| |  Im Firefox werden einige Seiten umgeleitet auf adf.ly
 Hallo Tojanerboard
Wie oben erwähnt wird bei dem PC meiner Freundin in Firefox ab und zu die Seiten zu der Seite adf.ly umgeleitet. das kommt sporadisch vor.
Ich habe einen Scann mit der "desinfect 2012 CD" von ct (Antivir + Kaspersky) gemacht, die Viren die ich gefunden habe umbenannt mit der endung *.VIRUS und den PC neu gestartet.
Zuerst ging alles gut, doch nach öffnen von vielleicht 10 Seiten, das selbe Problem.
Ich habe dann wie in Ihrem Forum empfohlen einen Scann mit "Malwarebyte Anti-Malware" gemacht. 2 Dateien gefunden und gelöscht.
Hier der Post der Log-Datei von Malware: Zitat: Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.24.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Ellen :: ELLEN-AMD [limited]
Protection: Enabled
24.03.2013 13:58:05
mbam-log-2013-03-24 (13-58-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193097
Time elapsed: 6 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Ellen\AppData\Local\Temp\79321C4.tmp (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Users\Ellen\AppData\Local\Temp\793E7A2.tmp (Adware.Shopper) -> Quarantined and deleted successfully.
(end)
| Danach Defogger gestartet. Hier der Post der Datei von Defogger: Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:19 on 24/03/2013 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
| Danach OTL gestartet. hier der Post der beiden Dateien: Zitat:
OTL logfile created on: 24.03.2013 14:10:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,19 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 61,96% Memory free
6,37 Gb Paging File | 4,97 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 335,78 Gb Free Space | 72,11% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 19,22 Gb Free Space | 8,25% Space Free | Partition Type: NTFS
Computer Name: ELLEN-AMD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.24 14:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen\Desktop\OTL.exe
PRC - [2013.02.26 15:49:42 | 000,102,968 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2013.02.12 18:05:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 18:04:35 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.12 18:04:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 18:04:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.31 10:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.31 10:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.21 14:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.03 15:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.08.01 15:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.08.01 15:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.06.30 14:53:24 | 000,395,624 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2011.06.30 14:53:20 | 000,846,296 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2011.06.30 14:52:16 | 002,674,104 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe
PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.02.28 11:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008.02.28 11:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.03.16 10:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.08 17:31:35 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\0bbd213c31831ecd29d5de742778716e\DeskUpdateNotifier.ni.exe
MOD - [2013.02.14 22:27:44 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.10 14:28:33 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll
MOD - [2013.01.09 20:37:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 20:37:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.09 20:36:51 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 20:36:41 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 20:36:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.03 15:07:06 | 000,276,392 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.08.03 15:06:50 | 002,652,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.08.03 15:06:50 | 000,363,944 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.08.03 15:06:48 | 011,166,120 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.08.03 15:06:46 | 000,205,736 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.08.03 15:06:44 | 001,346,472 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.08.03 15:06:44 | 000,720,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.08.03 15:06:42 | 008,506,792 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.08.03 15:06:42 | 001,013,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.08.03 15:06:42 | 000,520,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.08.03 15:06:40 | 002,480,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.08.03 15:06:40 | 002,353,576 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.08.03 15:06:36 | 000,445,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.08.03 15:06:32 | 000,206,760 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.08.03 15:06:32 | 000,035,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.08.03 15:06:30 | 000,032,680 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.08.03 15:06:02 | 000,437,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll
MOD - [2012.08.03 15:05:24 | 000,604,072 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.07.02 10:29:08 | 000,391,600 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.07.02 10:29:08 | 000,059,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.07.02 10:28:20 | 000,110,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011.06.30 14:53:48 | 001,027,384 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\tishell.dll
MOD - [2011.06.30 14:52:16 | 002,674,104 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe
MOD - [2011.06.30 14:52:06 | 000,071,008 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\Common\rpc_client.dll
MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
========== Services (SafeList) ==========
