Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Infektion? Was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2013, 07:32   #1
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo Ihr Lieben,
ich bin neu hier.
Bei mir lag folgendes Problem vor: immer, wenn ich mit firefox ins Internet gegangen bin, hat sich meine Startseite automatisch geändert. Da stand dann immer ? Fr=FS-SUNM und halt Seitenladefehler.
Versuche die Starseite wieder auf google umzustellen blieben ohne Erfolg. Ich habe mit Avira den Scan durchgeführt, nichts gefunden. Mit ad aware einen Scan durchgeführt, er hat 14 Bedrohungen erkannt. Beim Klick auf infizierte Dateien sagt er mir: Name der Gefahr Babylon (fs), Kategorie Misc (General) Spurenanzahl 6, Level Moderate. Und: Babylon (v). Kategorie wie zuvor und Spurenanzahl 8 und Level auch wie zuvor. Was ist das bitte? Mein Rechner steht jetzt hier und ich habe nichts gemacht. Ich bin mir unsicher was ich nun tun soll. Als Maßnahme wird mir empfohlen: reinigen. Habe auch nicht in Quarantäne verschoben. Ich habe hier schon mehrfach nachgelesen, dass man das nicht einfach löschen soll und bin daher sehr unsicher. Und ivh habe ehrlich gesagt auch keine Ahnung.... Könnte mir bitte jemand helfen?

LG

Alt 21.03.2013, 11:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 21.03.2013, 12:09   #3
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



so ich hoffe, das ist richtig und ich habe es richtig eingefügt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.03.2013 11:40:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Diana\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,88% Memory free
7,73 Gb Paging File | 5,44 Gb Available in Paging File | 70,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,84 Gb Total Space | 406,84 Gb Free Space | 59,32% Space Free | Partition Type: NTFS
Drive D: | 702,82 Mb Total Space | 177,62 Mb Free Space | 25,27% Space Free | Partition Type: UDF
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Diana\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft.)
PRC - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Users\Diana\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger ()
MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll ()
MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (StumbleUponUpdater) -- C:\Users\Diana\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110223.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110223.002\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110221.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Outlook, Skype Download sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Outlook, Skype Download sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Outlook, Skype Download sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Outlook, Skype Download sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\.DEFAULT\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\S-1-5-18\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Outlook, Skype Download sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\SearchScopes\{0B6F50FA-6E5B-4DA8-A61D-40655DEF1B9C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f4a01cf2-89da-41d8-97cf-aadd691d6a27&apn_sauid=4D9754C9-08CE-4B93-B72B-EDA3BC29B62A
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=4c435202000000000000206a8a1be9de
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=62FF6E42133C7A21946BB75149A56760&q={searchTerms}
IE - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=62FF6E42133C7A21946BB75149A56760"
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.startup.homepage: "?fr=fp-sunm"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: plugin%40loadtubes.com:1.03
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7B7e111a5c-3d11-4f56-9463-5310c3c69025%7D:10.14.65.43
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&CUI=UN97710000120014988&UM=UM_ID&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Suche"
FF - user.js..browser.search.order.1: "Suche"
FF - user.js..browser.search.defaultenginename: "Suche"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Diana\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011.09.28 05:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2013.03.21 10:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.20 15:27:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.20 15:27:27 | 000,000,000 | ---D | M]
 
[2010.12.25 10:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions
[2013.03.20 14:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions
[2013.03.20 15:26:12 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2013.03.20 15:26:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.20 15:26:11 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2013.03.20 15:26:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2013.03.20 15:26:05 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.03.20 15:26:14 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.03.20 15:26:14 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.03.20 15:26:12 | 000,000,000 | ---D | M] (x-plugin-0) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\plugin@loadtubes.com
[2013.03.20 15:26:12 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\8ooej6fr.default\extensions\software@loadtubes.com
[2013.03.21 11:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions
[2011.12.04 17:31:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.04 20:27:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.12.04 20:27:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.04 20:27:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.04 17:31:04 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\ffxtlbr@babylon.com
[2013.03.20 15:26:05 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\software@loadtubes.com
[2013.03.20 15:26:05 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\a9p2rcof.default\extensions\toolbar@stumbleupon.com
[2013.03.18 22:40:27 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\Diana\AppData\Roaming\mozilla\firefox\profiles\8ooej6fr.default\extensions\personas@christopher.beard.xpi
[2012.12.15 23:20:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Diana\AppData\Roaming\mozilla\firefox\profiles\8ooej6fr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011.12.04 20:13:09 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Diana\AppData\Roaming\mozilla\firefox\profiles\a9p2rcof.default\extensions\personas@christopher.beard.xpi
[2013.03.18 22:04:45 | 000,002,344 | ---- | M] () -- C:\Users\Diana\AppData\Roaming\mozilla\firefox\profiles\8ooej6fr.default\searchplugins\askcom.xml
[2012.06.18 15:23:34 | 000,000,947 | ---- | M] () -- C:\Users\Diana\AppData\Roaming\mozilla\firefox\profiles\8ooej6fr.default\searchplugins\conduit.xml
[2013.03.21 11:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.18 22:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.25 22:01:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.02 21:44:59 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2013.03.20 13:03:13 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.02 20:27:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.11 11:19:22 | 000,000,139 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Suche.src
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Diana\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Diana\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Diana\AppData\Roaming\xplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001..\Run: [LG LinkAir]  File not found
O4 - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2044949454-3658418661-3396443947-1001..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Diana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Diana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09206BE-A694-4C06-9098-EE6C4422FD1B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.20 17:23:46 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2013.03.20 17:23:46 | 000,000,130 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.20 14:22:59 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.03.20 14:22:59 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.03.20 14:22:59 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.20 14:22:37 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.20 14:22:37 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.20 14:22:37 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.20 14:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.20 13:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013.03.20 13:07:08 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\LavasoftStatistics
[2013.03.20 13:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.03.20 13:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.03.20 13:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.03.20 13:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.03.20 13:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.03.20 13:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013.03.20 13:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.03.20 13:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013.03.20 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Local\adawarebp
[2013.03.20 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.03.20 13:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.03.20 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013.03.20 13:01:50 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.03.20 13:01:50 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.03.20 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Ad-Aware Antivirus
[2013.03.19 00:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.03.19 00:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.03.19 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\NCH Software
[2013.03.18 22:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.18 22:10:34 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Avira
[2013.03.18 22:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.18 22:02:07 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.18 22:02:07 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.18 22:02:07 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.18 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.18 21:53:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.18 21:53:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.18 21:53:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.18 21:53:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.18 21:53:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.18 21:53:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.18 21:53:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.18 21:53:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.18 21:53:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.18 21:53:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.18 21:53:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.18 21:53:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.18 21:53:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.18 21:53:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.18 21:53:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.18 21:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.18 21:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.18 21:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.21 11:46:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.21 11:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.21 11:00:53 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 11:00:53 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 10:53:00 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.03.21 10:51:32 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.21 10:51:27 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.21 10:51:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.21 10:50:48 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.20 15:01:31 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.20 14:22:28 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.20 14:22:27 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.03.20 14:22:27 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.03.20 14:22:27 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.20 14:22:27 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.20 14:22:27 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.20 13:20:07 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013.03.20 13:01:50 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.03.20 13:01:50 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.03.19 11:15:54 | 004,665,520 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 11:15:54 | 001,827,756 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 11:15:54 | 001,414,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 11:15:54 | 001,264,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 11:15:54 | 000,005,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 00:08:49 | 000,008,914 | ---- | M] () -- C:\Users\Diana\Documents\cd diana märz 2013 II.dxp
[2013.03.18 23:22:35 | 000,001,270 | ---- | M] () -- C:\Users\Diana\Documents\cd-diana-august 2012.dxp
[2013.03.18 23:21:09 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.03.18 22:55:26 | 000,011,802 | ---- | M] () -- C:\Users\Diana\Documents\cd diana jan 2013.dxp
[2013.03.18 22:25:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.18 22:25:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.18 22:05:07 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.18 22:00:26 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.18 21:48:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.18 21:48:59 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.18 21:48:58 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.03 14:45:37 | 000,296,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.19 17:45:42 | 003,325,720 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2013.02.19 17:45:42 | 003,325,720 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.20 15:01:31 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.20 13:20:07 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013.03.20 13:04:30 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.03.18 22:55:45 | 000,008,914 | ---- | C] () -- C:\Users\Diana\Documents\cd diana märz 2013 II.dxp
[2013.03.18 22:05:07 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.10 01:10:55 | 000,000,980 | ---- | C] () -- C:\Users\Diana\Bildbestellung rossmann+.html
[2012.12.10 00:42:26 | 131,196,008 | ---- | C] () -- C:\Users\Diana\kalender lothar 2013.cpr
[2012.12.10 00:25:15 | 107,836,182 | ---- | C] () -- C:\Users\Diana\kalender mama 2013.cpr
[2012.12.09 23:59:22 | 118,335,679 | ---- | C] () -- C:\Users\Diana\kalender günter 2013.cpr
[2012.12.09 23:30:48 | 117,344,288 | ---- | C] () -- C:\Users\Diana\kalender dennis 2013.cpr
[2012.09.12 22:06:49 | 000,001,354 | ---- | C] () -- C:\Users\Diana\Setup_start.xcu
[2012.09.12 22:03:04 | 000,004,380 | ---- | C] () -- C:\Users\Diana\__future__.py
[2012.08.07 21:34:29 | 000,419,737 | ---- | C] () -- C:\Users\Diana\Fstadt.pdf
[2011.12.12 02:03:55 | 000,000,980 | ---- | C] () -- C:\Users\Diana\Bildbestellung kalender.html
[2011.12.12 01:18:49 | 316,055,815 | ---- | C] () -- C:\Users\Diana\kalender daniela 2012.cpr
[2011.12.12 00:38:03 | 387,360,181 | ---- | C] () -- C:\Users\Diana\kalender lothar 2012.cpr
[2011.12.12 00:13:13 | 294,948,614 | ---- | C] () -- C:\Users\Diana\kalender dennis 2012.cpr
[2011.12.11 23:42:46 | 301,474,583 | ---- | C] () -- C:\Users\Diana\kalender mama 2012.cpr
[2011.12.11 22:31:20 | 273,228,254 | ---- | C] () -- C:\Users\Diana\kalender günter 2012.cpr
[2011.12.11 21:58:01 | 003,003,324 | ---- | C] () -- C:\Users\Diana\fotokalender günter.cpr
[2011.12.10 01:14:04 | 000,000,986 | ---- | C] () -- C:\Users\Diana\BildbestellungI.html
[2011.12.09 00:19:51 | 001,997,451 | ---- | C] () -- C:\Users\Diana\rossmann-grußkarten.cpr
[2011.08.01 22:37:43 | 000,000,675 | ---- | C] () -- C:\Users\Diana\Diana - Verknüpfung.lnk
[2011.07.01 23:08:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.07.01 23:08:32 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.04.08 23:37:45 | 000,000,036 | ---- | C] () -- C:\Users\Diana\AppData\Local\housecall.guid.cache
[2011.03.23 22:57:04 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.12 04:51:51 | 000,000,980 | ---- | C] () -- C:\Users\Diana\Bildbestellung.html
[2010.12.12 01:37:27 | 240,375,893 | ---- | C] () -- C:\Users\Diana\kalender lothar.cpr
[2010.12.12 00:20:13 | 191,513,796 | ---- | C] () -- C:\Users\Diana\kalender dennis.cpr
[2010.12.11 01:23:23 | 138,650,735 | ---- | C] () -- C:\Users\Diana\kalender mama.cpr
[2010.12.11 00:15:02 | 114,374,389 | ---- | C] () -- C:\Users\Diana\kalender Daniela.cpr
[2010.12.10 00:59:05 | 174,160,862 | ---- | C] () -- C:\Users\Diana\kalender günter 2011.cpr
[2009.05.26 21:21:30 | 000,000,969 | ---- | C] () -- C:\Users\Diana\.recently-used.xbel
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 506 bytes -> C:\Users\Diana\Documents\siena email.eml:OECustomProperty

