Windows Explorer stürzt ununterbrochen ab, Virus?

kruemmel · 30.03.2013, 22:25

Hallo!

Ich bin leider eine ziemliche PC- Niete, werde versuchen mein Problem so gut es geht zu schildern in der Hoffnung das es verständlich ist.

Auf meinen Laptop habe ich zwei Accounts (beide Administrator), bei einem davon haben die Probleme vor ca. einer Woche angefangen. Zuerst stürzte Windows Explorer immer ab wenn ich einen bestimmten Ordner aufmachte und seit heute ist ganz aus. sobald ich mich mit dem Account einlogge stürzt Windows Explorer ab und startet sich alle paar Sekunden neu, ein Programm öffnen völlig unmöglich.
Mit dem zweiten Account scheint der Laptop gut zu funktionieren, habe von dort aus Malwarebytes über den PC laufen lassen, der hat nur die üblichen Tracking Cookies gefunden (und ich hab blöderweis gar nichts davon gespeichert, hab noch keine Erfahrung mit dem Board), und nicht wie ich dachte die "eine und wahre Lösung" meines Problems.

Wenn ich nun Schritt 2 befolge komme ich dazu:

OTL: OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.03.2013 20:43:19 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannelore\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 71,04% Memory free
6,85 Gb Paging File | 5,82 Gb Available in Paging File | 84,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 116,55 Gb Free Space | 27,45% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
 
Computer Name: KARIN-PC | User Name: Hannelore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.30 20:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Downloads\OTL.exe
PRC - [2013.03.30 20:37:23 | 000,050,477 | ---- | M] () -- C:\Users\Hannelore\Downloads\Defogger.exe
PRC - [2012.12.23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.12 17:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.07.27 11:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
PRC - [2010.07.08 13:18:29 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 13:15:52 | 000,071,096 | ---- | M] () -- C:\Programme\Blaze Media Pro\NMSAccess32.exe
PRC - [2008.03.19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.30 20:37:23 | 000,050,477 | ---- | M] () -- C:\Users\Hannelore\Downloads\Defogger.exe
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2010.07.27 11:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.13 17:54:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 10:28:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.12 17:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 09:55:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.07.08 13:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.12 13:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.03.19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013.03.22 02:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.03.17 10:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.03.16 01:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130329.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.03.16 01:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130329.025\NAVENG.SYS -- (NAVENG)
DRV - [2013.03.13 15:57:20 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.01.30 20:18:18 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys -- (SymNetS)
DRV - [2013.01.30 20:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013.01.28 18:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013.01.28 18:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013.01.21 19:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS)
DRV - [2012.11.15 19:45:16 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012.11.15 19:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\Ironx86.sys -- (SymIRON)
DRV - [2012.11.15 19:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012.09.25 17:06:54 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.09.08 11:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2012.09.08 11:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2012.09.08 11:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012.09.08 11:47:04 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.08.09 08:10:01 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.08 03:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.12.22 18:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.02 15:54:20 | 000,020,008 | ---- | M] (Psychology Software Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prtdrv.sys -- (PRTDRV)
DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.08.13 16:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.07.31 02:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008.03.18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.07.23 13:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 13:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 13:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.04.12 15:19:54 | 000,011,776 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRBoxDRv.sys -- (SRBoxDRv)
DRV - [2002.10.25 13:49:48 | 000,007,168 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PortDRv.sys -- (PortDRv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\SearchScopes,DefaultScope = {4CD44656-8609-47F5-BB74-4FDFA8AA39BF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4CD44656-8609-47F5-BB74-4FDFA8AA39BF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com/?l=dis&o=14672"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 17:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.03.30 20:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.16 18:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.17 13:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 10:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 10:28:32 | 000,000,000 | ---D | M]
 
[2011.01.12 19:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Extensions
[2013.03.30 20:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Firefox\Profiles\d41qh64p.default\extensions
[2013.03.30 20:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 10:28:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.27 10:28:08 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013.02.20 20:58:47 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142F2D10-AFAC-4319-8B97-F2F9242E1639}: DhcpNameServer = 143.205.176.16 143.205.176.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A34EE5B-9CDB-4BBC-A369-A031E82A7022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 20:01:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.03.30 20:01:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.30 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.30 19:42:25 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\Apps
[2013.03.30 19:39:59 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\CrashDumps
[2013.03.17 13:37:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.03.08 10:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 20:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Hannelore\defogger_reenable
[2013.03.30 20:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.30 20:25:27 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 20:25:27 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 20:19:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.30 20:17:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.30 20:17:44 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.30 20:15:37 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.30 19:53:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 11:15:33 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.30 11:15:33 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.30 11:15:33 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.30 11:15:33 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.20 06:03:24 | 001,900,054 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.17 13:37:57 | 000,002,427 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.03.17 13:36:30 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021
[2013.03.17 10:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.03.17 10:06:41 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.03.17 10:06:41 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
 
========== Files Created - No Company Name ==========
 
[2013.03.30 20:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Hannelore\defogger_reenable
[2011.11.23 21:38:05 | 000,005,632 | ---- | C] () -- C:\Users\Hannelore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.04 06:31:28 | 000,000,000 | ---D | M] -- C:\Users\Hannelore\AppData\Roaming\3DataManager
[2011.03.09 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Hannelore\AppData\Roaming\GazeTracker
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Beim besten Willen finde ich keine EXTRA.txt, OTL spuckt mir nur diese eine Txt-file aus.

Der nächste Schritt folgt sofort:

äm, ok, das mit den
GMER habe ich erfolgreich gemacht, aber anscheinend ist die txt. file zu lang (ca.300 Seiten im Word

!) und das haut dann hier mit den posten nicht hin....
bin leider alles andere als ein Computer- Könner und freue mich auf jede Hilfe die ich bekomme!

eine der wichtigsten Fragen für mich wär jetzt: Kann ich auf diesen zweiten Account, der ohne Probleme funktionieren zu scheint, normal weiterarbeiten? und handelt es sich bei meinen Problem um einen Virus oder ist es doch eher Altersschwäche?

Danke für die viele Zeit die ihr hier investiert.
glg,
kruemmel

Aneri · 31.03.2013, 10:57

Mein Name ist Heiko.

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies kann bis zu 24h dauern...

Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Aneri · 31.03.2013, 14:33

Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.

Bitte Lesen:
Regeln für die Bereinigung

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden.
Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.

Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support ohne Diskussion beendet.
Falls es sich bei dem Rechner um einen Firmenrechner handelt teile es mir bitte mit.

Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt die angeforderte Rückmeldung (Logfile oder Antwort)
und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
Bitte führe nur Scanns durch zu denen Du aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu von mir oder einem anderen Teammitglied aufgefordert.
Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss (erleichtert uns die Arbeit).
Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Dann fangen wir mal mit Schritt 1 an:

Erstelle bitte eine zip Datei aus dem Gmer.log und füge es hier als Anhang hinzu.

Schritt 2:

Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall < BITTORRENT TOOLBAR >.

Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere die oben erwähnte Software.

Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.[/color]

Schritt 3 ADWCLeaner:

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4 Kontrollscan mit Extras:

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

kruemmel · 31.03.2013, 15:29

Hallo Heiko!

Bin deiner Anweisung Schritt für Schritt gefolgt (Herzliches

für die tolle Anleitung! )und zu folgenden Ergebnissen gekommen:
Schritt 1:
Zip- Datei befindet sich im Anhang.

Schritt 2: unter Systemsteuerung -> Programme deinstallieren finde ich „bittorrent toolbar“ nicht.
Habe den Laptop gebraucht übernommen und hatte keine Ahnung davon

Schritt 3:
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 31/03/2013 um 16:05:57 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Hannelore - KARIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannelore\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\HANNEL~1\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Hannelore\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Hannelore\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Hannelore\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Hannelore\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Karin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Karin\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Karin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Karin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Karin\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Karin\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\Conduit
Ordner Gelöscht : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\ConduitCommon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (en-US)