SRV - [2013.03.13 16:38:38 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 18:05:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 18:04:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.21 14:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.15 11:17:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.30 14:53:20 | 000,846,296 | ---- | M] (Seagate) [Auto | Running] -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013.02.19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.13 11:48:14 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.13 11:48:14 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 16:26:47 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.10.02 13:13:48 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2012.10.01 15:56:38 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.10.01 15:56:29 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012.10.01 15:56:24 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2012.10.01 15:56:22 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.10.01 15:30:32 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.06.27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.17 14:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.11.17 14:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.11.17 14:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.09.06 10:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2010.11.20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 23:09:18 | 000,031,232 | ---- | M] (Gemplus) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\grserial.sys -- (GCR410P)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 E8 72 B3 31 BC CD 01 [binary data]
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\SearchScopes\{79EC3D8C-3760-418A-9355-DBA0A52089B6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3BEE2D3F-D456-4C40-915F-8B89AEEF8091&apn_sauid=24D00DB1-44DC-4B72-B932-9F16A3ED81BB
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 2F F3 BE 7C BA CD 01 [binary data]
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\SearchScopes\{919658DC-1CE5-4880-84D4-B47C018185F5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3BEE2D3F-D456-4C40-915F-8B89AEEF8091&apn_sauid=24D00DB1-44DC-4B72-B932-9F16A3ED81BB
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3564537915-448565646-2147619559-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.15 11:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 17:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012.10.31 13:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.15 11:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y5akqolk.default\extensions
[2012.12.15 11:17:36 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\y5akqolk.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2012.12.15 11:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.15 11:17:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.31 13:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.31 13:34:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.31 13:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 13:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 13:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 13:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3564537915-448565646-2147619559-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herrnhuter Losungen.LNK = C:\Programme\ComBib\Herrnhuter Losungen\Herrnhuter Losungen.exe (combib)
O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hoffnung fuer heute.LNK = C:\Programme\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe (combib)
O4 - Startup: C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2436065-4688-4558-ABB2-A31DF36B6EC5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.24 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.03.24 13:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.24 13:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.24 13:25:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.24 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.24 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2013.03.24 10:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.15 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.24 14:14:25 | 000,020,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:14:25 | 000,020,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:14:19 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.24 14:14:19 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.24 14:14:18 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.24 14:14:18 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.24 14:08:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.03.24 14:08:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.24 14:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 14:06:34 | 2566,115,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 13:50:49 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.03.24 13:38:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.24 13:28:21 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.24 13:25:08 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.24 13:18:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000UA.job
[2013.03.24 12:39:37 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.24 10:45:25 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.16 22:18:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3564537915-448565646-2147619559-1000Core.job
[2013.03.15 23:23:35 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.12 20:45:02 | 286,052,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.08 17:31:28 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2013.03.02 13:29:56 | 000,000,481 | ---- | M] () -- C:\Windows\hbcikrnl.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.24 13:50:24 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.03.24 13:25:08 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.24 12:39:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.24 12:39:37 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.15 23:23:35 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.12.21 19:05:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2012.12.02 15:13:31 | 000,000,230 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.12.02 15:10:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2012.12.02 15:10:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2012.12.02 15:10:34 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2012.12.02 15:10:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2012.12.02 15:10:34 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2012.12.02 15:10:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2012.12.02 15:10:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2012.12.02 15:10:34 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2012.12.02 15:10:34 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2012.12.02 15:10:34 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2012.12.02 15:10:34 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2012.12.02 15:10:34 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2012.12.02 15:10:33 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2012.12.02 15:10:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2012.12.02 15:10:33 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2012.12.02 15:10:33 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2012.12.02 15:10:33 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2012.10.02 13:14:56 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.10.01 15:49:29 | 000,000,481 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.10.01 12:17:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\hpspmins.dll