< End of report >
         
--- --- ---
und hier das weitere, was unter Extras.txt eingetragen ist:

Fehler 0x800736b3 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2661254)

Error - 20.03.2013 05:25:01 | Computer Name = Diana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2560656)

Error - 20.03.2013 05:42:25 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error - 20.03.2013 09:40:48 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.

Error - 20.03.2013 09:40:48 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053

Error - 20.03.2013 10:15:46 | Computer Name = Diana-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 20.03.2013 10:33:32 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error - 20.03.2013 22:01:52 | Computer Name = Diana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2661254)

Error - 20.03.2013 22:01:52 | Computer Name = Diana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80246007 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
(KB976932)

Error - 20.03.2013 22:03:16 | Computer Name = Diana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2560656)


< End of report >
__________________

Alt 21.03.2013, 15:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 22:02   #5
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo... So. ich habe nun alles erledigt. Denke und hoffe ich. Ich poste jetzt erstmal das von Malwarebytes:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

21.03.2013 21:07:22
mbar-log-2013-03-21 (21-07-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31170
Time elapsed: 18 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-2.1 (PUP.LoadTubes) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Data: -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Users\Diana\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Delete on reboot.

Files Detected: 20
c:\Users\Diana\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Local\Temp\ltsilentio\npm.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Local\Temp\ltsilentio\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\Downloads\SoftonicDownloader_fuer_a-squared.exe (PUP.OfferBundler.ST) -> Delete on reboot.
c:\Users\Diana\Downloads\SoftonicDownloader_fuer_nokia-pc-suite.exe (PUP.OfferBundler.ST) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Delete on reboot.

(end)


und nun der 2. Durchlauf:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

21.03.2013 21:53:50
mbar-log-2013-03-21 (21-53-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31141
Time elapsed: 20 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Vorab schon mal ein ganz fettes DANKESCHÖN.

Ist der PC jetzt wieder "sauber"?

Liebe Grüße


Alt 22.03.2013, 11:59   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Warum postest du die Logs nicht wie erwähnt in CODE-Tags?
Was ist mit GMER?


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> Infektion? Was tun?

Alt 22.03.2013, 14:30   #7
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo,
ich wußte nicht, wie das geht !!! Ist es denn schlimm, dass ich das so in die Antwort gepackt habe?


Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-21 20:40:19
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Diana\AppData\Local\Temp\ugdoapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2264] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                         0000000074f3d03c 5 bytes JMP 000000010065e550
.text  C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                     0000000077782a93 6 bytes JMP 0000000110056450
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!GetSysColor                                             0000000075c67959 5 bytes JMP 0000000110089370
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!GetSysColorBrush                                        0000000075c7308a 5 bytes JMP 00000001100893b0
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!GetScrollInfo                                           0000000075c7452a 7 bytes JMP 0000000110096720
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!SetScrollInfo                                           0000000075c745e7 7 bytes JMP 00000001100967d0
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!ShowScrollBar                                           0000000075c7467a 5 bytes JMP 00000001100968a0
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!GetScrollPos                                            0000000075c74741 5 bytes JMP 0000000110096760
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!SetScrollPos                                            0000000075c788cd 5 bytes JMP 0000000110096810
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!GetScrollRange                                          0000000075c78fac 5 bytes JMP 0000000110096790
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!EnableScrollBar                                         0000000075c7b3b7 7 bytes JMP 00000001100966e0
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!EndDialog                                               0000000075c7c184 5 bytes JMP 0000000110056430
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!DrawFrameControl                                        0000000075c833b5 7 bytes JMP 0000000110086f30
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\USER32.dll!SetScrollRange                                          0000000075c90207 5 bytes JMP 0000000110096850
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                       00000000731611a8 2 bytes [16, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                 00000000731613a8 2 bytes [16, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                     0000000073161422 2 bytes [16, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                              0000000073161498 2 bytes [16, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                   0000000073171b41 2 bytes [17, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                   0000000073171be8 2 bytes [17, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                   0000000073171c20 2 bytes [17, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                   0000000073171cd2 2 bytes [17, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                   0000000073171cf2 2 bytes [17, 73]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe[4540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe[4540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000753a1465 2 bytes [3A, 75]
.text  C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\PROGRA~2\AD-AWA~1\AdAware.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         00000000753a1465 2 bytes [3A, 75]
.text  C:\PROGRA~2\AD-AWA~1\AdAware.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\ProgramData\Search Protection\SearchProtection.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000753a1465 2 bytes [3A, 75]
.text  C:\ProgramData\Search Protection\SearchProtection.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000753a1465 2 bytes [3A, 75]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000753a14bb 2 bytes [3A, 75]
.text  ...                                                                                                                                                    * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46a38f0c7                                                                            
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46a38f0c7 (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

21.03.2013 21:07:22
mbar-log-2013-03-21 (21-07-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31170
Time elapsed: 18 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-2.1 (PUP.LoadTubes) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Data:  -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Users\Diana\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Delete on reboot.

Files Detected: 20
c:\Users\Diana\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Local\Temp\ltsilentio\npm.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Local\Temp\ltsilentio\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\Downloads\SoftonicDownloader_fuer_a-squared.exe (PUP.OfferBundler.ST) -> Delete on reboot.
c:\Users\Diana\Downloads\SoftonicDownloader_fuer_nokia-pc-suite.exe (PUP.OfferBundler.ST) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Diana\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Delete on reboot.

(end)
         

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

21.03.2013 21:53:50
mbar-log-2013-03-21 (21-53-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31141
Time elapsed: 20 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Ich hoffe, jetzt ist es richtig. Danke für die Anleitung.
LG

Alt 22.03.2013, 16:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hm, jetzt hast du MBAR vorher dem Scannen nicht aktualisiert
Bitte die Anleitungen sorgfältiger lesen und umsetzen oder willst du jedes Tool min. 2x ausführen

Bitte mBAR nochmal machen vor dem Scannen aktualisieren bitte. Wie das geht entnimmst du bitte der Anleitung
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 20:46   #9
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo,
so ich habe nun erneut mbar durchlaufen lassen.