Datei : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\prefs.js

Gelöscht : user_pref("CT2849855..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2849855.AppTrackingLastCheckTime", "Fri Nov 11 2011 21:59:44 GMT+0100");
Gelöscht : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Gelöscht : user_pref("CT2849855.CTID", "CT2849855");
Gelöscht : user_pref("CT2849855.CurrentServerDate", "12-11-2011");
Gelöscht : user_pref("CT2849855.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2849855.DialogsGetterLastCheckTime", "Fri Nov 11 2011 21:23:25 GMT+0100");
Gelöscht : user_pref("CT2849855.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2849855.EMailNotifierPollDate", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedLastCount129349796701375473", 161);
Gelöscht : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Dec 11 2010 08:59:31 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Dec 11 2010 08:59:31 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Dec 11 2010 08:59:31 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Dec 11 2010 08:59:31 GMT+0100");
Gelöscht : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Gelöscht : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Gelöscht : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Gelöscht : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Gelöscht : user_pref("CT2849855.FirstServerDate", "11-12-2010");
Gelöscht : user_pref("CT2849855.FirstTime", true);
Gelöscht : user_pref("CT2849855.FirstTimeFF3", true);
Gelöscht : user_pref("CT2849855.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2849855.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2849855.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2849855.Initialize", true);
Gelöscht : user_pref("CT2849855.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2849855.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2849855.InstalledDate", "Sat Dec 11 2010 08:59:30 GMT+0100");
Gelöscht : user_pref("CT2849855.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2849855.IsGrouping", false);
Gelöscht : user_pref("CT2849855.IsMulticommunity", false);
Gelöscht : user_pref("CT2849855.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2849855.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2849855.LanguagePackLastCheckTime", "Fri Nov 11 2011 21:23:24 GMT+0100");
Gelöscht : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2849855.LastLogin_3.2.5.2", "Sat Apr 16 2011 10:31:08 GMT+0200");
Gelöscht : user_pref("CT2849855.LastLogin_3.3.3.2", "Fri Jun 24 2011 16:25:36 GMT+0200");
Gelöscht : user_pref("CT2849855.LastLogin_3.5.0.12", "Mon Aug 15 2011 17:55:11 GMT+0200");
Gelöscht : user_pref("CT2849855.LastLogin_3.6.0.10", "Thu Sep 22 2011 17:11:00 GMT+0200");
Gelöscht : user_pref("CT2849855.LastLogin_3.7.0.6", "Tue Nov 08 2011 16:51:42 GMT+0100");
Gelöscht : user_pref("CT2849855.LastLogin_3.8.0.8", "Sat Nov 12 2011 17:33:20 GMT+0100");
Gelöscht : user_pref("CT2849855.LatestVersion", "3.8.0.8");
Gelöscht : user_pref("CT2849855.Locale", "de");
Gelöscht : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2849855.SearchEngineBeforeUnload", "Google");
Gelöscht : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gelöscht : user_pref("CT2849855.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Fri Nov 11 2011 21:23:23 GMT+0100");
Gelöscht : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2849855.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2849855.ServiceMapLastCheckTime", "Fri Nov 11 2011 21:23:24 GMT+0100");
Gelöscht : user_pref("CT2849855.SettingsLastCheckTime", "Sat Nov 12 2011 20:33:03 GMT+0100");
Gelöscht : user_pref("CT2849855.SettingsLastUpdate", "1319756020");
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Mon Oct 24 2011 18:43:28 GMT+0200");
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Gelöscht : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2849855.UserID", "UN43765846068240566");
Gelöscht : user_pref("CT2849855.ValidationData_Search", 0);
Gelöscht : user_pref("CT2849855.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2849855.WeatherNetwork", "");
Gelöscht : user_pref("CT2849855.WeatherPollDate", "Sat Dec 11 2010 08:59:31 GMT+0100");
Gelöscht : user_pref("CT2849855.WeatherUnit", "C");
Gelöscht : user_pref("CT2849855.alertChannelId", "1241896");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6F71736B73717371");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737577797179777977242F4B4947[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g>d", "6C3C6841707341707A78727476204B757B4D254F7D51252A52[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "6F6B6D3E424275407A777072457979774A7C7A4F21");
Gelöscht : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F71736B73717271737A73");
Gelöscht : user_pref("CT2849855.backendstorage./9b90e@8ff=eg", "393F352F3E");
Gelöscht : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2849855.backendstorage.cb_firstuse0100", "31");
Gelöscht : user_pref("CT2849855.backendstorage.cbfirsttime", "5765642053657020323820323031312030393A32303A35372[...]
Gelöscht : user_pref("CT2849855.backendstorage.enableinj", "");
Gelöscht : user_pref("CT2849855.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gelöscht : user_pref("CT2849855.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F73656[...]
Gelöscht : user_pref("CT2849855.backendstorage.url_history_time", "31333139353338363238343736");
Gelöscht : user_pref("CT2849855.components.1000034", false);
Gelöscht : user_pref("CT2849855.components.1000234", false);
Gelöscht : user_pref("CT2849855.components.129349796699812960", false);
Gelöscht : user_pref("CT2849855.components.129349796701375473", false);
Gelöscht : user_pref("CT2849855.components.129349796701375474", false);
Gelöscht : user_pref("CT2849855.components.129349796701531725", false);
Gelöscht : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Nov 12 2011 17:33:20 GMT+0100");
Gelöscht : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2849855.initDone", true);
Gelöscht : user_pref("CT2849855.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2849855.myStuffEnabled", true);
Gelöscht : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2849855.oldAppsList", "129349796699187955,129349796699500456,1000234,129349796699656708[...]
Gelöscht : user_pref("CT2849855.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2849855.testingCtid", "");
Gelöscht : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Fri Nov 11 2011 21:23:24 GMT+0100");
Gelöscht : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Tue Nov 01 2011 17:36:28 GMT+0100");
Gelöscht : user_pref("CT2849855.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/AT", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63438026930213[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"07b[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_de");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Karin\\AppData\\Roaming\\Mozilla\\F[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/menu_dlg/pg_dlg.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_de");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2849855");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 17 2011 18:45:35 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 23:29:02 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 22:13:44 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "7d93ba28-6f63-4a8d-8374-4acad3e85a93");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 11 2011 21:23:24 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "d421b1e9-e237-4fc3-967c-ee8fd1085fa1");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 08 2011 20:52:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Nov 11 2011 21:23:34 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Nov 11 2011 21:23:24 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "6a5363cf-2740-4dd9-a039-7d8ee15fca61");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

Datei : C:\Users\Hannelore\AppData\Roaming\Mozilla\Firefox\Profiles\d41qh64p.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14672");

*************************

AdwCleaner[S1].txt - [27809 octets] - [31/03/2013 16:05:57]

########## EOF - C:\AdwCleaner[S1].txt - [27870 octets] ##########

[/CODE]
--- --- ---

Schritt 4: OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.03.2013 16:13:13 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannelore\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 73,06% Memory free
6,85 Gb Paging File | 5,90 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 121,03 Gb Free Space | 28,50% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
 
Computer Name: KARIN-PC | User Name: Hannelore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.30 21:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
PRC - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.12 18:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
PRC - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe
PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 14:15:52 | 000,071,096 | ---- | M] () -- C:\Programme\Blaze Media Pro\NMSAccess32.exe
PRC - [2008.03.19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.31 09:21:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 11:28:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.12 18:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 10:55:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.12 14:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.03.19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.03.17 11:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.03.16 02:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130330.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.03.16 02:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130330.009\NAVENG.SYS -- (NAVENG)
DRV - [2013.03.13 16:57:20 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.01.30 21:18:18 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys -- (SymNetS)
DRV - [2013.01.30 21:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013.01.28 19:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013.01.28 19:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013.01.21 20:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS)
DRV - [2012.11.15 20:45:16 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012.11.15 20:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\Ironx86.sys -- (SymIRON)
DRV - [2012.11.15 20:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012.09.25 18:06:54 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012.09.08 12:47:04 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.08.09 09:10:01 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.08 04:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.12.22 19:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.02 16:54:20 | 000,020,008 | ---- | M] (Psychology Software Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prtdrv.sys -- (PRTDRV)
DRV - [2009.09.18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.07.31 03:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008.03.18 15:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 15:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.07.23 14:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 14:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 14:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.04.12 16:19:54 | 000,011,776 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRBoxDRv.sys -- (SRBoxDRv)
DRV - [2002.10.25 14:49:48 | 000,007,168 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PortDRv.sys -- (PortDRv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{4CD44656-8609-47F5-BB74-4FDFA8AA39BF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 18:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.03.31 16:08:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.16 19:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.17 14:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 11:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.31 09:24:52 | 000,000,000 | ---D | M]
 
[2011.01.12 20:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Extensions
[2013.03.30 21:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Firefox\Profiles\d41qh64p.default\extensions
[2013.03.30 21:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 11:28:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.20 21:58:47 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142F2D10-AFAC-4319-8B97-F2F9242E1639}: DhcpNameServer = 143.205.176.16 143.205.176.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A34EE5B-9CDB-4BBC-A369-A031E82A7022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 09:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 09:42:50 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.31 09:42:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.31 09:42:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.31 09:42:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.31 09:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.03.31 09:24:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.30 21:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
[2013.03.30 21:01:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.03.30 21:01:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.30 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.30 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\Apps
[2013.03.30 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\CrashDumps
[2013.03.21 07:07:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.17 14:37:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.03.13 17:06:15 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 17:06:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 17:06:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 17:06:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 17:06:12 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.08 11:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.31 16:15:04 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 16:15:04 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 16:08:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 16:07:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 16:07:26 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.31 16:04:53 | 000,609,993 | ---- | M] () -- C:\Users\Hannelore\Desktop\adwcleaner.exe
[2013.03.31 15:55:03 | 000,076,088 | ---- | M] () -- C:\Users\Hannelore\Desktop\Gmer.zip
[2013.03.31 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 15:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.31 15:20:33 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.31 15:20:33 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.31 15:20:33 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.31 15:20:33 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.31 09:41:56 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.31 09:41:56 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.31 09:41:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.31 09:41:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.31 09:41:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.31 09:41:56 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.31 09:24:52 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.31 09:21:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.31 09:21:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.30 21:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
[2013.03.30 21:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Hannelore\defogger_reenable
[2013.03.30 21:15:37 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.20 07:03:24 | 001,900,054 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.17 14:37:57 | 000,002,427 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.03.17 14:36:30 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021
[2013.03.17 11:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.03.17 11:06:41 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.03.17 11:06:41 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
 
========== Files Created - No Company Name ==========
 
[2013.03.31 16:04:52 | 000,609,993 | ---- | C] () -- C:\Users\Hannelore\Desktop\adwcleaner.exe
[2013.03.31 15:55:03 | 000,076,088 | ---- | C] () -- C:\Users\Hannelore\Desktop\Gmer.zip
[2013.03.31 09:24:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.31 09:24:52 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.30 21:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Hannelore\defogger_reenable
[2011.11.23 22:38:05 | 000,005,632 | ---- | C] () -- C:\Users\Hannelore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---
[code]
Extra.txt: OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 31.03.2013 16:13:13 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannelore\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 73,06% Memory free
6,85 Gb Paging File | 5,90 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 121,03 Gb Free Space | 28,50% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
 