[2012.09.30 20:04:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\RUNINST.DLL
[2012.09.30 20:04:11 | 000,004,880 | ---- | C] () -- C:\Windows\System32\EPHPW.DRV
[2012.09.30 18:50:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2012.09.29 12:47:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.29 12:47:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.09.29 15:31:36 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.15 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BOM
[2013.01.03 17:24:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ComBib
[2012.11.12 12:18:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2012.10.02 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012.11.04 12:13:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seagate
[2013.01.21 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013.03.19 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\BOM
[2012.10.01 12:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Canneverbe Limited
[2013.01.03 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\ComBib
[2012.10.01 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\elsterformular
[2012.10.01 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GARMIN
[2012.09.30 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GHISLER
[2012.09.30 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\GlarySoft
[2013.01.12 13:00:56 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Leadertech
[2012.10.01 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Nokia
[2012.10.01 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Nokia Suite
[2012.10.01 12:38:07 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\OpenOffice.org
[2012.10.01 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\PC Suite
[2012.10.01 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Seagate
[2012.09.30 18:43:40 | 000,000,000 | ---D | M] -- C:\Users\Ellen\AppData\Roaming\Thunderbird
[2012.10.01 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\BOM
[2012.09.30 21:13:10 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\GHISLER
[2012.10.01 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\Leadertech
[2012.09.30 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Siggi\AppData\Roaming\PC Suite
========== Purity Check ==========
< End of report >
| Zitat:
OTL Extras logfile created on: 24.03.2013 14:10:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,19 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 61,96% Memory free
6,37 Gb Paging File | 4,97 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 335,78 Gb Free Space | 72,11% Space Free | Partition Type: NTFS
Drive D: | 232,89 Gb Total Space | 19,22 Gb Free Space | 8,25% Space Free | Partition Type: NTFS
Computer Name: ELLEN-AMD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D0AED2-35AD-478D-8D2B-61CCEBEFE38B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A8EF3C2-E677-49D2-95FA-6EFC8D0BECEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228CCC61-1627-46A1-A6E6-4E3E04ED3489}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25E257DA-99E4-45C4-A234-48F3F8AFE0F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D5A3DE3-CD88-4F33-8D89-5E7A8DBA4403}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4959B1B7-3283-4ACF-A0E2-9E6B1A6B54A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4CC1B5D3-5ADD-4D30-A1A9-3908FDDFF966}" = rport=10243 | protocol=6 | dir=out | app=system |
"{50F6616E-CF86-47B0-AD26-299FDC3678B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A33CEE8-6227-4195-AD72-8DE0EF6BA4F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B964701-834A-4803-97BD-976A25D6B76B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D57487B-57AB-41D1-AB6E-63FCFE1C4E05}" = lport=139 | protocol=6 | dir=in | app=system |
"{743901F5-CE51-458E-834E-CAAD8052E2E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{773F26B1-4DB9-4ADC-B3EF-8861425DF5A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E4B4F38-4D2F-4D74-A493-568320962B7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{926323D3-3ECE-4D17-A4B9-31C2E5629D2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C73C219-9476-40D6-9F67-511AA64E19C6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{9D32399D-06BC-43CA-8DE9-13248D0C0999}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4D72427-2582-415C-AE58-388A3DC5C1A7}" = rport=139 | protocol=6 | dir=out | app=system |
"{D1A64555-9B3A-486D-BD7D-F1FC51E29DDA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DCBF9F61-7FBF-4818-8A8B-68EE2171410F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDC1F5B2-F139-48E7-9A13-DA035227E1E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC2B86C2-6E6F-48D2-8BD2-57B742DE55A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F38E7450-5221-47A6-B955-AE7BA0504B40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F71F1205-48C9-45E8-A520-4C69D6D61FA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017CD676-0C65-48B7-BFED-8A3E2137DDE4}" = dir=in | app=c:\program files\airport\apagent.exe |
"{05BFCA4B-DF4A-47FE-921A-311846D97D7C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{06072062-1D8E-4CB0-959D-7D66EEA98C5D}" = protocol=6 | dir=out | app=system |