Hier das Ergebnis:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.22.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

22.03.2013 20:24:38
mbar-log-2013-03-22 (20-24-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30938
Time elapsed: 20 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Alles nun ok? Liebe Grüße

Alt 23.03.2013, 10:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2013, 17:41   #11
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo!

aswMBR.exe:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 16:38:42
-----------------------------
16:38:42.295    OS Version: Windows x64 6.1.7600 
16:38:42.295    Number of processors: 4 586 0x2505
16:38:42.297    ComputerName: DIANA-PC  UserName: Diana
16:38:46.716    Initialize success
16:40:30.948    AVAST engine defs: 13032301
16:40:58.215    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:40:58.219    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
16:40:58.395    Disk 0 MBR read successfully
16:40:58.399    Disk 0 MBR scan
16:40:58.408    Disk 0 Windows VISTA default MBR code
16:40:58.424    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
16:40:58.446    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
16:40:58.454    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       702302 MB offset 26830848
16:40:58.492    Disk 0 scanning C:\Windows\system32\drivers
16:41:13.502    Service scanning
16:41:39.471    Modules scanning
16:41:39.483    Disk 0 trace - called modules:
16:41:39.525    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:41:39.543    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0c790]
16:41:39.551    3 CLASSPNP.SYS[fffff880015d143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004941050]
16:41:44.375    AVAST engine scan C:\Windows
16:41:55.309    AVAST engine scan C:\Windows\system32
16:46:30.324    AVAST engine scan C:\Windows\system32\drivers
16:47:23.081    AVAST engine scan C:\Users\Diana
17:23:25.224    AVAST engine scan C:\ProgramData
17:30:22.409    Scan finished successfully
17:32:10.012    Disk 0 MBR has been saved successfully to "C:\Users\Diana\Downloads\Desktop\MBR.dat"
17:32:10.200    The log file has been saved successfully to "C:\Users\Diana\Downloads\Desktop\aswMBR.txt"
         
und TDSS Killer:

Code:
ATTFilter
17:32:57.0457 6176  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:32:57.0732 6176  ============================================================
17:32:57.0732 6176  Current date / time: 2013/03/23 17:32:57.0732
17:32:57.0732 6176  SystemInfo:
17:32:57.0732 6176  
17:32:57.0732 6176  OS Version: 6.1.7600 ServicePack: 0.0
17:32:57.0732 6176  Product type: Workstation
17:32:57.0732 6176  ComputerName: DIANA-PC
17:32:57.0733 6176  UserName: Diana
17:32:57.0733 6176  Windows directory: C:\Windows
17:32:57.0733 6176  System windows directory: C:\Windows
17:32:57.0733 6176  Running under WOW64
17:32:57.0733 6176  Processor architecture: Intel x64
17:32:57.0733 6176  Number of processors: 4
17:32:57.0733 6176  Page size: 0x1000
17:32:57.0733 6176  Boot type: Normal boot
17:32:57.0733 6176  ============================================================
17:32:58.0270 6176  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:32:58.0279 6176  ============================================================
17:32:58.0279 6176  \Device\Harddisk0\DR0:
17:32:58.0371 6176  MBR partitions:
17:32:58.0371 6176  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
17:32:58.0371 6176  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x55BAF6F0
17:32:58.0371 6176  ============================================================
17:32:58.0449 6176  C: <-> \Device\Harddisk0\DR0\Partition2
17:32:58.0449 6176  ============================================================
17:32:58.0449 6176  Initialize success
17:32:58.0449 6176  ============================================================
17:33:32.0483 5480  ============================================================
17:33:32.0483 5480  Scan started
17:33:32.0483 5480  Mode: Manual; SigCheck; TDLFS; 
17:33:32.0483 5480  ============================================================
17:33:33.0195 5480  ================ Scan system memory ========================
17:33:33.0196 5480  System memory - ok
17:33:33.0200 5480  ================ Scan services =============================
17:33:33.0388 5480  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:33:33.0598 5480  1394ohci - ok
17:33:33.0630 5480  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
17:33:33.0651 5480  ACPI - ok
17:33:33.0689 5480  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
17:33:33.0791 5480  AcpiPmi - ok
17:33:33.0916 5480  [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
17:33:33.0982 5480  Ad-Aware Service - ok
17:33:34.0101 5480  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
17:33:34.0129 5480  AdobeActiveFileMonitor8.0 - ok
17:33:34.0285 5480  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:34.0312 5480  AdobeARMservice - ok
17:33:34.0506 5480  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:34.0535 5480  AdobeFlashPlayerUpdateSvc - ok
17:33:34.0617 5480  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:33:34.0656 5480  adp94xx - ok
17:33:34.0706 5480  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:33:34.0730 5480  adpahci - ok
17:33:34.0744 5480  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:33:34.0761 5480  adpu320 - ok
17:33:34.0790 5480  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:33:34.0990 5480  AeLookupSvc - ok
17:33:35.0067 5480  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
17:33:35.0160 5480  AFD - ok
17:33:35.0201 5480  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
17:33:35.0224 5480  agp440 - ok
17:33:35.0242 5480  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:33:35.0316 5480  ALG - ok
17:33:35.0331 5480  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
17:33:35.0353 5480  aliide - ok
17:33:35.0395 5480  [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:33:35.0481 5480  AMD External Events Utility - ok
17:33:35.0504 5480  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
17:33:35.0518 5480  amdide - ok
17:33:35.0531 5480  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:33:35.0576 5480  AmdK8 - ok
17:33:35.0738 5480  [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
17:33:35.0961 5480  amdkmdag - ok
17:33:35.0996 5480  [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:33:36.0033 5480  amdkmdap - ok
17:33:36.0049 5480  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:33:36.0105 5480  AmdPPM - ok
17:33:36.0151 5480  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:33:36.0182 5480  amdsata - ok
17:33:36.0219 5480  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:33:36.0236 5480  amdsbs - ok
17:33:36.0254 5480  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:33:36.0268 5480  amdxata - ok
17:33:36.0295 5480  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
17:33:36.0357 5480  AmUStor - ok
17:33:36.0410 5480  [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus          C:\Windows\system32\DRIVERS\lgandbus64.sys
17:33:36.0479 5480  Andbus - ok
17:33:36.0525 5480  [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag64.sys
17:33:36.0568 5480  AndDiag - ok
17:33:36.0595 5480  [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps          C:\Windows\system32\DRIVERS\lgandgps64.sys
17:33:36.0633 5480  AndGps - ok
17:33:36.0672 5480  [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem64.sys
17:33:36.0717 5480  ANDModem - ok
17:33:36.0823 5480  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:33:36.0847 5480  AntiVirSchedulerService - ok
17:33:36.0913 5480  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:33:36.0938 5480  AntiVirService - ok
17:33:36.0982 5480  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
17:33:37.0102 5480  AppID - ok
17:33:37.0130 5480  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:33:37.0211 5480  AppIDSvc - ok
17:33:37.0234 5480  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
17:33:37.0289 5480  Appinfo - ok
17:33:37.0313 5480  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:33:37.0330 5480  arc - ok
17:33:37.0342 5480  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:33:37.0359 5480  arcsas - ok
17:33:37.0380 5480  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:37.0432 5480  AsyncMac - ok
17:33:37.0464 5480  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
17:33:37.0479 5480  atapi - ok
17:33:37.0512 5480  [ 1C60A629AD4FFD06D80CD522B92CDB7C ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
17:33:37.0524 5480  AthBTPort - ok
17:33:37.0553 5480  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
17:33:37.0600 5480  ATHDFU - ok
17:33:37.0667 5480  [ A31F72621C938048CBA02E82542F0715 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:33:37.0686 5480  AtherosSvc - ok
17:33:37.0760 5480  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:33:37.0849 5480  athr - ok
17:33:37.0877 5480  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:33:37.0892 5480  AtiHdmiService - ok
17:33:37.0947 5480  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:38.0041 5480  AudioEndpointBuilder - ok
17:33:38.0054 5480  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:33:38.0099 5480  AudioSrv - ok
17:33:38.0160 5480  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:33:38.0187 5480  avgntflt - ok
17:33:38.0242 5480  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:33:38.0261 5480  avipbb - ok
17:33:38.0305 5480  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:33:38.0327 5480  avkmgr - ok
17:33:38.0379 5480  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:33:38.0479 5480  AxInstSV - ok
17:33:38.0523 5480  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:33:38.0601 5480  b06bdrv - ok
17:33:38.0633 5480  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:33:38.0676 5480  b57nd60a - ok
17:33:38.0725 5480  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
17:33:38.0812 5480  BCM43XX - ok
17:33:38.0839 5480  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:33:38.0909 5480  BDESVC - ok
17:33:38.0922 5480  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:33:39.0008 5480  Beep - ok
17:33:39.0056 5480  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
17:33:39.0142 5480  BFE - ok
17:33:39.0312 5480  [ 446B2C459A7D11CD71350235D6977E2A ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
17:33:39.0365 5480  BHDrvx64 - ok
17:33:39.0397 5480  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
17:33:39.0465 5480  BITS - ok
17:33:39.0508 5480  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:33:39.0559 5480  blbdrive - ok
17:33:39.0634 5480  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:33:39.0716 5480  bowser - ok
17:33:39.0756 5480  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:33:39.0801 5480  BrFiltLo - ok
17:33:39.0841 5480  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:33:39.0889 5480  BrFiltUp - ok
17:33:39.0996 5480  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
17:33:40.0059 5480  Browser - ok
17:33:40.0096 5480  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:33:40.0170 5480  Brserid - ok
17:33:40.0186 5480  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:33:40.0240 5480  BrSerWdm - ok
17:33:40.0246 5480  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:33:40.0273 5480  BrUsbMdm - ok
17:33:40.0277 5480  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:33:40.0300 5480  BrUsbSer - ok
17:33:40.0338 5480  [ 89F5586E80B42CA4E98B3EFDAFCAD1B8 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
17:33:40.0356 5480  BTATH_A2DP - ok
17:33:40.0393 5480  [ BC14A513C0120919A019E18061FACA46 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
17:33:40.0409 5480  BTATH_BUS - ok
17:33:40.0426 5480  [ 76E867C34242D16E3418AA9A9430D96A ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:33:40.0446 5480  BTATH_HCRP - ok
17:33:40.0456 5480  [ 6409827297DAF3699643E9F6EC5C2CD2 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:33:40.0470 5480  BTATH_LWFLT - ok
17:33:40.0497 5480  [ 2B53167C52A1730A59EDFD3C83DEFF70 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
17:33:40.0510 5480  BTATH_RCP - ok
17:33:40.0524 5480  [ 9B014E62BD3541812A0B2A46459B31D7 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
17:33:40.0540 5480  BtFilter - ok
17:33:40.0586 5480  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:33:40.0658 5480  BthEnum - ok
17:33:40.0672 5480  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:33:40.0717 5480  BTHMODEM - ok
17:33:40.0743 5480  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:33:40.0787 5480  BthPan - ok
17:33:40.0832 5480  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:33:40.0869 5480  BTHPORT - ok
17:33:40.0914 5480  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:33:40.0987 5480  bthserv - ok
17:33:41.0017 5480  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:33:41.0032 5480  BTHUSB - ok
17:33:41.0052 5480  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:33:41.0093 5480  cdfs - ok
17:33:41.0139 5480  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:33:41.0190 5480  cdrom - ok
17:33:41.0228 5480  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:33:41.0295 5480  CertPropSvc - ok
17:33:41.0313 5480  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:33:41.0378 5480  circlass - ok
17:33:41.0409 5480  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:33:41.0436 5480  CLFS - ok
17:33:41.0502 5480  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:41.0527 5480  clr_optimization_v2.0.50727_32 - ok
17:33:41.0581 5480  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:33:41.0608 5480  clr_optimization_v2.0.50727_64 - ok
17:33:41.0707 5480  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:41.0733 5480  clr_optimization_v4.0.30319_32 - ok
17:33:41.0793 5480  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:33:41.0820 5480  clr_optimization_v4.0.30319_64 - ok
17:33:41.0844 5480  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:41.0863 5480  CmBatt - ok
17:33:41.0878 5480  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
17:33:41.0894 5480  cmdide - ok
17:33:41.0931 5480  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
17:33:41.0972 5480  CNG - ok
17:33:41.0986 5480  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:33:42.0000 5480  Compbatt - ok
17:33:42.0018 5480  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:33:42.0056 5480  CompositeBus - ok
17:33:42.0059 5480  COMSysApp - ok
17:33:42.0077 5480  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:33:42.0090 5480  crcdisk - ok
17:33:42.0129 5480  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:33:42.0192 5480  CryptSvc - ok
17:33:42.0356 5480  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:33:42.0398 5480  cvhsvc - ok
17:33:42.0428 5480  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:33:42.0494 5480  DcomLaunch - ok
17:33:42.0536 5480  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:33:42.0624 5480  defragsvc - ok
17:33:42.0685 5480  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:33:42.0745 5480  DfsC - ok
17:33:42.0784 5480  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:33:42.0875 5480  Dhcp - ok
17:33:42.0906 5480  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:33:42.0977 5480  discache - ok
17:33:43.0031 5480  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:33:43.0056 5480  Disk - ok
17:33:43.0098 5480  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:33:43.0125 5480  Dnscache - ok
17:33:43.0144 5480  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
17:33:43.0233 5480  dot3svc - ok
17:33:43.0252 5480  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
17:33:43.0310 5480  DPS - ok
17:33:43.0343 5480  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:33:43.0379 5480  drmkaud - ok
17:33:43.0431 5480  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:33:43.0453 5480  DsiWMIService - ok
17:33:43.0510 5480  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:33:43.0545 5480  DXGKrnl - ok
17:33:43.0555 5480  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:33:43.0637 5480  EapHost - ok
17:33:43.0714 5480  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:33:43.0829 5480  ebdrv - ok
17:33:43.0869 5480  [ 066108AE4C35835081598827A1A7D08D ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:33:43.0901 5480  eeCtrl - ok
17:33:43.0946 5480  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
17:33:44.0010 5480  EFS - ok
17:33:44.0074 5480  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:33:44.0132 5480  ehRecvr - ok
17:33:44.0152 5480  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:33:44.0219 5480  ehSched - ok
17:33:44.0255 5480  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:33:44.0284 5480  elxstor - ok
17:33:44.0387 5480  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
17:33:44.0439 5480  ePowerSvc - ok
17:33:44.0492 5480  [ 12866876E3851F1E5D462B2A83E25578 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:33:44.0519 5480  EraserUtilRebootDrv - ok
17:33:44.0533 5480  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
17:33:44.0568 5480  ErrDev - ok
17:33:44.0632 5480  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:33:44.0686 5480  EventSystem - ok
17:33:44.0718 5480  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:33:44.0783 5480  exfat - ok
17:33:44.0802 5480  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:33:44.0886 5480  fastfat - ok
17:33:44.0911 5480  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
17:33:44.0970 5480  Fax - ok
17:33:44.0981 5480  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:33:45.0020 5480  fdc - ok
17:33:45.0049 5480  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:33:45.0112 5480  fdPHost - ok
17:33:45.0133 5480  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:33:45.0187 5480  FDResPub - ok
17:33:45.0207 5480  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:33:45.0221 5480  FileInfo - ok
17:33:45.0225 5480  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:33:45.0283 5480  Filetrace - ok
17:33:45.0328 5480  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:33:45.0359 5480  FLEXnet Licensing Service - ok
17:33:45.0371 5480  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:45.0391 5480  flpydisk - ok
17:33:45.0414 5480  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:33:45.0434 5480  FltMgr - ok
17:33:45.0501 5480  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
17:33:45.0581 5480  FontCache - ok
17:33:45.0651 5480  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:33:45.0674 5480  FontCache3.0.0.0 - ok
17:33:45.0694 5480  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:33:45.0709 5480  FsDepends - ok
17:33:45.0781 5480  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:33:45.0806 5480  fssfltr - ok
17:33:45.0939 5480  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:33:46.0036 5480  fsssvc - ok
17:33:46.0076 5480  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:33:46.0101 5480  Fs_Rec - ok
17:33:46.0144 5480  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:33:46.0178 5480  fvevol - ok
17:33:46.0203 5480  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:33:46.0221 5480  gagp30kx - ok
17:33:46.0296 5480  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
17:33:46.0323 5480  GameConsoleService - ok
17:33:46.0378 5480  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
17:33:46.0402 5480  gfibto - ok
17:33:46.0449 5480  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
17:33:46.0500 5480  gpsvc - ok
17:33:46.0564 5480  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
17:33:46.0587 5480  GREGService - ok
17:33:46.0658 5480  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:33:46.0684 5480  gupdate - ok
17:33:46.0726 5480  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:33:46.0747 5480  gupdatem - ok
17:33:46.0762 5480  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:33:46.0832 5480  hcw85cir - ok
17:33:46.0850 5480  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:46.0903 5480  HdAudAddService - ok
17:33:46.0940 5480  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:46.0992 5480  HDAudBus - ok
17:33:47.0043 5480  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
17:33:47.0066 5480  HECIx64 - ok
17:33:47.0080 5480  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:33:47.0096 5480  HidBatt - ok
17:33:47.0111 5480  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:33:47.0146 5480  HidBth - ok
17:33:47.0172 5480  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:33:47.0192 5480  HidIr - ok
17:33:47.0226 5480  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:33:47.0301 5480  hidserv - ok