Computer Name: KARIN-PC | User Name: Hannelore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FDA8F4-4A16-4B43-B6AB-BD2E080ADFCB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{20863C92-899D-4BC2-B6D4-B07DF5E9910B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{381C4A9D-2E99-4761-9825-0D1113FF71A2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{43442C62-0364-4929-AC44-17507AD93ABB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{482E3ABE-9FFA-4FBC-B3EF-C9D025416028}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4D5812FC-ACF7-430A-AACF-412918ED71A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4FC73A00-9446-447A-9095-321E0ECC7A37}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5411440E-6291-466D-8D29-57CA4EEE41EE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{553D4C16-E982-4EA5-875D-2EAC9ED0E58D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5985F74B-B438-4833-9D3C-6C3AA4940352}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5A321B6F-0909-4FF8-A4C8-6A6B9F88CBC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AD89F20D-D960-407B-A6BD-B111A722E5FE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B07538A6-D577-4139-8C8D-4862CCD9E3C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2B05194-C8BB-46CE-B7D3-A992D877D3D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9C70879-DFD8-4D1B-976E-B3EDB4532655}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CB08A578-9B8D-46E1-B4ED-FC6D4B0D9F4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE754FB7-3DA3-4871-B64E-0EE957CBEA8F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CFA10990-C342-4506-85CA-FF48F3546D8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D813176E-4AEC-434D-BCD3-BCADB33C4AD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D94D469B-DE3C-49D0-A47C-CBA1191CEC65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DAFC1185-BEE3-47A6-AF06-1DB01472981A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DC069F1B-29F5-46D6-9D51-FE809155FC3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD858F7D-B1F0-46D2-BA87-7521BEDB4921}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA979150-7EF3-4085-AC29-87905B360D02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F9C402AB-DF38-40F0-951C-F722DD8540CB}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0279E00E-CD83-4A3E-BAEC-D7E255689D09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0C0CA445-2B31-421C-859F-3B1EBDAA8F5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10D1D10C-B65D-45FD-AA03-B2BE23F1DD87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{186AF690-0F8B-43CA-B27B-04BDDF8C3343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{195AED33-F8E7-4840-BA1C-8665F62FA499}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{1A8F5B54-E828-4ED1-847B-56CD34F65281}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1FEFE585-214C-4A12-9BE8-3A1543327DCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{1FF68C9D-CD01-4229-9201-A965F5342820}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20745CD8-D99C-4CBC-AAA4-F7C903104CB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{23DE5619-1920-413B-95E8-D00B8AB0EBF8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{251E4CC2-EDF1-4D21-8F61-472192DA4909}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{25BA9A93-FF81-42E7-99AE-83997969CCD9}" = protocol=17 | dir=in | app=c:\users\karin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{39E88B47-4736-4608-A7AB-ED28B10F2B1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C3E8896-3C94-4A28-B0F5-2177F7195E09}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{3CC2FE6A-39EC-4A56-9E14-E82AB4E1E2EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{42EF726C-4A13-46CB-9089-E3020209E7FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4598A47E-23EF-4B6B-9FE4-C5EEE846AD47}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{45DDD9B6-988A-4157-A9CC-C586F66B752C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{477F38FA-E7C6-4546-8EE3-B5526751C424}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{502AC307-9BAE-42E7-91D8-901046D68C2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{50571E51-FFF8-47E3-AA86-C19F8EE9D85C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{514C5B2B-DB63-4D0F-95ED-82F1CDB32BA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52F682DC-719F-45B8-B215-77C7D509968E}" = protocol=6 | dir=in | app=c:\users\karin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{641847EF-CC40-43E5-9786-20B5B1643A9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{664828CB-13DE-4B06-80D8-C5C8B60158D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{74BA836C-1032-4C58-8798-E45C6B428A0D}" = protocol=6 | dir=out | app=system | 
"{757DF72B-956C-4591-AD0F-613C1BE9DA0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{76510D9C-1109-4F0D-A0A5-16C7EB70012D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{76EB9ADD-7F30-4F37-9632-20CEF4E40542}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{80AC2432-9B88-465B-8090-B747700EF784}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{9244160B-A70B-4A63-97E7-94D78E8CB047}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96FC19BE-7626-4547-A61E-CEBEBBBAC346}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1A1C5EB-DBB3-499C-9434-4F1F5C64BB9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A67A5D45-2F07-4C54-A947-4B91FA1FD198}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{B6F5E725-233E-4A05-879B-6CBB20E9F59A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B868D76C-AB75-44BF-96B5-5A5556935F01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{BFFE2A2B-C833-46D1-8269-0F32AF157569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C548726E-488F-4613-8256-5B8B1CC336CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D036BDCB-6933-4C0C-88E7-25B9519DBD40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D59E2178-FC54-4B61-85AA-162728E0F1C7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D9AA8A7F-3D68-4F4F-9F21-692EA800A815}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{E047519A-8C29-43B6-95F4-B3D3B31B9069}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6B29F2A-6C4E-4784-BAD8-97557977817B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{F6C6A89E-EEC9-4A65-89F9-910C66C69FA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3DataManager" = 3DataManager
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVS Screen Capture_is1" = AVS Screen Capture version 1.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blaze Media Pro" = Blaze Media Pro
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Hofer Foto Manager Free D" = Hofer Foto Manager Free
"Hofer Foto Service D" = Hofer Foto Service
"Hofer Fotodruck Service" = Hofer Fotodruck Service 4.5
"Hofer Online Druck Service D" = Hofer Online Druck Service
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"MEDION Fotos auf CD & DVD SE Hofer D" = MEDION Fotos auf CD & DVD SE Hofer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.2
"NIS" = Norton Internet Security
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"RarZilla Free Unrar" = RarZilla Free Unrar
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.03.2012 06:00:02 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 01.04.2012 09:41:42 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 08.04.2012 07:22:35 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 15.04.2012 07:43:51 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.04.2012 17:37:29 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.23,
 Zeitstempel: 0x4e7b8e3c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00055fa8  ID des fehlerhaften
 Prozesses: 0x14c4  Startzeit der fehlerhaften Anwendung: 0x01cd1c18940e4be8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 5d180494-880c-11e1-b91c-00262df7f59e
 
Error - 22.04.2012 07:20:52 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.04.2012 06:22:21 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.04.2012 06:32:08 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.05.2012 06:00:01 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 11.05.2012 14:37:27 | Computer Name = Karin-PC | Source = IAStorDataMgrSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
 Verbindung mit dem Dienstcontroller herstellen
 
[ OSession Events ]
Error - 07.05.2011 06:39:28 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2011 06:42:32 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 02:50:07 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 189 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 02:51:59 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 99 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 02:52:53 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 02:53:28 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 02:59:13 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 03:53:04 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 03:53:35 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 06:36:58 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.03.2013 01:04:04 | Computer Name = KARIN-PC | Source = BugCheck | ID = 1005
Description = 
 
Error - 20.03.2013 01:04:04 | Computer Name = KARIN-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 23.03.2013 04:28:18 | Computer Name = Karin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.03.2013 10:28:07 | Computer Name = Karin-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 27.03.2013 12:47:41 | Computer Name = Karin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?03.?2013 um 17:44:08 unerwartet heruntergefahren.
 
Error - 27.03.2013 12:48:42 | Computer Name = Karin-PC | Source = BugCheck | ID = 1005
Description = 
 
Error - 27.03.2013 12:48:42 | Computer Name = Karin-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.03.2013 13:32:04 | Computer Name = Karin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7
 
Error - 30.03.2013 08:38:45 | Computer Name = Karin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.03.2013 15:19:45 | Computer Name = Karin-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

--- --- ---

habe gestern Abend noch CCleaner über den Laptop laufen lassen nachdem ich das erste OTL file gepostet habe, ich hoff das verfälscht die Ergebnisse nicht so sehr, so weit hab ich leider nicht mitgedacht....

glg,
kruemmel

Aneri · 31.03.2013, 18:15

Die Anleitung geht weiter ... bitte nicht erschrecken...

Wir haben da aber eventuell ein kleines Geschenk aus China im System ... aber no panic

Führe bitte folgende Schritt aufmerksam durch...

MBAR als Schritt 1:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

TDSskiller als Schritt 2:

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

kruemmel · 31.03.2013, 19:04

Ganz ehrlich? Wenns schon chinesisch sein muss wär mir Chop Suey lieber

Hier also einmal der Malwarebytes-log:

Code:

ATTFilter

 Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.03.31.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Hannelore :: KARIN-PC [administrator]

31.03.2013 19:55:53
mbar-log-2013-03-31 (19-55-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29728
Time elapsed: 12 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Beim ersten Durchgang schrieb das Programm schon „Congratulations, no malware found!“.
Und nun zu TDSSKiller:

Code:

ATTFilter

 19:59:38.0813 3312  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:59:39.0187 3312  ============================================================
19:59:39.0187 3312  Current date / time: 2013/03/31 19:59:39.0187
19:59:39.0187 3312  SystemInfo:
19:59:39.0187 3312  
19:59:39.0187 3312  OS Version: 6.1.7601 ServicePack: 1.0
19:59:39.0187 3312  Product type: Workstation
19:59:39.0187 3312  ComputerName: KARIN-PC
19:59:39.0187 3312  UserName: Hannelore
19:59:39.0187 3312  Windows directory: C:\Windows
19:59:39.0187 3312  System windows directory: C:\Windows
19:59:39.0187 3312  Processor architecture: Intel x86
19:59:39.0187 3312  Number of processors: 4
19:59:39.0187 3312  Page size: 0x1000
19:59:39.0187 3312  Boot type: Normal boot
19:59:39.0187 3312  ============================================================
19:59:39.0983 3312  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:59:39.0983 3312  ============================================================
19:59:39.0983 3312  \Device\Harddisk0\DR0:
19:59:39.0983 3312  MBR partitions:
19:59:39.0983 3312  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:59:39.0983 3312  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
19:59:39.0983 3312  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
19:59:39.0983 3312  ============================================================
19:59:40.0014 3312  C: <-> \Device\Harddisk0\DR0\Partition2
19:59:40.0061 3312  D: <-> \Device\Harddisk0\DR0\Partition3
19:59:40.0061 3312  ============================================================
19:59:40.0061 3312  Initialize success
19:59:40.0061 3312  ============================================================
19:59:42.0729 3340  ============================================================
19:59:42.0729 3340  Scan started
19:59:42.0729 3340  Mode: Manual; 
19:59:42.0729 3340  ============================================================
19:59:43.0259 3340  ================ Scan system memory ========================
19:59:43.0259 3340  System memory - ok
19:59:43.0259 3340  ================ Scan services =============================
19:59:43.0384 3340  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:59:43.0384 3340  !SASCORE - ok
19:59:43.0680 3340  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:59:43.0680 3340  1394ohci - ok
19:59:43.0711 3340  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:59:43.0711 3340  ACPI - ok
19:59:43.0774 3340  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:59:43.0789 3340  AcpiPmi - ok
19:59:43.0883 3340  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:59:43.0883 3340  AdobeARMservice - ok
19:59:43.0992 3340  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:59:43.0992 3340  AdobeFlashPlayerUpdateSvc - ok
19:59:44.0055 3340  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:59:44.0055 3340  adp94xx - ok
19:59:44.0117 3340  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:59:44.0133 3340  adpahci - ok
19:59:44.0179 3340  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:59:44.0179 3340  adpu320 - ok
19:59:44.0226 3340  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:59:44.0226 3340  AeLookupSvc - ok
19:59:44.0304 3340  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
19:59:44.0320 3340  AFD - ok
19:59:44.0367 3340  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:59:44.0367 3340  agp440 - ok
19:59:44.0413 3340  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:59:44.0413 3340  aic78xx - ok
19:59:44.0491 3340  [ CB5A5079744A0535416D3A5E462C5EFE ] aksfridge       C:\Windows\system32\DRIVERS\aksfridge.sys
19:59:44.0491 3340  aksfridge - ok
19:59:44.0554 3340  [ 1A27F5555448CC2D29D281B11F39177E ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
19:59:44.0554 3340  akshasp - ok
19:59:44.0585 3340  [ 147B61B81BE1FFC38939EA47E5CFB51F ] akshhl          C:\Windows\system32\DRIVERS\akshhl.sys
19:59:44.0601 3340  akshhl - ok
19:59:44.0632 3340  [ B4AD9F5D78F27E0C6994E0CB05C60E21 ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
19:59:44.0632 3340  aksusb - ok
19:59:44.0694 3340  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:59:44.0694 3340  ALG - ok
19:59:44.0741 3340  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:59:44.0757 3340  aliide - ok
19:59:44.0803 3340  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:59:44.0803 3340  amdagp - ok
19:59:44.0835 3340  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:59:44.0835 3340  amdide - ok
19:59:44.0881 3340  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:59:44.0881 3340  AmdK8 - ok
19:59:44.0897 3340  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:59:44.0897 3340  AmdPPM - ok
19:59:44.0944 3340  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:59:44.0944 3340  amdsata - ok
19:59:44.0991 3340  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:59:44.0991 3340  amdsbs - ok
19:59:45.0037 3340  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:59:45.0037 3340  amdxata - ok
19:59:45.0084 3340  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
19:59:45.0100 3340  AppID - ok
19:59:45.0349 3340  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:59:45.0349 3340  AppIDSvc - ok
19:59:45.0396 3340  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
19:59:45.0412 3340  Appinfo - ok
19:59:45.0443 3340  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:59:45.0443 3340  arc - ok
19:59:45.0459 3340  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:59:45.0459 3340  arcsas - ok
19:59:45.0490 3340  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:59:45.0505 3340  AsyncMac - ok
19:59:45.0552 3340  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
19:59:45.0552 3340  atapi - ok
19:59:45.0615 3340  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:59:45.0615 3340  AudioEndpointBuilder - ok
19:59:45.0630 3340  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:59:45.0646 3340  Audiosrv - ok
19:59:45.0693 3340  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:59:45.0693 3340  AxInstSV - ok
19:59:45.0739 3340  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:59:45.0755 3340  b06bdrv - ok
19:59:45.0817 3340  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:59:45.0817 3340  b57nd60x - ok
19:59:45.0895 3340  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:59:45.0895 3340  BDESVC - ok
19:59:45.0927 3340  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:59:45.0927 3340  Beep - ok
19:59:45.0989 3340  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
19:59:46.0005 3340  BFE - ok
19:59:46.0285 3340  [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
19:59:46.0317 3340  BHDrvx86 - ok
19:59:46.0426 3340  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
19:59:46.0441 3340  BITS - ok
19:59:46.0519 3340  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:59:46.0519 3340  blbdrive - ok
19:59:46.0582 3340  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:59:46.0582 3340  bowser - ok
19:59:46.0613 3340  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:59:46.0613 3340  BrFiltLo - ok
19:59:46.0644 3340  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:59:46.0644 3340  BrFiltUp - ok
19:59:46.0691 3340  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
19:59:46.0691 3340  Browser - ok
19:59:46.0738 3340  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:59:46.0738 3340  Brserid - ok
19:59:46.0785 3340  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:59:46.0785 3340  BrSerWdm - ok
19:59:46.0816 3340  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:59:46.0816 3340  BrUsbMdm - ok
19:59:46.0831 3340  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:59:46.0831 3340  BrUsbSer - ok
19:59:46.0863 3340  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:59:46.0878 3340  BTHMODEM - ok
19:59:46.0925 3340  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:59:46.0925 3340  bthserv - ok
19:59:47.0065 3340  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1403000.024\ccSetx86.sys
19:59:47.0065 3340  ccSet_NIS - ok
19:59:47.0097 3340  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:59:47.0097 3340  cdfs - ok
19:59:47.0159 3340  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:59:47.0159 3340  cdrom - ok
19:59:47.0221 3340  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:59:47.0221 3340  CertPropSvc - ok
19:59:47.0253 3340  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:59:47.0268 3340  circlass - ok
19:59:47.0299 3340  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:59:47.0315 3340  CLFS - ok
19:59:47.0393 3340  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:47.0409 3340  clr_optimization_v2.0.50727_32 - ok
19:59:47.0518 3340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:47.0518 3340  clr_optimization_v4.0.30319_32 - ok
19:59:47.0549 3340  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:59:47.0549 3340  CmBatt - ok
19:59:47.0565 3340  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:59:47.0565 3340  cmdide - ok
19:59:47.0627 3340  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:59:47.0643 3340  CNG - ok
19:59:47.0674 3340  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:59:47.0674 3340  Compbatt - ok
19:59:47.0705 3340  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:59:47.0705 3340  CompositeBus - ok
19:59:47.0721 3340  COMSysApp - ok
19:59:47.0783 3340  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:59:47.0783 3340  crcdisk - ok
19:59:47.0845 3340  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:59:47.0861 3340  CryptSvc - ok
19:59:47.0908 3340  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:59:47.0923 3340  DcomLaunch - ok
19:59:47.0955 3340  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:59:47.0955 3340  defragsvc - ok
19:59:48.0001 3340  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:59:48.0017 3340  DfsC - ok
19:59:48.0064 3340  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:59:48.0079 3340  Dhcp - ok
19:59:48.0111 3340  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:59:48.0111 3340  discache - ok
19:59:48.0142 3340  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:59:48.0142 3340  Disk - ok
19:59:48.0189 3340  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:59:48.0189 3340  Dnscache - ok
19:59:48.0251 3340  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:59:48.0251 3340  dot3svc - ok
19:59:48.0329 3340  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:59:48.0329 3340  Dot4 - ok
19:59:48.0376 3340  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:59:48.0391 3340  Dot4Print - ok
19:59:48.0407 3340  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
19:59:48.0423 3340  dot4usb - ok
19:59:48.0454 3340  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
19:59:48.0469 3340  DPS - ok
19:59:48.0501 3340  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:59:48.0501 3340  drmkaud - ok
19:59:48.0563 3340  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:59:48.0563 3340  DXGKrnl - ok
19:59:48.0641 3340  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:59:48.0641 3340  EapHost - ok
19:59:48.0750 3340  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:59:48.0875 3340  ebdrv - ok
19:59:48.0984 3340  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:59:48.0984 3340  eeCtrl - ok
19:59:49.0047 3340  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
19:59:49.0062 3340  EFS - ok
19:59:49.0156 3340  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:59:49.0156 3340  ehRecvr - ok
19:59:49.0234 3340  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
19:59:49.0234 3340  ehSched - ok
19:59:49.0265 3340  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:59:49.0281 3340  elxstor - ok
19:59:49.0390 3340  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:59:49.0390 3340  EraserUtilRebootDrv - ok
19:59:49.0421 3340  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:59:49.0437 3340  ErrDev - ok
19:59:49.0530 3340  esgiguard - ok
19:59:49.0577 3340  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:59:49.0577 3340  EventSystem - ok
19:59:49.0624 3340  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:59:49.0624 3340  exfat - ok
19:59:49.0686 3340  Fabs - ok
19:59:49.0733 3340  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:59:49.0733 3340  fastfat - ok
19:59:49.0780 3340  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
19:59:49.0795 3340  Fax - ok
19:59:49.0873 3340  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:59:49.0873 3340  fdc - ok
19:59:49.0889 3340  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:59:49.0889 3340  fdPHost - ok
19:59:49.0920 3340  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:59:49.0920 3340  FDResPub - ok