"{0EBDF159-1748-4089-9ED0-148DAAAB6958}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{14437A5C-EB2E-4537-825A-A76D8A21A03B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{237AA82E-28E7-4EC9-B7F7-6789A5CDC977}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{36FF2AE6-5EED-4EE0-91B7-5A9BC46C6EF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37D40E1F-195F-41FE-9E86-44E686BCAF68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DF59C87-3113-401E-ABAF-B674FF799FD9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3EA189E3-4FEE-4CD6-A9CA-7F99B0D5AA3B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{47B4ACDC-2A61-4405-8F70-1AB3251B78A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{4886D625-DF48-4F2B-AC7F-705A5950AFF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B43DC0D-D9C1-4A86-A022-472B3D8C26BD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4D9C93AA-E9E1-47FD-BCEB-D5FD4F2EE42A}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{51FCC860-3D8F-4AA3-858F-F90D8660B788}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{56186139-DA33-44BA-AEDC-C6BD22A721A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{593D8D4A-6FDC-4DE4-B54A-7A721647DC77}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{6438EA6F-D30E-41F5-BE0E-9F2E2EC35F29}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{7B029F99-6E38-46D3-ABB0-56B6E0A6BC2F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{7F19C47B-FD32-4E59-ABC1-12094D62607F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{7F4A900E-BB0B-4F70-8027-37AD88387E73}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{83E31B57-853A-4334-8DA3-E149EBD8F86E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9342D84C-4ED5-4257-A95A-20BD1927B0F2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{93439B07-045A-4981-B53C-538D7FA7649C}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{9F3DC7F6-32B7-427E-9E31-B7FE02181900}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A24C0867-60F7-4C20-84EE-9ACF7A5D5DCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A37E3B1C-F5F1-4F0B-915D-21E33CA5BFDC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A77B23E8-8CC1-48BF-912B-5C7BF98ACA14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE899962-7F09-4C1C-BBD3-B30A24DD27AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1943830-727E-49B2-A46E-5F33936B6BFF}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{B36ADA78-CBDD-4B5F-9B6C-1E960BDC8F34}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{B532C96F-89A6-4499-9501-E8CB207F5293}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{B74FFF91-25C3-400D-8B10-C70B4602EA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BBF3B35C-85DC-4D77-BEBA-A68C9F8D30E5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D28B2603-DAAB-43C5-9B8C-436F491B95AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D77BC125-9D83-4F17-866E-C67BB9583707}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D89CF448-72F6-40BB-985C-DA754716FF78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D910CDD4-18B2-42E8-9D68-A5EA1E67B63F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD106C3B-D8BA-454E-AD67-181D355D89EF}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{E5787DD6-4F01-42ED-B62B-76255931A60C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{EEB52738-BC83-42BA-8359-C77CED6F4CD4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8343C21-0F3F-432E-8FDA-838CD44A28B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{5C395A1B-2B9B-4711-9F3D-74F9912AAC22}C:\program files\teamviewer\version8\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"TCP Query User{7A9E15F8-7F4A-4BBC-A829-54F561A40D1E}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E6EA7137-64DD-4E4E-90DC-819E11EC25B3}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"UDP Query User{A8543EA1-9CA6-487D-8EC0-0A2F145CF6AF}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B5830D50-0046-4295-9438-3AFD3C5139AF}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |
"UDP Query User{CE8CB537-7999-4244-93C4-BE749F8D5164}C:\program files\teamviewer\version8\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3892619F-4A89-4424-8E46-281C9D765951}" = Herrnhuter Losungen
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F6F60C-D23E-4CF7-8D23-AE401005EB88}" = StarMoney 8.0 S-Edition
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audio 180%" = Audio 180%
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DeskUpdate_is1" = DeskUpdate
"eBay SmartSeller" = SmartStore eBay SmartSeller
"ElsterFormular" = ElsterFormular
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"HP Standard Port Monitor for Windows NT" = HP Standard Port Monitor for Windows NT
"ifolor-Designer" = ifolor Designer
"Lexmark X1100 Series" = Lexmark X1100 Series
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MapSource" = MapSource
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 8" = TeamViewer 8
"Totalcmd" = Total Commander (Remove or Repair)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3564537915-448565646-2147619559-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.03.2013 08:22:19 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (1880) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.03.2013 08:22:19 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (1880) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error - 24.03.2013 08:25:48 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (1308) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.03.2013 08:25:48 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (1308) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error - 24.03.2013 08:34:11 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (3560) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.03.2013 08:34:11 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (3560) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (4436) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (4436) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = ESENT | ID = 490
Description = Windows (4964) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = ESENT | ID = 455
Description = Windows (4964) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von
Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
[ System Events ]
Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 24.03.2013 08:49:29 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
52 Mal passiert.
Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 24.03.2013 08:49:54 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
53 Mal passiert.
Error - 24.03.2013 08:55:38 | Computer Name = Ellen-AMD | Source = SCardSvr | ID = 602
Description =
Error - 24.03.2013 08:58:36 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 24.03.2013 08:58:36 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 24.03.2013 09:06:45 | Computer Name = Ellen-AMD | Source = SCardSvr | ID = 602
Description =
Error - 24.03.2013 09:09:21 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 24.03.2013 09:09:21 | Computer Name = Ellen-AMD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
| Wie muss ich jetzt weiter vorgehen.
Ich arbeite jetzt vorerst mit Google-Chrome.
Danke schon-mal für Eure Hilfe
|
24.03.2013, 14:51
Baum-Darstellung