17:33:47.0332 5480  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:33:47.0372 5480  HidUsb - ok
17:33:47.0410 5480  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:33:47.0472 5480  hkmsvc - ok
17:33:47.0499 5480  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:33:47.0546 5480  HomeGroupListener - ok
17:33:47.0569 5480  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:33:47.0605 5480  HomeGroupProvider - ok
17:33:47.0631 5480  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
17:33:47.0649 5480  HpSAMD - ok
17:33:47.0688 5480  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:33:47.0804 5480  HTTP - ok
17:33:47.0836 5480  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:33:47.0850 5480  hwpolicy - ok
17:33:47.0870 5480  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:47.0889 5480  i8042prt - ok
17:33:47.0919 5480  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:33:47.0939 5480  iaStor - ok
17:33:47.0977 5480  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:33:48.0000 5480  iaStorV - ok
17:33:48.0076 5480  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:48.0125 5480  idsvc - ok
17:33:48.0222 5480  [ 6F9B281BC4AFFF5FE784D7DA699D347F ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110221.001\IDSvia64.sys
17:33:48.0255 5480  IDSVia64 - ok
17:33:48.0387 5480  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:33:48.0582 5480  igfx - ok
17:33:48.0611 5480  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:33:48.0624 5480  iirsp - ok
17:33:48.0697 5480  [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
17:33:48.0722 5480  IJPLMSVC - ok
17:33:48.0757 5480  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
17:33:48.0854 5480  IKEEXT - ok
17:33:48.0895 5480  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:33:48.0956 5480  Impcd - ok
17:33:49.0020 5480  [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:33:49.0111 5480  IntcAzAudAddService - ok
17:33:49.0123 5480  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
17:33:49.0137 5480  intelide - ok
17:33:49.0153 5480  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:33:49.0201 5480  intelppm - ok
17:33:49.0219 5480  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:33:49.0275 5480  IPBusEnum - ok
17:33:49.0289 5480  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:49.0372 5480  IpFilterDriver - ok
17:33:49.0420 5480  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:33:49.0513 5480  iphlpsvc - ok
17:33:49.0538 5480  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:33:49.0583 5480  IPMIDRV - ok
17:33:49.0590 5480  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:33:49.0631 5480  IPNAT - ok
17:33:49.0674 5480  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:33:49.0716 5480  IRENUM - ok
17:33:49.0775 5480  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
17:33:49.0803 5480  isapnp - ok
17:33:49.0846 5480  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:33:49.0878 5480  iScsiPrt - ok
17:33:49.0934 5480  [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:33:49.0972 5480  k57nd60a - ok
17:33:50.0009 5480  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:50.0037 5480  kbdclass - ok
17:33:50.0064 5480  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:33:50.0102 5480  kbdhid - ok
17:33:50.0136 5480  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
17:33:50.0153 5480  KeyIso - ok
17:33:50.0196 5480  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:33:50.0224 5480  KSecDD - ok
17:33:50.0239 5480  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:33:50.0257 5480  KSecPkg - ok
17:33:50.0272 5480  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:33:50.0315 5480  ksthunk - ok
17:33:50.0347 5480  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:33:50.0393 5480  KtmRm - ok
17:33:50.0410 5480  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
17:33:50.0457 5480  L1E - ok
17:33:50.0501 5480  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:33:50.0556 5480  LanmanServer - ok
17:33:50.0588 5480  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:33:50.0684 5480  LanmanWorkstation - ok
17:33:50.0751 5480  [ 174803F2EEA3B22165DFE0E5A1F20685 ] LgBttPort       C:\Windows\system32\DRIVERS\lgbtpt64.sys
17:33:50.0796 5480  LgBttPort - ok
17:33:50.0862 5480  [ 565F93BB7C0361E61B3DAEA670C354D6 ] lgbusenum       C:\Windows\system32\DRIVERS\lgbtbs64.sys
17:33:50.0902 5480  lgbusenum - ok
17:33:50.0928 5480  [ ABF477857B7CED873362EC92C6CE10A7 ] LGVMODEM        C:\Windows\system32\DRIVERS\lgvmdm64.sys
17:33:50.0943 5480  LGVMODEM - ok
17:33:50.0973 5480  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:33:51.0024 5480  lltdio - ok
17:33:51.0056 5480  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:33:51.0146 5480  lltdsvc - ok
17:33:51.0173 5480  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:33:51.0239 5480  lmhosts - ok
17:33:51.0338 5480  [ 23DE5B62B0445A6F874BE633C95B483E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:33:51.0368 5480  LMS - ok
17:33:51.0405 5480  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:33:51.0426 5480  LSI_FC - ok
17:33:51.0446 5480  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:33:51.0466 5480  LSI_SAS - ok
17:33:51.0477 5480  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:33:51.0493 5480  LSI_SAS2 - ok
17:33:51.0532 5480  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:33:51.0547 5480  LSI_SCSI - ok
17:33:51.0587 5480  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:33:51.0648 5480  luafv - ok
17:33:51.0693 5480  [ 035C83CD72E06C47000793D32B1A642D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
17:33:51.0726 5480  massfilter - ok
17:33:51.0778 5480  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:33:51.0800 5480  Mcx2Svc - ok
17:33:51.0811 5480  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:33:51.0825 5480  megasas - ok
17:33:51.0841 5480  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:33:51.0862 5480  MegaSR - ok
17:33:51.0885 5480  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:33:51.0948 5480  MMCSS - ok
17:33:51.0972 5480  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:33:52.0050 5480  Modem - ok
17:33:52.0084 5480  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:33:52.0122 5480  monitor - ok
17:33:52.0152 5480  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:33:52.0169 5480  mouclass - ok
17:33:52.0199 5480  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:33:52.0230 5480  mouhid - ok
17:33:52.0255 5480  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:33:52.0273 5480  mountmgr - ok
17:33:52.0387 5480  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:33:52.0414 5480  MozillaMaintenance - ok
17:33:52.0429 5480  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
17:33:52.0446 5480  mpio - ok
17:33:52.0467 5480  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:33:52.0509 5480  mpsdrv - ok
17:33:52.0532 5480  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:33:52.0605 5480  MpsSvc - ok
17:33:52.0625 5480  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:33:52.0683 5480  MRxDAV - ok
17:33:52.0719 5480  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:52.0786 5480  mrxsmb - ok
17:33:52.0828 5480  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:52.0878 5480  mrxsmb10 - ok
17:33:52.0929 5480  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:52.0967 5480  mrxsmb20 - ok
17:33:52.0986 5480  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:33:53.0000 5480  msahci - ok
17:33:53.0034 5480  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
17:33:53.0050 5480  msdsm - ok
17:33:53.0099 5480  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:33:53.0155 5480  MSDTC - ok
17:33:53.0184 5480  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:33:53.0242 5480  Msfs - ok
17:33:53.0267 5480  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:33:53.0330 5480  mshidkmdf - ok
17:33:53.0360 5480  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
17:33:53.0374 5480  msisadrv - ok
17:33:53.0445 5480  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:33:53.0509 5480  MSiSCSI - ok
17:33:53.0513 5480  msiserver - ok
17:33:53.0563 5480  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:33:53.0634 5480  MSKSSRV - ok
17:33:53.0692 5480  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:53.0762 5480  MSPCLOCK - ok
17:33:53.0786 5480  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:33:53.0844 5480  MSPQM - ok
17:33:53.0869 5480  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:33:53.0890 5480  MsRPC - ok
17:33:53.0918 5480  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:33:53.0931 5480  mssmbios - ok
17:33:53.0949 5480  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:33:54.0027 5480  MSTEE - ok
17:33:54.0055 5480  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:33:54.0089 5480  MTConfig - ok
17:33:54.0108 5480  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:33:54.0122 5480  Mup - ok
17:33:54.0178 5480  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
17:33:54.0237 5480  napagent - ok
17:33:54.0328 5480  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:33:54.0422 5480  NativeWifiP - ok
17:33:54.0510 5480  [ 7BE93DBB02B66E72872FF76D8A92E662 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110223.002\ENG64.SYS
17:33:54.0537 5480  NAVENG - ok
17:33:54.0649 5480  [ BE99EDBBA322CA59B3F2FE17B9BF987A ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110223.002\EX64.SYS
17:33:54.0738 5480  NAVEX15 - ok
17:33:54.0774 5480  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:33:54.0811 5480  NDIS - ok
17:33:54.0895 5480  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:33:54.0948 5480  NdisCap - ok
17:33:54.0975 5480  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:55.0036 5480  NdisTapi - ok
17:33:55.0059 5480  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:55.0138 5480  Ndisuio - ok
17:33:55.0158 5480  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:55.0200 5480  NdisWan - ok
17:33:55.0209 5480  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:33:55.0270 5480  NDProxy - ok
17:33:55.0367 5480  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:33:55.0415 5480  Nero BackItUp Scheduler 4.0 - ok
17:33:55.0441 5480  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:33:55.0506 5480  NetBIOS - ok
17:33:55.0525 5480  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:33:55.0567 5480  NetBT - ok
17:33:55.0579 5480  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
17:33:55.0595 5480  Netlogon - ok
17:33:55.0618 5480  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:33:55.0662 5480  Netman - ok
17:33:55.0677 5480  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:33:55.0722 5480  netprofm - ok
17:33:55.0742 5480  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:33:55.0755 5480  NetTcpPortSharing - ok
17:33:55.0776 5480  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:33:55.0789 5480  nfrd960 - ok
17:33:55.0870 5480  [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
17:33:55.0899 5480  NIS - ok
17:33:55.0935 5480  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:33:56.0031 5480  NlaSvc - ok
17:33:56.0119 5480  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
17:33:56.0195 5480  nmwcd - ok
17:33:56.0247 5480  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
17:33:56.0307 5480  nmwcdc - ok
17:33:56.0416 5480  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:33:56.0524 5480  NOBU - ok
17:33:56.0572 5480  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:33:56.0645 5480  Npfs - ok
17:33:56.0670 5480  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:33:56.0733 5480  nsi - ok
17:33:56.0752 5480  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:33:56.0795 5480  nsiproxy - ok
17:33:56.0847 5480  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:33:56.0917 5480  Ntfs - ok
17:33:56.0977 5480  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:33:57.0011 5480  NTI IScheduleSvc - ok
17:33:57.0040 5480  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
17:33:57.0060 5480  NTIDrvr - ok
17:33:57.0077 5480  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:33:57.0142 5480  Null - ok
17:33:57.0189 5480  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:33:57.0217 5480  nvraid - ok
17:33:57.0249 5480  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:33:57.0269 5480  nvstor - ok
17:33:57.0281 5480  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
17:33:57.0297 5480  nv_agp - ok
17:33:57.0313 5480  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:33:57.0345 5480  ohci1394 - ok
17:33:57.0434 5480  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:33:57.0460 5480  ose - ok
17:33:57.0619 5480  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:33:57.0783 5480  osppsvc - ok
17:33:57.0818 5480  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:33:57.0842 5480  p2pimsvc - ok
17:33:57.0865 5480  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:33:57.0907 5480  p2psvc - ok
17:33:57.0912 5480  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:33:57.0941 5480  Parport - ok
17:33:57.0985 5480  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:33:58.0001 5480  partmgr - ok
17:33:58.0017 5480  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:33:58.0060 5480  PcaSvc - ok
17:33:58.0115 5480  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:33:58.0163 5480  pccsmcfd - ok
17:33:58.0181 5480  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
17:33:58.0207 5480  pci - ok
17:33:58.0224 5480  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:33:58.0240 5480  pciide - ok
17:33:58.0255 5480  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:33:58.0278 5480  pcmcia - ok
17:33:58.0292 5480  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:33:58.0310 5480  pcw - ok
17:33:58.0330 5480  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:33:58.0397 5480  PEAUTH - ok
17:33:58.0490 5480  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:33:58.0542 5480  PerfHost - ok
17:33:58.0596 5480  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
17:33:58.0702 5480  pla - ok
17:33:58.0782 5480  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:33:58.0825 5480  PlugPlay - ok
17:33:58.0899 5480  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
17:33:58.0934 5480  PMBDeviceInfoProvider - ok
17:33:58.0951 5480  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:33:58.0986 5480  PNRPAutoReg - ok
17:33:59.0007 5480  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:33:59.0033 5480  PNRPsvc - ok
17:33:59.0068 5480  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:33:59.0134 5480  PolicyAgent - ok
17:33:59.0169 5480  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:33:59.0209 5480  Power - ok
17:33:59.0255 5480  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:33:59.0322 5480  PptpMiniport - ok
17:33:59.0340 5480  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:33:59.0375 5480  Processor - ok
17:33:59.0408 5480  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
17:33:59.0483 5480  ProfSvc - ok
17:33:59.0512 5480  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:33:59.0533 5480  ProtectedStorage - ok
17:33:59.0585 5480  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:33:59.0656 5480  Psched - ok
17:33:59.0733 5480  [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:33:59.0757 5480  PxHlpa64 - ok
17:33:59.0802 5480  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:33:59.0863 5480  ql2300 - ok
17:33:59.0875 5480  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:33:59.0891 5480  ql40xx - ok
17:33:59.0928 5480  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:33:59.0952 5480  QWAVE - ok
17:33:59.0969 5480  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:34:00.0003 5480  QWAVEdrv - ok
17:34:00.0157 5480  [ 12D0FCE2D0243CB3CED9090F4B6E86D0 ] Radio.fx        C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
17:34:00.0270 5480  Radio.fx - ok
17:34:00.0287 5480  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:34:00.0341 5480  RasAcd - ok
17:34:00.0363 5480  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:00.0428 5480  RasAgileVpn - ok
17:34:00.0450 5480  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:34:00.0506 5480  RasAuto - ok
17:34:00.0528 5480  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:00.0570 5480  Rasl2tp - ok
17:34:00.0607 5480  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
17:34:00.0667 5480  RasMan - ok
17:34:00.0677 5480  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:00.0736 5480  RasPppoe - ok
17:34:00.0754 5480  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:34:00.0793 5480  RasSstp - ok
17:34:00.0813 5480  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:34:00.0876 5480  rdbss - ok
17:34:00.0897 5480  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:00.0939 5480  rdpbus - ok
17:34:00.0969 5480  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:01.0013 5480  RDPCDD - ok
17:34:01.0030 5480  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:34:01.0089 5480  RDPENCDD - ok
17:34:01.0126 5480  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:34:01.0165 5480  RDPREFMP - ok
17:34:01.0209 5480  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:34:01.0273 5480  RDPWD - ok
17:34:01.0298 5480  [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:34:01.0317 5480  rdyboost - ok
17:34:01.0345 5480  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:34:01.0413 5480  RemoteAccess - ok
17:34:01.0440 5480  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:34:01.0490 5480  RemoteRegistry - ok
17:34:01.0528 5480  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:34:01.0548 5480  RFCOMM - ok
17:34:01.0563 5480  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:34:01.0616 5480  RpcEptMapper - ok
17:34:01.0646 5480  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:34:01.0676 5480  RpcLocator - ok
17:34:01.0694 5480  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
17:34:01.0738 5480  RpcSs - ok
17:34:01.0746 5480  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:34:01.0811 5480  rspndr - ok
17:34:01.0834 5480  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
17:34:01.0848 5480  SamSs - ok
17:34:01.0968 5480  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
17:34:02.0103 5480  SBAMSvc - ok
17:34:02.0120 5480  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