19:59:49.0951 3340  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:59:49.0951 3340  FileInfo - ok
19:59:49.0967 3340  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:59:49.0967 3340  Filetrace - ok
19:59:50.0076 3340  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:59:50.0185 3340  FirebirdServerMAGIXInstance - ok
19:59:50.0248 3340  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:59:50.0248 3340  flpydisk - ok
19:59:50.0279 3340  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:59:50.0295 3340  FltMgr - ok
19:59:50.0357 3340  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
19:59:50.0388 3340  FontCache - ok
19:59:50.0466 3340  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:59:50.0466 3340  FontCache3.0.0.0 - ok
19:59:50.0482 3340  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:59:50.0482 3340  FsDepends - ok
19:59:50.0529 3340  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:59:50.0529 3340  Fs_Rec - ok
19:59:50.0575 3340  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:59:50.0575 3340  fvevol - ok
19:59:50.0622 3340  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:59:50.0622 3340  gagp30kx - ok
19:59:50.0669 3340  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:59:50.0685 3340  gpsvc - ok
19:59:50.0809 3340  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:59:50.0809 3340  gupdate - ok
19:59:50.0856 3340  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:59:50.0856 3340  gupdatem - ok
19:59:50.0903 3340  [ 9DE9A7A19195C57EF38B4EE25422F2D7 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
19:59:50.0919 3340  Hardlock - ok
19:59:50.0934 3340  hasplms - ok
19:59:50.0965 3340  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:59:50.0965 3340  hcw85cir - ok
19:59:51.0012 3340  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:59:51.0012 3340  HdAudAddService - ok
19:59:51.0059 3340  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:59:51.0059 3340  HDAudBus - ok
19:59:51.0090 3340  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
19:59:51.0090 3340  HECI - ok
19:59:51.0106 3340  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:59:51.0106 3340  HidBatt - ok
19:59:51.0137 3340  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:59:51.0137 3340  HidBth - ok
19:59:51.0168 3340  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:59:51.0168 3340  HidIr - ok
19:59:51.0199 3340  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
19:59:51.0199 3340  hidserv - ok
19:59:51.0262 3340  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:59:51.0262 3340  HidUsb - ok
19:59:51.0293 3340  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:59:51.0293 3340  hkmsvc - ok
19:59:51.0355 3340  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:59:51.0355 3340  HomeGroupListener - ok
19:59:51.0418 3340  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:59:51.0418 3340  HomeGroupProvider - ok
19:59:51.0558 3340  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:59:51.0558 3340  hpqcxs08 - ok
19:59:51.0574 3340  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:59:51.0574 3340  hpqddsvc - ok
19:59:51.0621 3340  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:59:51.0621 3340  HpSAMD - ok
19:59:51.0699 3340  [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:59:51.0714 3340  HPSLPSVC - ok
19:59:51.0777 3340  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:59:51.0792 3340  HTTP - ok
19:59:51.0823 3340  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:59:51.0823 3340  hwpolicy - ok
19:59:51.0886 3340  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:59:51.0886 3340  i8042prt - ok
19:59:51.0948 3340  [ D5EDB998656E6ECF1A17C78DAB019A3C ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:59:51.0948 3340  iaStor - ok
19:59:52.0026 3340  [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:59:52.0026 3340  IAStorDataMgrSvc - ok
19:59:52.0089 3340  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:59:52.0089 3340  iaStorV - ok
19:59:52.0182 3340  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:59:52.0182 3340  idsvc - ok
19:59:52.0323 3340  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvix86.sys
19:59:52.0323 3340  IDSVix86 - ok
19:59:52.0572 3340  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:59:52.0806 3340  igfx - ok
19:59:52.0853 3340  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:59:52.0853 3340  iirsp - ok
19:59:52.0915 3340  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:59:52.0947 3340  IKEEXT - ok
19:59:52.0993 3340  [ 03C0D99BC2913226F1CEA7CB0D984659 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
19:59:52.0993 3340  Impcd - ok
19:59:53.0118 3340  [ E4D9B6D1B012DB75A01729BC3D4C5B56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:59:53.0212 3340  IntcAzAudAddService - ok
19:59:53.0259 3340  [ 4EA6B57A3B71FD1A208AF054E97FBA37 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:59:53.0259 3340  IntcDAud - ok
19:59:53.0321 3340  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:59:53.0321 3340  intelide - ok
19:59:53.0352 3340  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:59:53.0352 3340  intelppm - ok
19:59:53.0399 3340  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:59:53.0399 3340  IPBusEnum - ok
19:59:53.0430 3340  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:59:53.0430 3340  IpFilterDriver - ok
19:59:53.0508 3340  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:59:53.0508 3340  iphlpsvc - ok
19:59:53.0555 3340  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:59:53.0555 3340  IPMIDRV - ok
19:59:53.0586 3340  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:59:53.0586 3340  IPNAT - ok
19:59:53.0602 3340  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:59:53.0602 3340  IRENUM - ok
19:59:53.0649 3340  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:59:53.0649 3340  isapnp - ok
19:59:53.0695 3340  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:59:53.0695 3340  iScsiPrt - ok
19:59:53.0727 3340  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:59:53.0727 3340  kbdclass - ok
19:59:53.0758 3340  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:59:53.0758 3340  kbdhid - ok
19:59:53.0789 3340  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
19:59:53.0789 3340  KeyIso - ok
19:59:53.0820 3340  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:59:53.0836 3340  KSecDD - ok
19:59:53.0851 3340  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:59:53.0851 3340  KSecPkg - ok
19:59:53.0898 3340  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:59:53.0898 3340  KtmRm - ok
19:59:53.0976 3340  [ 6EF8146358452995A4A9335E44ABB015 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
19:59:53.0976 3340  L1C - ok
19:59:54.0039 3340  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:59:54.0039 3340  LanmanServer - ok
19:59:54.0085 3340  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:59:54.0085 3340  LanmanWorkstation - ok
19:59:54.0132 3340  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:59:54.0132 3340  lltdio - ok
19:59:54.0163 3340  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:59:54.0163 3340  lltdsvc - ok
19:59:54.0195 3340  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:59:54.0195 3340  lmhosts - ok
19:59:54.0257 3340  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:59:54.0257 3340  LMS - ok
19:59:54.0304 3340  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:59:54.0304 3340  LSI_FC - ok
19:59:54.0351 3340  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:59:54.0351 3340  LSI_SAS - ok
19:59:54.0366 3340  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:59:54.0366 3340  LSI_SAS2 - ok
19:59:54.0382 3340  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:59:54.0382 3340  LSI_SCSI - ok
19:59:54.0413 3340  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:59:54.0413 3340  luafv - ok
19:59:54.0507 3340  [ D5673785903639D186DC345FF86F423F ] massfilter      C:\Windows\system32\drivers\massfilter.sys
19:59:54.0507 3340  massfilter - ok
19:59:54.0538 3340  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:59:54.0553 3340  Mcx2Svc - ok
19:59:54.0569 3340  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:59:54.0569 3340  megasas - ok
19:59:54.0616 3340  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:59:54.0631 3340  MegaSR - ok
19:59:54.0663 3340  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:59:54.0663 3340  MMCSS - ok
19:59:54.0725 3340  [ 5B9CA81817E046666E7ABF8B9B101545 ] mod7700         C:\Windows\system32\DRIVERS\mod7700.sys
19:59:54.0725 3340  mod7700 - ok
19:59:54.0772 3340  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
19:59:54.0772 3340  Modem - ok
19:59:54.0787 3340  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:59:54.0787 3340  monitor - ok
19:59:54.0819 3340  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:59:54.0819 3340  mouclass - ok
19:59:54.0850 3340  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:59:54.0850 3340  mouhid - ok
19:59:54.0912 3340  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:59:54.0912 3340  mountmgr - ok
19:59:55.0006 3340  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:59:55.0006 3340  MozillaMaintenance - ok
19:59:55.0053 3340  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:59:55.0068 3340  mpio - ok
19:59:55.0099 3340  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:59:55.0099 3340  mpsdrv - ok
19:59:55.0146 3340  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:59:55.0162 3340  MpsSvc - ok
19:59:55.0209 3340  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:59:55.0209 3340  MRxDAV - ok
19:59:55.0271 3340  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:59:55.0271 3340  mrxsmb - ok
19:59:55.0318 3340  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:59:55.0333 3340  mrxsmb10 - ok
19:59:55.0349 3340  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:59:55.0349 3340  mrxsmb20 - ok
19:59:55.0365 3340  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
19:59:55.0365 3340  msahci - ok
19:59:55.0380 3340  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:59:55.0380 3340  msdsm - ok
19:59:55.0411 3340  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:59:55.0411 3340  MSDTC - ok
19:59:55.0443 3340  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:59:55.0458 3340  Msfs - ok
19:59:55.0458 3340  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:59:55.0458 3340  mshidkmdf - ok
19:59:55.0505 3340  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:59:55.0505 3340  msisadrv - ok
19:59:55.0536 3340  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:59:55.0552 3340  MSiSCSI - ok
19:59:55.0552 3340  msiserver - ok
19:59:55.0567 3340  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:59:55.0567 3340  MSKSSRV - ok
19:59:55.0599 3340  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:59:55.0599 3340  MSPCLOCK - ok
19:59:55.0599 3340  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:59:55.0599 3340  MSPQM - ok
19:59:55.0630 3340  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:59:55.0630 3340  MsRPC - ok
19:59:55.0677 3340  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:59:55.0677 3340  mssmbios - ok
19:59:55.0692 3340  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:59:55.0692 3340  MSTEE - ok
19:59:55.0739 3340  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:59:55.0739 3340  MTConfig - ok
19:59:55.0755 3340  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:59:55.0755 3340  Mup - ok
19:59:55.0801 3340  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
19:59:55.0817 3340  napagent - ok
19:59:55.0848 3340  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:59:55.0848 3340  NativeWifiP - ok
19:59:55.0973 3340  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130330.009\NAVENG.SYS
19:59:55.0973 3340  NAVENG - ok
19:59:56.0051 3340  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130330.009\NAVEX15.SYS
19:59:56.0098 3340  NAVEX15 - ok
19:59:56.0176 3340  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:59:56.0207 3340  NDIS - ok
19:59:56.0238 3340  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:59:56.0238 3340  NdisCap - ok
19:59:56.0254 3340  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:59:56.0254 3340  NdisTapi - ok
19:59:56.0316 3340  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:59:56.0316 3340  Ndisuio - ok
19:59:56.0363 3340  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:59:56.0363 3340  NdisWan - ok
19:59:56.0379 3340  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:59:56.0379 3340  NDProxy - ok
19:59:56.0457 3340  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:59:56.0457 3340  Net Driver HPZ12 - ok
19:59:56.0503 3340  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:59:56.0503 3340  NetBIOS - ok
