 27.12.2013 (5)
  3. Unbekannte IP-Adresse an Port 139 und andere gebunden
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (9)
  4. Spam mails über meine Email Adresse
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (12)
  5. Weiterleitung über andere Adresse im Browser, gleiches Problem wie anderer Thread vom 10.3.2013
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (9)
  6. Weiterleitung auf andere Seiten
    Log-Analyse und Auswertung - 24.01.2013 (14)
  7. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  8. Dritter erstellt Account über meine E-mail Adresse
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (8)
  9. Weiterleitung Rocketnews und andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  10. BKA Virus & Weiterleitung auf andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (19)
  11. Spam über meine email Adresse versendet
    Log-Analyse und Auswertung - 17.10.2010 (1)
  12. Über IP-Adresse werden Spammails versendet, T-Online beschränkt Mailversand
    Überwachung, Datenschutz und Spam - 05.07.2010 (1)
  13. google virus - weiterleitung auf andere seite über http://rev-advert.com/search.php?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (3)
  14. Googlesuche - Weiterleitung auf andere Seiten
    Mülltonne - 01.07.2008 (0)
  15. Hijack This, Weiterleitung auf andere Homepages
    Log-Analyse und Auswertung - 19.11.2007 (29)
  16. was kann man alles über die IP Adresse heraus finden?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2005 (8)
  17. Angreifbar über E-mail-Adresse und Wurmbefall
    Plagegeister aller Art und deren Bekämpfung - 19.01.2005 (11)

Zum Thema Weiterleitung über andere Adresse im Browser - Hallo zusammen! Ich habe folgendes Problem: Wenn ich z.B. auf Amazon.de gehe oder auch auf videogameszone.de werde teilweise erst andere Adressen angezeigt und ich lande dann auf der gewünschten Seite - Weiterleitung über andere Adresse im Browser...
Archiv
Du betrachtest: Weiterleitung über andere Adresse im Browser auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.