17:34:02.0135 5480  sbp2port - ok
17:34:02.0152 5480  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:34:02.0194 5480  SCardSvr - ok
17:34:02.0208 5480  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:34:02.0266 5480  scfilter - ok
17:34:02.0295 5480  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
17:34:02.0362 5480  Schedule - ok
17:34:02.0394 5480  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:34:02.0457 5480  SCPolicySvc - ok
17:34:02.0476 5480  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:34:02.0502 5480  SDRSVC - ok
17:34:02.0528 5480  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:34:02.0601 5480  secdrv - ok
17:34:02.0624 5480  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
17:34:02.0712 5480  seclogon - ok
17:34:02.0737 5480  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:34:02.0810 5480  SENS - ok
17:34:02.0829 5480  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:34:02.0869 5480  SensrSvc - ok
17:34:02.0892 5480  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:34:02.0935 5480  Serenum - ok
17:34:02.0962 5480  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:34:02.0983 5480  Serial - ok
17:34:03.0010 5480  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:34:03.0027 5480  sermouse - ok
17:34:03.0160 5480  [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:34:03.0199 5480  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:34:03.0199 5480  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:34:03.0227 5480  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
17:34:03.0276 5480  SessionEnv - ok
17:34:03.0285 5480  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:34:03.0336 5480  sffdisk - ok
17:34:03.0354 5480  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:34:03.0371 5480  sffp_mmc - ok
17:34:03.0387 5480  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:34:03.0416 5480  sffp_sd - ok
17:34:03.0438 5480  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:03.0456 5480  sfloppy - ok
17:34:03.0546 5480  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:34:03.0590 5480  Sftfs - ok
17:34:03.0720 5480  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:34:03.0755 5480  sftlist - ok
17:34:03.0808 5480  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:34:03.0840 5480  Sftplay - ok
17:34:03.0868 5480  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:34:03.0883 5480  Sftredir - ok
17:34:03.0946 5480  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:34:03.0969 5480  Sftvol - ok
17:34:04.0017 5480  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:34:04.0047 5480  sftvsa - ok
17:34:04.0113 5480  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:34:04.0195 5480  SharedAccess - ok
17:34:04.0217 5480  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:04.0244 5480  ShellHWDetection - ok
17:34:04.0274 5480  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:34:04.0291 5480  SiSRaid2 - ok
17:34:04.0302 5480  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:34:04.0317 5480  SiSRaid4 - ok
17:34:04.0366 5480  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:34:04.0380 5480  SkypeUpdate - ok
17:34:04.0417 5480  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:34:04.0476 5480  Smb - ok
17:34:04.0513 5480  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:34:04.0554 5480  SNMPTRAP - ok
17:34:04.0571 5480  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:34:04.0587 5480  spldr - ok
17:34:04.0640 5480  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
17:34:04.0722 5480  Spooler - ok
17:34:04.0797 5480  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:34:04.0916 5480  sppsvc - ok
17:34:04.0927 5480  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:34:04.0989 5480  sppuinotify - ok
17:34:05.0078 5480  [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP           C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
17:34:05.0128 5480  SRTSP - ok
17:34:05.0146 5480  [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX          C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
17:34:05.0160 5480  SRTSPX - ok
17:34:05.0217 5480  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:34:05.0279 5480  srv - ok
17:34:05.0314 5480  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:34:05.0347 5480  srv2 - ok
17:34:05.0393 5480  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:34:05.0443 5480  srvnet - ok
17:34:05.0465 5480  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:34:05.0511 5480  SSDPSRV - ok
17:34:05.0519 5480  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:34:05.0578 5480  SstpSvc - ok
17:34:05.0619 5480  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:34:05.0644 5480  stexstor - ok
17:34:05.0686 5480  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
17:34:05.0739 5480  stisvc - ok
17:34:05.0863 5480  [ 3FB1D84D673B4A9AF3856C8843C7A464 ] StumbleUponUpdater C:\Users\Diana\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
17:34:05.0886 5480  StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - warning
17:34:05.0886 5480  StumbleUponUpdater - detected UnsignedFile.Multi.Generic (1)
17:34:05.0910 5480  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:34:05.0936 5480  swenum - ok
17:34:05.0954 5480  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:34:06.0013 5480  swprv - ok
17:34:06.0054 5480  [ 6160145C7A87FC7672E8E3B886888176 ] SymDS           C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
17:34:06.0075 5480  SymDS - ok
17:34:06.0103 5480  [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA          C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
17:34:06.0132 5480  SymEFA - ok
17:34:06.0167 5480  [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:34:06.0182 5480  SymEvent - ok
17:34:06.0231 5480  [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON         C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
17:34:06.0248 5480  SymIRON - ok
17:34:06.0268 5480  [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS         C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
17:34:06.0291 5480  SymNetS - ok
17:34:06.0327 5480  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:34:06.0346 5480  SynTP - ok
17:34:06.0385 5480  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
17:34:06.0465 5480  SysMain - ok
17:34:06.0490 5480  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:06.0531 5480  TabletInputService - ok
17:34:06.0552 5480  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:34:06.0624 5480  TapiSrv - ok
17:34:06.0650 5480  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:34:06.0705 5480  TBS - ok
17:34:06.0779 5480  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:34:06.0866 5480  Tcpip - ok
17:34:06.0918 5480  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:34:06.0971 5480  TCPIP6 - ok
17:34:06.0989 5480  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:34:07.0028 5480  tcpipreg - ok
17:34:07.0047 5480  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:34:07.0107 5480  TDPIPE - ok
17:34:07.0152 5480  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:34:07.0207 5480  TDTCP - ok
17:34:07.0223 5480  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:34:07.0279 5480  tdx - ok
17:34:07.0300 5480  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:34:07.0315 5480  TermDD - ok
17:34:07.0339 5480  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
17:34:07.0390 5480  TermService - ok
17:34:07.0403 5480  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:34:07.0422 5480  Themes - ok
17:34:07.0451 5480  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:34:07.0489 5480  THREADORDER - ok
17:34:07.0506 5480  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:34:07.0558 5480  TrkWks - ok
17:34:07.0617 5480  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:07.0665 5480  TrustedInstaller - ok
17:34:07.0687 5480  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:07.0771 5480  tssecsrv - ok
17:34:07.0817 5480  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:34:07.0899 5480  tunnel - ok
17:34:07.0923 5480  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
17:34:07.0936 5480  TurboB - ok
17:34:07.0968 5480  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:34:07.0982 5480  TurboBoost - ok
17:34:07.0999 5480  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:34:08.0014 5480  uagp35 - ok
17:34:08.0039 5480  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:34:08.0052 5480  UBHelper - ok
17:34:08.0075 5480  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:34:08.0120 5480  udfs - ok
17:34:08.0204 5480  [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
17:34:08.0234 5480  UI Assistant Service - ok
17:34:08.0255 5480  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:34:08.0276 5480  UI0Detect - ok
17:34:08.0289 5480  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
17:34:08.0305 5480  uliagpkx - ok
17:34:08.0337 5480  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:34:08.0367 5480  umbus - ok
17:34:08.0382 5480  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:34:08.0431 5480  UmPass - ok
17:34:08.0566 5480  [ CC3775100ABA633984F73DFAE1F55CAE ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:34:08.0667 5480  UNS - ok
17:34:08.0750 5480  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
17:34:08.0779 5480  Updater Service - ok
17:34:08.0807 5480  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:34:08.0873 5480  upnphost - ok
17:34:08.0938 5480  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:34:08.0985 5480  upperdev - ok
17:34:09.0045 5480  [ C85B8247FADD432FA54FE11667C8D97D ] usbbus          C:\Windows\system32\DRIVERS\lgx64bus.sys
17:34:09.0098 5480  usbbus - ok
17:34:09.0139 5480  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:09.0175 5480  usbccgp - ok
17:34:09.0227 5480  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:34:09.0285 5480  usbcir - ok
17:34:09.0321 5480  [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
17:34:09.0343 5480  UsbDiag - ok
17:34:09.0388 5480  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:34:09.0433 5480  usbehci - ok
17:34:09.0476 5480  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:34:09.0530 5480  usbhub - ok
17:34:09.0559 5480  [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
17:34:09.0595 5480  USBModem - ok
17:34:09.0629 5480  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:34:09.0676 5480  usbohci - ok
17:34:09.0702 5480  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:34:09.0739 5480  usbprint - ok
17:34:09.0776 5480  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:34:09.0798 5480  usbscan - ok
17:34:09.0860 5480  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
17:34:09.0877 5480  usbser - ok
17:34:09.0939 5480  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:34:09.0985 5480  UsbserFilt - ok
17:34:10.0017 5480  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:10.0081 5480  USBSTOR - ok
17:34:10.0124 5480  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:34:10.0165 5480  usbuhci - ok
17:34:10.0212 5480  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:34:10.0277 5480  usbvideo - ok
17:34:10.0305 5480  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:34:10.0370 5480  UxSms - ok
17:34:10.0390 5480  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
17:34:10.0406 5480  VaultSvc - ok
17:34:10.0438 5480  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
17:34:10.0466 5480  vdrvroot - ok
17:34:10.0484 5480  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
17:34:10.0522 5480  vds - ok
17:34:10.0545 5480  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:10.0598 5480  vga - ok
17:34:10.0625 5480  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:34:10.0698 5480  VgaSave - ok
17:34:10.0717 5480  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
17:34:10.0735 5480  vhdmp - ok
17:34:10.0754 5480  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
17:34:10.0767 5480  viaide - ok
17:34:10.0779 5480  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
17:34:10.0794 5480  volmgr - ok
17:34:10.0811 5480  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:34:10.0831 5480  volmgrx - ok
17:34:10.0867 5480  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:34:10.0886 5480  volsnap - ok
17:34:10.0936 5480  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:34:10.0968 5480  vsmraid - ok
17:34:11.0008 5480  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
17:34:11.0083 5480  VSS - ok
17:34:11.0106 5480  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:34:11.0147 5480  vwifibus - ok
17:34:11.0168 5480  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:34:11.0223 5480  vwififlt - ok
17:34:11.0254 5480  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:34:11.0301 5480  W32Time - ok
17:34:11.0322 5480  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:34:11.0337 5480  WacomPen - ok
17:34:11.0357 5480  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:34:11.0398 5480  WANARP - ok
17:34:11.0401 5480  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:34:11.0441 5480  Wanarpv6 - ok
17:34:11.0479 5480  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
17:34:11.0573 5480  wbengine - ok
17:34:11.0591 5480  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:34:11.0639 5480  WbioSrvc - ok
17:34:11.0681 5480  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:34:11.0751 5480  wcncsvc - ok
17:34:11.0768 5480  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:11.0818 5480  WcsPlugInService - ok
17:34:11.0841 5480  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:34:11.0859 5480  Wd - ok
17:34:11.0919 5480  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:34:11.0974 5480  Wdf01000 - ok
17:34:11.0984 5480  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:34:12.0007 5480  WdiServiceHost - ok
17:34:12.0011 5480  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:34:12.0032 5480  WdiSystemHost - ok
17:34:12.0050 5480  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
17:34:12.0078 5480  WebClient - ok
17:34:12.0095 5480  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:34:12.0140 5480  Wecsvc - ok
17:34:12.0152 5480  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:34:12.0194 5480  wercplsupport - ok
17:34:12.0226 5480  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:34:12.0285 5480  WerSvc - ok
17:34:12.0307 5480  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:12.0345 5480  WfpLwf - ok
17:34:12.0364 5480  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:34:12.0378 5480  WIMMount - ok
17:34:12.0409 5480  WinDefend - ok
17:34:12.0413 5480  WinHttpAutoProxySvc - ok
17:34:12.0486 5480  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:34:12.0565 5480  Winmgmt - ok
17:34:12.0631 5480  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:34:12.0753 5480  WinRM - ok
17:34:12.0824 5480  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:12.0859 5480  WinUsb - ok
17:34:12.0911 5480  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:34:12.0967 5480  Wlansvc - ok
17:34:13.0068 5480  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:34:13.0089 5480  wlcrasvc - ok
17:34:13.0201 5480  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:13.0298 5480  wlidsvc - ok
17:34:13.0322 5480  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:34:13.0338 5480  WmiAcpi - ok
17:34:13.0366 5480  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:34:13.0405 5480  wmiApSrv - ok
17:34:13.0440 5480  WMPNetworkSvc - ok
17:34:13.0457 5480  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:34:13.0500 5480  WPCSvc - ok
17:34:13.0522 5480  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:34:13.0559 5480  WPDBusEnum - ok
17:34:13.0563 5480  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:34:13.0608 5480  ws2ifsl - ok
17:34:13.0653 5480  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:34:13.0701 5480  wscsvc - ok
17:34:13.0706 5480  WSearch - ok
17:34:13.0784 5480  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:34:13.0879 5480  wuauserv - ok
17:34:13.0928 5480  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:34:13.0963 5480  WudfPf - ok
17:34:13.0984 5480  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:14.0013 5480  WUDFRd - ok
17:34:14.0053 5480  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:34:14.0072 5480  wudfsvc - ok
17:34:14.0099 5480  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:34:14.0147 5480  WwanSvc - ok
17:34:14.0194 5480  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:34:14.0240 5480  ZTEusbmdm6k - ok
17:34:14.0300 5480  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:34:14.0325 5480  ZTEusbnmea - ok
17:34:14.0377 5480  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:34:14.0401 5480  ZTEusbser6k - ok
17:34:14.0430 5480  ================ Scan global ===============================
17:34:14.0460 5480  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:34:14.0508 5480  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:34:14.0520 5480  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:34:14.0550 5480  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:34:14.0582 5480  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:34:14.0589 5480  [Global] - ok
17:34:14.0590 5480  ================ Scan MBR ==================================
17:34:14.0611 5480  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:34:15.0081 5480  \Device\Harddisk0\DR0 - ok
17:34:15.0081 5480  ================ Scan VBR ==================================
17:34:15.0086 5480  [ 87E4020CA2437088AE83CD8A55B8895B ] \Device\Harddisk0\DR0\Partition1
17:34:15.0088 5480  \Device\Harddisk0\DR0\Partition1 - ok
17:34:15.0119 5480  [ D5805BEB16C169F1ADE3EAC0BDAAA038 ] \Device\Harddisk0\DR0\Partition2
17:34:15.0122 5480  \Device\Harddisk0\DR0\Partition2 - ok
17:34:15.0122 5480  ============================================================
17:34:15.0122 5480  Scan finished
17:34:15.0122 5480  ============================================================
17:34:15.0138 3520  Detected object count: 2
17:34:15.0138 3520  Actual detected object count: 2
17:34:59.0143 3520  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:59.0143 3520  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:34:59.0145 3520  StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:59.0145 3520  StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:35:12.0960 3132  Deinitialize success
         