19:59:56.0550 3340  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:59:56.0550 3340  NetBT - ok
19:59:56.0581 3340  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
19:59:56.0581 3340  Netlogon - ok
19:59:56.0628 3340  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:59:56.0628 3340  Netman - ok
19:59:56.0644 3340  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:59:56.0659 3340  netprofm - ok
19:59:56.0691 3340  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:59:56.0691 3340  NetTcpPortSharing - ok
19:59:56.0722 3340  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:59:56.0722 3340  nfrd960 - ok
19:59:56.0831 3340  [ 241BD3019FB31E812A51B31B06906335 ] NIS             C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
19:59:56.0831 3340  NIS - ok
19:59:56.0878 3340  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:59:56.0893 3340  NlaSvc - ok
19:59:56.0987 3340  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Program Files\Blaze Media Pro\NMSAccess32.exe
19:59:56.0987 3340  NMSAccess - ok
19:59:57.0018 3340  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:59:57.0018 3340  Npfs - ok
19:59:57.0049 3340  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:59:57.0049 3340  nsi - ok
19:59:57.0065 3340  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:59:57.0065 3340  nsiproxy - ok
19:59:57.0143 3340  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:59:57.0174 3340  Ntfs - ok
19:59:57.0190 3340  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:59:57.0190 3340  Null - ok
19:59:57.0237 3340  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:59:57.0237 3340  nvraid - ok
19:59:57.0283 3340  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:59:57.0283 3340  nvstor - ok
19:59:57.0346 3340  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:59:57.0346 3340  nv_agp - ok
19:59:57.0424 3340  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:59:57.0439 3340  odserv - ok
19:59:57.0486 3340  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:59:57.0486 3340  ohci1394 - ok
19:59:57.0533 3340  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:57.0549 3340  ose - ok
19:59:57.0580 3340  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:59:57.0580 3340  p2pimsvc - ok
19:59:57.0627 3340  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:59:57.0627 3340  p2psvc - ok
19:59:57.0673 3340  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:59:57.0673 3340  Parport - ok
19:59:57.0720 3340  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:59:57.0720 3340  partmgr - ok
19:59:57.0751 3340  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:59:57.0751 3340  Parvdm - ok
19:59:57.0783 3340  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:59:57.0783 3340  PcaSvc - ok
19:59:57.0814 3340  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
19:59:57.0829 3340  pci - ok
19:59:57.0876 3340  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
19:59:57.0876 3340  pciide - ok
19:59:57.0923 3340  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:59:57.0923 3340  pcmcia - ok
19:59:57.0970 3340  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:59:57.0970 3340  pcw - ok
19:59:58.0001 3340  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:59:58.0001 3340  PEAUTH - ok
19:59:58.0126 3340  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
19:59:58.0173 3340  pla - ok
19:59:58.0235 3340  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:59:58.0251 3340  PlugPlay - ok
19:59:58.0313 3340  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:59:58.0313 3340  Pml Driver HPZ12 - ok
19:59:58.0344 3340  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:59:58.0344 3340  PNRPAutoReg - ok
19:59:58.0360 3340  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:59:58.0375 3340  PNRPsvc - ok
19:59:58.0422 3340  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:59:58.0422 3340  PolicyAgent - ok
19:59:58.0469 3340  [ BEFB3CF9714CD1A87B4BCFE5D38618BA ] PortDRv         C:\Windows\system32\Drivers\PortDRv.sys
19:59:58.0469 3340  PortDRv - ok
19:59:58.0531 3340  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
19:59:58.0531 3340  Power - ok
19:59:58.0578 3340  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:59:58.0578 3340  PptpMiniport - ok
19:59:58.0594 3340  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:59:58.0594 3340  Processor - ok
19:59:58.0641 3340  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
19:59:58.0641 3340  ProfSvc - ok
19:59:58.0672 3340  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:59:58.0672 3340  ProtectedStorage - ok
19:59:58.0703 3340  [ DFA924A130242E5CB5CE334A2CA0087A ] PRTDRV          C:\Windows\system32\Drivers\PRTDRV.sys
19:59:58.0703 3340  PRTDRV - ok
19:59:58.0750 3340  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:59:58.0750 3340  Psched - ok
19:59:58.0797 3340  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:59:58.0797 3340  PSI_SVC_2 - ok
19:59:58.0859 3340  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:59:58.0906 3340  ql2300 - ok
19:59:58.0953 3340  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:59:58.0953 3340  ql40xx - ok
19:59:58.0984 3340  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:59:58.0984 3340  QWAVE - ok
19:59:59.0015 3340  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:59:59.0015 3340  QWAVEdrv - ok
19:59:59.0031 3340  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:59:59.0031 3340  RasAcd - ok
19:59:59.0109 3340  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:59:59.0109 3340  RasAgileVpn - ok
19:59:59.0124 3340  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:59:59.0124 3340  RasAuto - ok
19:59:59.0140 3340  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:59:59.0140 3340  Rasl2tp - ok
19:59:59.0202 3340  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
19:59:59.0202 3340  RasMan - ok
19:59:59.0218 3340  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:59:59.0218 3340  RasPppoe - ok
19:59:59.0249 3340  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:59:59.0249 3340  RasSstp - ok
19:59:59.0296 3340  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:59:59.0296 3340  rdbss - ok
19:59:59.0327 3340  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:59:59.0327 3340  rdpbus - ok
19:59:59.0358 3340  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:59:59.0358 3340  RDPCDD - ok
19:59:59.0389 3340  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:59:59.0389 3340  RDPENCDD - ok
19:59:59.0405 3340  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:59:59.0421 3340  RDPREFMP - ok
19:59:59.0452 3340  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:59:59.0452 3340  RDPWD - ok
19:59:59.0514 3340  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:59:59.0514 3340  rdyboost - ok
19:59:59.0561 3340  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:59:59.0561 3340  RemoteAccess - ok
19:59:59.0608 3340  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:59:59.0608 3340  RemoteRegistry - ok
19:59:59.0670 3340  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:59:59.0670 3340  RichVideo - ok
19:59:59.0686 3340  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:59:59.0686 3340  RpcEptMapper - ok
19:59:59.0717 3340  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:59:59.0717 3340  RpcLocator - ok
19:59:59.0764 3340  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
19:59:59.0764 3340  RpcSs - ok
19:59:59.0811 3340  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:59:59.0811 3340  rspndr - ok
19:59:59.0857 3340  [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
19:59:59.0857 3340  RSUSBSTOR - ok
19:59:59.0920 3340  [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
19:59:59.0967 3340  rtl8192se - ok
19:59:59.0967 3340  RtsUIR - ok
19:59:59.0998 3340  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
19:59:59.0998 3340  SamSs - ok
20:00:00.0107 3340  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:00:00.0107 3340  SASDIFSV - ok
20:00:00.0138 3340  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:00:00.0138 3340  SASKUTIL - ok
20:00:00.0201 3340  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:00:00.0201 3340  sbp2port - ok
20:00:00.0232 3340  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:00:00.0248 3340  SCardSvr - ok
20:00:00.0248 3340  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:00:00.0248 3340  scfilter - ok
20:00:00.0310 3340  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
20:00:00.0326 3340  Schedule - ok
20:00:00.0372 3340  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:00:00.0372 3340  SCPolicySvc - ok
20:00:00.0419 3340  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:00:00.0435 3340  SDRSVC - ok
20:00:00.0466 3340  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:00:00.0466 3340  secdrv - ok
20:00:00.0497 3340  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
20:00:00.0497 3340  seclogon - ok
20:00:00.0513 3340  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
20:00:00.0528 3340  SENS - ok
20:00:00.0528 3340  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:00:00.0528 3340  SensrSvc - ok
20:00:00.0575 3340  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:00:00.0575 3340  Serenum - ok
20:00:00.0606 3340  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:00:00.0606 3340  Serial - ok
20:00:00.0653 3340  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:00:00.0653 3340  sermouse - ok
20:00:00.0716 3340  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:00:00.0716 3340  SessionEnv - ok
20:00:00.0747 3340  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:00:00.0747 3340  sffdisk - ok
20:00:00.0762 3340  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:00:00.0762 3340  sffp_mmc - ok
20:00:00.0794 3340  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:00:00.0794 3340  sffp_sd - ok
20:00:00.0825 3340  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:00:00.0825 3340  sfloppy - ok
20:00:00.0872 3340  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:00:00.0872 3340  SharedAccess - ok
20:00:00.0903 3340  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:00:00.0903 3340  ShellHWDetection - ok
20:00:00.0950 3340  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:00:00.0950 3340  sisagp - ok
20:00:00.0996 3340  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:00:00.0996 3340  SiSRaid2 - ok
20:00:01.0012 3340  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:00:01.0028 3340  SiSRaid4 - ok
20:00:01.0059 3340  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:00:01.0059 3340  Smb - ok
20:00:01.0121 3340  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:00:01.0121 3340  SNMPTRAP - ok
20:00:01.0137 3340  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:00:01.0137 3340  spldr - ok
20:00:01.0184 3340  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
20:00:01.0199 3340  Spooler - ok
20:00:01.0324 3340  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:00:01.0418 3340  sppsvc - ok
20:00:01.0464 3340  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:00:01.0464 3340  sppuinotify - ok
20:00:01.0542 3340  [ 712F59E64E1402237C23C55255FCB364 ] SRBoxDRv        C:\Windows\system32\Drivers\SRBoxDRv.sys
20:00:01.0542 3340  SRBoxDRv - ok
20:00:01.0683 3340  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\NIS\1403000.024\SRTSP.SYS
20:00:01.0698 3340  SRTSP - ok
20:00:01.0745 3340  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\NIS\1403000.024\SRTSPX.SYS
20:00:01.0745 3340  SRTSPX - ok
20:00:01.0792 3340  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:00:01.0808 3340  srv - ok
20:00:01.0839 3340  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:00:01.0839 3340  srv2 - ok
20:00:01.0870 3340  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:00:01.0870 3340  srvnet - ok
20:00:01.0917 3340  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:00:01.0917 3340  SSDPSRV - ok
20:00:01.0932 3340  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:00:01.0948 3340  SstpSvc - ok
20:00:01.0979 3340  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:00:01.0979 3340  stexstor - ok
20:00:02.0057 3340  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:00:02.0057 3340  StiSvc - ok
20:00:02.0120 3340  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:00:02.0120 3340  swenum - ok
20:00:02.0151 3340  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
20:00:02.0166 3340  swprv - ok
20:00:02.0213 3340  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\NIS\1403000.024\SYMDS.SYS
20:00:02.0229 3340  SymDS - ok
20:00:02.0291 3340  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\NIS\1403000.024\SYMEFA.SYS
20:00:02.0322 3340  SymEFA - ok
20:00:02.0369 3340  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
20:00:02.0369 3340  SymEvent - ok
20:00:02.0447 3340  [ 3DAAD401453F5A46CAE076F9D9D1458E ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
20:00:02.0447 3340  SymIM - ok
20:00:02.0510 3340  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NIS\1403000.024\Ironx86.SYS
20:00:02.0510 3340  SymIRON - ok
20:00:02.0541 3340  [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS         C:\Windows\System32\Drivers\NIS\1403000.024\SYMNETS.SYS
20:00:02.0541 3340  SymNetS - ok
20:00:02.0588 3340  [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:00:02.0588 3340  SynTP - ok
20:00:02.0666 3340  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
20:00:02.0681 3340  SysMain - ok
20:00:02.0712 3340  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:00:02.0712 3340  TabletInputService - ok
20:00:02.0759 3340  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:00:02.0775 3340  TapiSrv - ok
20:00:02.0806 3340  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
20:00:02.0806 3340  TBS - ok
20:00:02.0884 3340  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:00:02.0931 3340  Tcpip - ok
20:00:02.0978 3340  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:00:02.0993 3340  TCPIP6 - ok
20:00:03.0024 3340  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:00:03.0040 3340  tcpipreg - ok
20:00:03.0071 3340  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:00:03.0071 3340  TDPIPE - ok
20:00:03.0102 3340  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:00:03.0102 3340  TDTCP - ok
20:00:03.0149 3340  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:00:03.0149 3340  tdx - ok
20:00:03.0165 3340  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:00:03.0165 3340  TermDD - ok
20:00:03.0227 3340  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
20:00:03.0227 3340  TermService - ok
20:00:03.0274 3340  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
20:00:03.0274 3340  Themes - ok
20:00:03.0290 3340  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:00:03.0290 3340  THREADORDER - ok
20:00:03.0305 3340  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
20:00:03.0305 3340  TrkWks - ok
20:00:03.0383 3340  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:00:03.0383 3340  TrustedInstaller - ok
20:00:03.0446 3340  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:00:03.0446 3340  tssecsrv - ok
20:00:03.0492 3340  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:00:03.0492 3340  TsUsbFlt - ok
20:00:03.0555 3340  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:00:03.0555 3340  tunnel - ok
20:00:03.0586 3340  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:00:03.0602 3340  uagp35 - ok
20:00:03.0617 3340  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:00:03.0617 3340  udfs - ok
20:00:03.0648 3340  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:00:03.0648 3340  UI0Detect - ok
20:00:03.0680 3340  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:00:03.0680 3340  uliagpkx - ok
20:00:03.0711 3340  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
20:00:03.0726 3340  umbus - ok
20:00:03.0758 3340  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:00:03.0758 3340  UmPass - ok
20:00:03.0867 3340  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:00:03.0960 3340  UNS - ok
20:00:03.0992 3340  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
20:00:04.0007 3340  upnphost - ok
20:00:04.0054 3340  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:00:04.0054 3340  usbccgp - ok
20:00:04.0054 3340  USBCCID - ok
20:00:04.0116 3340  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:00:04.0116 3340  usbcir - ok
20:00:04.0179 3340  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:00:04.0179 3340  usbehci - ok
20:00:04.0241 3340  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:00:04.0241 3340  usbhub - ok
20:00:04.0304 3340  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:00:04.0304 3340  usbohci - ok
20:00:04.0335 3340  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:00:04.0335 3340  usbprint - ok
20:00:04.0382 3340  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:00:04.0382 3340  usbscan - ok
20:00:04.0413 3340  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:00:04.0413 3340  USBSTOR - ok
20:00:04.0475 3340  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:00:04.0475 3340  usbuhci - ok
20:00:04.0506 3340  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
20:00:04.0506 3340  UxSms - ok
20:00:04.0522 3340  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
20:00:04.0522 3340  VaultSvc - ok
20:00:04.0569 3340  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:00:04.0584 3340  vdrvroot - ok
20:00:04.0631 3340  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
20:00:04.0647 3340  vds - ok
20:00:04.0678 3340  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:00:04.0678 3340  vga - ok
20:00:04.0694 3340  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:00:04.0694 3340  VgaSave - ok
20:00:04.0740 3340  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:00:04.0740 3340  vhdmp - ok
20:00:04.0772 3340  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:00:04.0772 3340  viaagp - ok
20:00:04.0803 3340  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:00:04.0803 3340  ViaC7 - ok
20:00:04.0834 3340  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
20:00:04.0834 3340  viaide - ok
20:00:04.0850 3340  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:00:04.0850 3340  volmgr - ok
20:00:04.0881 3340  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:00:04.0881 3340  volmgrx - ok
20:00:04.0896 3340  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:00:04.0912 3340  volsnap - ok
20:00:04.0943 3340  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:00:04.0943 3340  vsmraid - ok
20:00:05.0021 3340  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
20:00:05.0052 3340  VSS - ok
20:00:05.0068 3340  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:00:05.0068 3340  vwifibus - ok
20:00:05.0099 3340  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:00:05.0099 3340  vwififlt - ok
20:00:05.0130 3340  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:00:05.0130 3340  vwifimp - ok
20:00:05.0177 3340  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
20:00:05.0177 3340  W32Time - ok
20:00:05.0240 3340  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:00:05.0240 3340  WacomPen - ok
20:00:05.0302 3340  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:00:05.0302 3340  WANARP - ok
20:00:05.0302 3340  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:00:05.0302 3340  Wanarpv6 - ok
20:00:05.0380 3340  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:00:05.0427 3340  WatAdminSvc - ok
20:00:05.0505 3340  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
20:00:05.0552 3340  wbengine - ok
20:00:05.0583 3340  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:00:05.0598 3340  WbioSrvc - ok
20:00:05.0645 3340  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:00:05.0645 3340  wcncsvc - ok
20:00:05.0661 3340  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:00:05.0661 3340  WcsPlugInService - ok
20:00:05.0692 3340  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:00:05.0692 3340  Wd - ok
20:00:05.0739 3340  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:00:05.0739 3340  Wdf01000 - ok
20:00:05.0754 3340  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:00:05.0754 3340  WdiServiceHost - ok
20:00:05.0770 3340  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:00:05.0770 3340  WdiSystemHost - ok
20:00:05.0817 3340  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
20:00:05.0832 3340  WebClient - ok
20:00:05.0864 3340  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:00:05.0864 3340  Wecsvc - ok
20:00:05.0879 3340  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:00:05.0879 3340  wercplsupport - ok
20:00:05.0910 3340  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:00:05.0910 3340  WerSvc - ok
20:00:05.0957 3340  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:00:05.0957 3340  WfpLwf - ok
20:00:05.0973 3340  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:00:05.0973 3340  WIMMount - ok
20:00:06.0020 3340  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:00:06.0035 3340  WinDefend - ok
20:00:06.0051 3340  WinHttpAutoProxySvc - ok
20:00:06.0144 3340  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:00:06.0144 3340  Winmgmt - ok
20:00:06.0207 3340  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:00:06.0254 3340  WinRM - ok
20:00:06.0316 3340  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:00:06.0332 3340  WinUsb - ok
20:00:06.0363 3340  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
20:00:06.0363 3340  WisLMSvc - ok
20:00:06.0410 3340  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:00:06.0456 3340  Wlansvc - ok
20:00:06.0550 3340  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:00:06.0597 3340  wlidsvc - ok
20:00:06.0644 3340  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:00:06.0644 3340  WmiAcpi - ok
20:00:06.0690 3340  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:00:06.0690 3340  wmiApSrv - ok
20:00:06.0800 3340  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:00:06.0831 3340  WMPNetworkSvc - ok
20:00:06.0846 3340  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:00:06.0846 3340  WPCSvc - ok
20:00:06.0893 3340  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:00:06.0893 3340  WPDBusEnum - ok
20:00:06.0940 3340  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:00:06.0940 3340  ws2ifsl - ok
20:00:06.0956 3340  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:00:06.0971 3340  wscsvc - ok
20:00:06.0971 3340  WSearch - ok
20:00:07.0065 3340  [ 86293B6785260309606B0B0B46E42252 ] WTGService      C:\Program Files\3DataManager\WTGService.exe
20:00:07.0080 3340  WTGService - ok
20:00:07.0174 3340  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:00:07.0236 3340  wuauserv - ok
20:00:07.0283 3340  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:00:07.0283 3340  WudfPf - ok
20:00:07.0330 3340  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:00:07.0330 3340  WUDFRd - ok
20:00:07.0361 3340  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:00:07.0377 3340  wudfsvc - ok
20:00:07.0408 3340  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:00:07.0408 3340  WwanSvc - ok
20:00:07.0455 3340  [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
20:00:07.0455 3340  X10Hid - ok
20:00:07.0502 3340  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
20:00:07.0502 3340  x10nets - ok
20:00:07.0533 3340  [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
20:00:07.0533 3340  XUIF - ok
20:00:07.0580 3340  [ C9C0B1EF87F1B88DC5477BC887CA1960 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:00:07.0580 3340  ZTEusbmdm6k - ok
20:00:07.0611 3340  [ C9C0B1EF87F1B88DC5477BC887CA1960 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:00:07.0611 3340  ZTEusbnmea - ok
20:00:07.0626 3340  [ C9C0B1EF87F1B88DC5477BC887CA1960 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:00:07.0626 3340  ZTEusbser6k - ok
20:00:07.0642 3340  ================ Scan global ===============================
20:00:07.0689 3340  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:00:07.0736 3340  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:00:07.0751 3340  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:00:07.0767 3340  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:00:07.0814 3340  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:00:07.0814 3340  [Global] - ok
20:00:07.0814 3340  ================ Scan MBR ==================================
20:00:07.0829 3340  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
20:00:10.0809 3340  \Device\Harddisk0\DR0 - ok
20:00:10.0809 3340  ================ Scan VBR ==================================
20:00:10.0809 3340  [ 3B4B27F232AD239884D2760AD5815A7A ] \Device\Harddisk0\DR0\Partition1
20:00:10.0809 3340  \Device\Harddisk0\DR0\Partition1 - ok
20:00:10.0856 3340  [ 697878C955C3C37A0204AB850C8F13E6 ] \Device\Harddisk0\DR0\Partition2
20:00:10.0856 3340  \Device\Harddisk0\DR0\Partition2 - ok
20:00:10.0887 3340  [ B194FE945CEFEF9FB26C96C6E6BE0016 ] \Device\Harddisk0\DR0\Partition3
20:00:10.0902 3340  \Device\Harddisk0\DR0\Partition3 - ok
20:00:10.0902 3340  ============================================================
20:00:10.0902 3340  Scan finished
20:00:10.0902 3340  ============================================================
20:00:10.0918 4904  Detected object count: 0
20:00:10.0918 4904  Actual detected object count: 0