Danke.

Alt 23.03.2013, 19:11   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2013, 00:08   #13
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Hallo...
habe jetzt Combofix laufen lassen:

Code:
ATTFilter
ComboFix 13-03-23.01 - Diana 23.03.2013  22:13:14.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3956.2284 [GMT 1:00]
ausgeführt von:: c:\users\Diana\Downloads\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
c:\users\Diana\03.06.2011
c:\users\Diana\03.06.2011\DSC01795.JPG
c:\users\Diana\03.06.2011\DSC01796.JPG
c:\users\Diana\03.06.2011\DSC01799.JPG
c:\users\Diana\03.06.2011\DSC01800.JPG
c:\users\Diana\03.06.2011\DSC01802.JPG
c:\users\Diana\03.06.2011\DSC01803.JPG
c:\users\Diana\03.06.2011\DSC01804.JPG
c:\users\Diana\03.06.2011\DSC01806.JPG
c:\users\Diana\03.06.2011\DSC01807.JPG
c:\users\Diana\03.06.2011\DSC01808.JPG
c:\users\Diana\03.06.2011\DSC01809.JPG
c:\users\Diana\03.06.2011\DSC01810.JPG
c:\users\Diana\03.06.2011\DSC01811.JPG
c:\users\Diana\03.06.2011\M4H01812.MP4
c:\users\Diana\03.06.2011\M4H01812.MP4.modd
c:\users\Diana\03.06.2011\M4H01812.MP4.moff
c:\users\Diana\03.06.2011\M4H01812.THM
c:\users\Diana\AppData\Roaming\Microsoft\Windows\Templates\vizadoocad_2.3_start_ger_setup.exe
c:\users\Diana\AppData\Roaming\xplugin\toOLbar.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-23 bis 2013-03-23  ))))))))))))))))))))))))))))))
.
.
2013-03-23 21:30 . 2013-03-23 21:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-21 19:48 . 2013-03-21 19:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-20 13:22 . 2013-03-20 13:22	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-20 13:22 . 2013-03-20 13:22	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-20 13:22 . 2013-03-20 13:22	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-20 13:22 . 2013-03-20 13:22	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-20 13:22 . 2013-03-20 13:22	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-20 13:22 . 2013-03-20 13:22	188320	----a-w-	c:\windows\system32\java.exe
2013-03-20 13:22 . 2013-03-20 13:22	--------	d-----w-	c:\program files\Java
2013-03-20 12:07 . 2013-03-20 12:07	--------	d-----w-	c:\users\Diana\AppData\Roaming\LavasoftStatistics
2013-03-20 12:07 . 2013-03-20 12:07	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-03-20 12:04 . 2013-03-20 14:27	--------	d-----w-	c:\program files (x86)\Ad-Aware Antivirus
2013-03-20 12:04 . 2013-03-20 12:04	--------	d-----w-	c:\programdata\Lavasoft
2013-03-20 12:03 . 2013-03-20 12:03	--------	d-----w-	c:\programdata\Downloaded Installations
2013-03-20 12:03 . 2013-03-20 14:27	--------	d-----w-	c:\programdata\Search Protection
2013-03-20 12:03 . 2013-03-20 12:03	--------	d-----w-	c:\users\Diana\AppData\Local\adawarebp
2013-03-20 12:03 . 2013-03-20 12:03	--------	d-----w-	c:\programdata\blekko toolbars
2013-03-20 12:03 . 2013-03-20 12:03	--------	d-----w-	c:\programdata\adawaretb
2013-03-20 12:03 . 2013-03-20 14:27	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2013-03-20 12:03 . 2013-03-20 14:27	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2013-03-20 12:02 . 2013-03-20 14:27	--------	d-----w-	c:\program files (x86)\adawaretb
2013-03-20 12:01 . 2013-03-20 12:01	47496	----a-w-	c:\windows\system32\sbbd.exe
2013-03-20 12:01 . 2013-03-20 12:01	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-03-20 12:01 . 2013-03-20 13:37	--------	d-----w-	c:\users\Diana\AppData\Roaming\Ad-Aware Antivirus
2013-03-20 09:46 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4E72AC5-D011-48C2-AEB0-5FEA58DAC0BA}\mpengine.dll
2013-03-18 23:34 . 2013-03-20 14:27	--------	d-----w-	c:\program files (x86)\NCH Software
2013-03-18 23:34 . 2013-03-18 23:34	--------	d-----w-	c:\programdata\NCH Software
2013-03-18 23:34 . 2013-03-20 13:47	--------	d-----w-	c:\users\Diana\AppData\Roaming\NCH Software
2013-03-18 21:10 . 2013-03-18 21:10	--------	d-----w-	c:\users\Diana\AppData\Roaming\Avira
2013-03-18 21:02 . 2013-03-18 20:48	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-18 21:02 . 2013-03-18 20:48	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-18 21:02 . 2013-03-18 20:48	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-18 21:01 . 2013-03-18 21:01	--------	d-----w-	c:\program files (x86)\Avira
2013-03-18 20:52 . 2013-03-20 14:27	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-03-18 20:52 . 2013-03-20 14:27	--------	d-----w-	c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 23:15 . 2010-12-25 20:24	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-18 23:14 . 2010-12-25 20:24	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-18 23:14 . 2010-12-25 20:23	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-18 21:25 . 2012-04-08 15:03	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-18 21:25 . 2011-10-04 20:18	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-18 20:54 . 2012-10-16 20:21	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-02-19 16:45 . 2010-12-26 10:13	3325720	----a-w-	c:\windows\RXSUnins.exe
2013-02-19 16:45 . 2010-12-26 10:13	3325720	----a-w-	c:\windows\RXCUnins.exe
2013-01-17 00:28 . 2011-02-24 17:08	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:57 . 2013-02-15 14:16	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:02 . 2013-02-15 14:16	3957608	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-15 14:16	3902312	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41 . 2013-02-15 14:15	1893224	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 05:40 . 2013-02-15 14:15	287576	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 05:37 . 2013-02-15 14:16	362496	----a-w-	c:\windows\system32\wow64win.dll
2013-01-04 05:37 . 2013-02-15 14:16	243200	----a-w-	c:\windows\system32\wow64.dll
2013-01-04 05:37 . 2013-02-15 14:16	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2013-01-04 05:36 . 2013-02-15 14:16	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 05:33 . 2013-02-15 14:16	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2013-01-04 05:30 . 2013-02-15 14:16	424960	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-04 05:30 . 2013-02-15 14:16	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-01-04 05:27 . 2013-02-15 14:16	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 05:26 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:51 . 2013-02-15 14:16	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:51 . 2013-02-15 14:16	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2013-01-04 04:43 . 2013-02-15 14:16	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:43 . 2013-02-15 14:16	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:22 . 2013-02-15 14:16	3150848	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 03:19 . 2013-02-15 14:16	338432	----a-w-	c:\windows\system32\conhost.exe
2013-01-04 02:48 . 2013-02-15 14:16	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:48 . 2013-02-15 14:16	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:48 . 2013-02-15 14:16	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-04 02:48 . 2013-02-15 14:15	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:43 . 2013-02-15 14:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-15 14:15	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-15 14:15	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-15 14:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\Winload\prxtbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47	87464	----a-w-	c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59	269824	----a-w-	c:\users\Diana\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-05-09 176936]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfxsrvtray"="c:\program files (x86)\Tobit Radio.fx\Client\rfx-tray.exe" [2013-02-07 1838872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2011-08-25 153424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-18 385248]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2013-03-20 168]
.
c:\users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-31 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\Diana\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [2011-11-22 18432]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-23 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-23 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-23 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-23 34304]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-05-20 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-05-20 55336]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-05-20 294760]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-05-20 202792]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-05-20 52584]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-05-20 156392]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-05-25 264040]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-20 14456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-18 27800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110221.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 1236336]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-18 86752]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-25 47776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [2013-02-22 3818776]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2011-08-25 270672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-05-20 32296]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-25 132656]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:25]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 22:23]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 22:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Diana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\8ooej6fr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=62FF6E42133C7A21946BB75149A56760
FF - prefs.js: browser.search.selectedEngine - Suche
FF - prefs.js: browser.startup.homepage - ?fr=fp-sunm
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&CUI=UN97710000120014988&UM=UM_ID&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-20 13:02; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\8ooej6fr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2013-03-20 13:03; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\8ooej6fr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: browser.search.selectedEngine - Suche
FF - user.js: browser.search.order.1 - Suche
FF - user.js: browser.search.defaultenginename - Suche
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
Toolbar-Locked - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - c:\users\Diana\AppData\Roaming\xplugin\toolbar.dll
Wow6432Node-HKCU-Run-LG LinkAir - (no file)
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2044949454-3658418661-3396443947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2044949454-3658418661-3396443947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-23  23:54:35
ComboFix-quarantined-files.txt  2013-03-23 22:54
.
Vor Suchlauf: 34 Verzeichnis(se), 447.881.842.688 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 449.047.408.640 Bytes frei
.
- - End Of File - - 9DFACF7D440AE27A8BD65925AC22A7F9
         

LG

Alt 24.03.2013, 13:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
Warum übertreibst du es so mit dieser Software?
Ehrlich gesagt, ich würde min. zwei davon deinstallieren. Also Ad-Aware und Norton, Avira hätte ich gegen Avast Free getauscht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2013, 13:55   #15
diana79
 
Infektion? Was tun? - Standard

Infektion? Was tun?



Norton ist ja garnicht aktiv. ich hatte eigentlich nur avira. habe ich aber seit dem fund nicht mehr vertraut. ich wollte sowieso fragen, welche antiviren software zu empfehlen ist. die auswahl ist ja enorm. Ist der pc denn nun wieder ok? habe ihn nach dem durchlaufen nur ausgemacht und noch nicht wieder angemacht.

Antwort

Themen zu Infektion? Was tun?
anzahl, automatisch, avira, aware, dateien, einfach, firefox, folge, gefahr, google, infektion, infizierte, internet, klick, lag, löschen, neu, nichts, problem, quarantäne, rechner, scan, seite, startseite, was tun?



Ähnliche Themen: Infektion? Was tun?


  1. Avast: Infektion: URL:Mal
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (15)
  2. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  3. Trojaner Infektion?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (15)
  4. Verdacht auf Infektion
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (14)
  5. Infektion mit SafeSaver
    Log-Analyse und Auswertung - 04.01.2014 (7)
  6. mögliche Infektion
    Netzwerk und Hardware - 18.08.2013 (1)
  7. Seiten Infektion
    Diskussionsforum - 07.04.2013 (3)
  8. 2x | Infektion? Was tun?
    Mülltonne - 21.03.2013 (1)
  9. Snap.do-Infektion
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (7)
  10. W32/Ramnit.A Infektion
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (1)
  11. Rootkit-Infektion
    Log-Analyse und Auswertung - 03.02.2013 (1)
  12. Goingonearth-Infektion
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (39)
  13. Vermute Infektion
    Log-Analyse und Auswertung - 11.03.2009 (3)
  14. Hartnäckige Infektion (?)
    Log-Analyse und Auswertung - 02.03.2009 (4)
  15. Spyware infektion
    Log-Analyse und Auswertung - 01.02.2009 (5)
  16. Infektion mit Virtualmonde,
    Mülltonne - 13.12.2008 (2)
  17. Seltsame Infektion...
    Log-Analyse und Auswertung - 18.11.2008 (0)

Zum Thema Infektion? Was tun? - Hallo Ihr Lieben, ich bin neu hier. Bei mir lag folgendes Problem vor: immer, wenn ich mit firefox ins Internet gegangen bin, hat sich meine Startseite automatisch geändert. Da stand - Infektion? Was tun?...
Archiv
Du betrachtest: Infektion? Was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.