Nach diesen 2 Durchgängen hab ich jetzt versucht mich mal mit den Zweitaccount einzuloggen – und siehe da! Es funktioniert, Windows- Explorer bleibt stabil.
Und nun die große Frage: wie geht es weiter?
Glg

Aneri · 31.03.2013, 19:46

so gehts weiter , nur ein Paar kleine Einträge fixen ...

das Script löscht zusätzlich deine temporären Dateien und erstellt einen Wiederherstellungspunkt.

OTL Fix als Schritt 1:

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1

:Commands
[emptytemp]
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

OTL Kontrolle als Schritt 2:

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

kruemmel · 31.03.2013, 21:41

Das klingt jetzt nicht so vielversprechend….

Code:

ATTFilter

 
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Muss dazu auch ehrlich gestehen, dass ich den Laptop ganz böse abgewürgt hab nachdem er schon eine halbe Stunde auf Runterfahrmodus war und sich nichts mehr getan hat, hätt ich mehr Geduld beweisen solln?

Und der logle:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.03.2013 22:31:23 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannelore\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 74,43% Memory free
6,85 Gb Paging File | 5,96 Gb Available in Paging File | 87,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 121,97 Gb Free Space | 28,72% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
 
Computer Name: KARIN-PC | User Name: Hannelore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.30 21:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
PRC - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.12 18:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
PRC - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe
PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 14:15:52 | 000,071,096 | ---- | M] () -- C:\Programme\Blaze Media Pro\NMSAccess32.exe
PRC - [2008.03.19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.31 09:21:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 11:28:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.12 18:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 10:55:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.12 14:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.03.19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.03.17 11:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.03.16 02:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130330.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.03.16 02:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130330.009\NAVENG.SYS -- (NAVENG)
DRV - [2013.03.13 16:57:20 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.01.30 21:18:18 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys -- (SymNetS)
DRV - [2013.01.30 21:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013.01.28 19:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013.01.28 19:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013.01.21 20:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS)
DRV - [2012.11.15 20:45:16 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012.11.15 20:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\Ironx86.sys -- (SymIRON)
DRV - [2012.11.15 20:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012.09.25 18:06:54 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012.09.08 12:47:04 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.08.09 09:10:01 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.08 04:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.12.22 19:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.02 16:54:20 | 000,020,008 | ---- | M] (Psychology Software Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prtdrv.sys -- (PRTDRV)
DRV - [2009.09.18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.31 03:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008.03.18 15:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 15:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.07.23 14:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 14:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 14:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.04.12 16:19:54 | 000,011,776 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRBoxDRv.sys -- (SRBoxDRv)
DRV - [2002.10.25 14:49:48 | 000,007,168 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PortDRv.sys -- (PortDRv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{4CD44656-8609-47F5-BB74-4FDFA8AA39BF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 18:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.03.31 22:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.16 19:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.17 14:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 11:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.31 09:24:52 | 000,000,000 | ---D | M]
 
[2011.01.12 20:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Extensions
[2013.03.30 21:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Firefox\Profiles\d41qh64p.default\extensions
[2013.03.30 21:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 11:28:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.20 21:58:47 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142F2D10-AFAC-4319-8B97-F2F9242E1639}: DhcpNameServer = 143.205.176.16 143.205.176.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A34EE5B-9CDB-4BBC-A369-A031E82A7022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 19:42:18 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\Desktop\Neuer Ordner
[2013.03.31 19:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\Desktop\mbar
[2013.03.31 19:34:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hannelore\Desktop\tdsskiller.exe
[2013.03.31 09:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 09:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.03.31 09:24:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.30 21:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
[2013.03.30 21:01:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.03.30 21:01:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.30 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.30 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\Apps
[2013.03.30 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\CrashDumps
[2013.03.17 14:37:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.03.08 11:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.31 22:27:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 22:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 22:26:58 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.31 21:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 21:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.31 20:41:31 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 20:41:31 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 19:34:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hannelore\Desktop\tdsskiller.exe
[2013.03.31 19:31:06 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.31 19:31:06 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.31 19:31:06 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.31 19:31:06 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.31 16:04:53 | 000,609,993 | ---- | M] () -- C:\Users\Hannelore\Desktop\adwcleaner.exe
[2013.03.31 15:55:03 | 000,076,088 | ---- | M] () -- C:\Users\Hannelore\Desktop\Gmer.zip
[2013.03.31 09:24:52 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.30 21:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
[2013.03.30 21:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Hannelore\defogger_reenable
[2013.03.30 21:15:37 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.20 07:03:24 | 001,900,054 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.17 14:37:57 | 000,002,427 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.03.17 14:36:30 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021
[2013.03.17 11:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.03.17 11:06:41 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.03.17 11:06:41 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
 
========== Files Created - No Company Name ==========
 
[2013.03.31 16:04:52 | 000,609,993 | ---- | C] () -- C:\Users\Hannelore\Desktop\adwcleaner.exe
[2013.03.31 15:55:03 | 000,076,088 | ---- | C] () -- C:\Users\Hannelore\Desktop\Gmer.zip
[2013.03.31 09:24:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.31 09:24:52 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.30 21:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Hannelore\defogger_reenable
[2011.11.23 22:38:05 | 000,005,632 | ---- | C] () -- C:\Users\Hannelore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.09.26 21:59:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2012.12.04 07:31:28 | 000,000,000 | ---D | M] -- C:\Users\Hannelore\AppData\Roaming\3DataManager
[2011.03.09 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Hannelore\AppData\Roaming\GazeTracker
[2013.03.30 06:04:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\3DataManager
[2011.10.12 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Amazon
[2012.07.20 08:39:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\AnvSoft
[2013.03.31 09:53:23 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Dropbox
[2012.07.31 09:26:07 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft
[2012.12.27 11:28:12 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FreeAudioPack
[2012.06.05 22:45:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\IrfanView
[2012.07.20 08:37:21 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\MOVAVI
[2010.10.29 15:22:23 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Philipp Winterberg
[2012.02.01 21:24:56 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\pixelStorm
[2010.11.09 09:57:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Pst
[2011.07.01 14:43:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Unity
[2013.03.31 08:55:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\uTorrent
[2012.01.23 17:44:09 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\WordToPDF
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Aneri · 01.04.2013, 18:37

Hallo Kruemmel

da ging was schief beim Fix ... bitte versuche es so noch einmal ...

OTL Fix als Schritt 1:

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:processes
explorer.exe

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1

:Commands
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

OTL Kontrolle als Schritt 2:

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

kruemmel · 01.04.2013, 21:21

Der OTL File nach den Fix:

Code:

ATTFilter

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTL ==========
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Error: No service named mod7700 was found to stop!
Service\Driver key mod7700 not found.
File C:\Windows\System32\drivers\mod7700.sys not found.
Registry value HKEY_USERS\S-1-5-21-2565143384-857478621-2599862508-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}\\DhcpNameServer| /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 04012013_215542

Und nochmal OTL die Erste:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.04.2013 22:06:14 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannelore\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 66,84% Memory free
6,85 Gb Paging File | 5,72 Gb Available in Paging File | 83,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 118,52 Gb Free Space | 27,91% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
Drive F: | 12,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KARIN-PC | User Name: Hannelore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.30 21:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
PRC - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.12 18:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
PRC - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe
PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 14:15:52 | 000,071,096 | ---- | M] () -- C:\Programme\Blaze Media Pro\NMSAccess32.exe
PRC - [2008.03.19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2010.07.27 12:01:09 | 000,484,816 | ---- | M] () -- C:\Programme\3DataManager\3DataManager_Launcher.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.31 09:21:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 11:28:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.12 18:56:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 10:55:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.12 14:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.03.19 12:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.03.17 11:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.03.16 02:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130401.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.03.16 02:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130401.004\NAVENG.SYS -- (NAVENG)
DRV - [2013.03.13 16:57:20 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.01.30 21:18:18 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys -- (SymNetS)
DRV - [2013.01.30 21:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013.01.28 19:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013.01.28 19:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013.01.21 20:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS)
DRV - [2012.11.15 20:45:16 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012.11.15 20:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\Ironx86.sys -- (SymIRON)
DRV - [2012.11.15 20:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012.09.25 18:06:54 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2012.09.08 12:47:04 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012.09.08 12:47:04 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.08.09 09:10:01 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.08 04:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.12.22 19:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.02 16:54:20 | 000,020,008 | ---- | M] (Psychology Software Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prtdrv.sys -- (PRTDRV)
DRV - [2009.09.18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.31 03:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008.03.18 15:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 15:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.07.23 14:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 14:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 14:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.04.12 16:19:54 | 000,011,776 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRBoxDRv.sys -- (SRBoxDRv)
DRV - [2002.10.25 14:49:48 | 000,007,168 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PortDRv.sys -- (PortDRv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{4CD44656-8609-47F5-BB74-4FDFA8AA39BF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 18:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.04.01 22:01:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.16 19:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.17 14:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 11:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.31 09:24:52 | 000,000,000 | ---D | M]
 
[2011.01.12 20:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Extensions
[2013.03.30 21:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannelore\AppData\Roaming\mozilla\Firefox\Profiles\d41qh64p.default\extensions
[2013.03.30 21:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 11:28:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.20 21:58:47 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2565143384-857478621-2599862508-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142F2D10-AFAC-4319-8B97-F2F9242E1639}: DhcpNameServer = 143.205.176.16 143.205.176.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A34EE5B-9CDB-4BBC-A369-A031E82A7022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 19:42:18 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\Desktop\Neuer Ordner
[2013.03.31 19:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\Desktop\mbar
[2013.03.31 19:34:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hannelore\Desktop\tdsskiller.exe
[2013.03.31 09:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 09:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.03.31 09:24:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.30 21:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
[2013.03.30 21:01:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.03.30 21:01:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.30 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.30 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\Apps
[2013.03.30 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\Hannelore\AppData\Local\CrashDumps
[2013.03.17 14:37:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.03.08 11:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 22:08:39 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:08:39 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:01:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 22:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 22:00:46 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 21:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 21:37:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 16:18:45 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.01 16:18:45 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.01 16:18:45 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.01 16:18:45 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.31 19:34:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hannelore\Desktop\tdsskiller.exe
[2013.03.31 16:04:53 | 000,609,993 | ---- | M] () -- C:\Users\Hannelore\Desktop\adwcleaner.exe
[2013.03.31 15:55:03 | 000,076,088 | ---- | M] () -- C:\Users\Hannelore\Desktop\Gmer.zip
[2013.03.31 09:24:52 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.30 21:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannelore\Desktop\OTL.exe
[2013.03.30 21:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Hannelore\defogger_reenable
[2013.03.30 21:15:37 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.20 07:03:24 | 001,900,054 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.17 14:37:57 | 000,002,427 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.03.17 14:36:30 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021
[2013.03.17 11:06:41 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.03.17 11:06:41 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.03.17 11:06:41 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
 
========== Files Created - No Company Name ==========
 
[2013.03.31 16:04:52 | 000,609,993 | ---- | C] () -- C:\Users\Hannelore\Desktop\adwcleaner.exe
[2013.03.31 15:55:03 | 000,076,088 | ---- | C] () -- C:\Users\Hannelore\Desktop\Gmer.zip
[2013.03.31 09:24:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.31 09:24:52 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.30 21:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Hannelore\defogger_reenable
[2011.11.23 22:38:05 | 000,005,632 | ---- | C] () -- C:\Users\Hannelore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.09.26 21:59:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2013.04.01 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\Hannelore\AppData\Roaming\3DataManager
[2011.03.09 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Hannelore\AppData\Roaming\GazeTracker
[2013.04.01 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\3DataManager
[2011.10.12 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Amazon
[2012.07.20 08:39:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\AnvSoft
[2013.04.01 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Dropbox
[2012.07.31 09:26:07 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft
[2012.12.27 11:28:12 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FreeAudioPack
[2012.06.05 22:45:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\IrfanView
[2012.07.20 08:37:21 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\MOVAVI
[2010.10.29 15:22:23 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Philipp Winterberg
[2012.02.01 21:24:56 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\pixelStorm
[2010.11.09 09:57:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Pst
[2011.07.01 14:43:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Unity
[2013.03.31 08:55:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\uTorrent
[2012.01.23 17:44:09 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\WordToPDF
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

So weit so gut?

Vielen Lieben Dank für die ganze Zeit die du hier reinsteckst!

glg,
Kruemmel

Aneri · 02.04.2013, 09:01

Hallo Kruemmel

gibt es noch irgendwelche Probleme mit deinem System?
So geht es weiter ...

MBAM Scan als Schritt 1:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Scan als Schritt 1:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

kruemmel · 02.04.2013, 17:58

Hallo Heiko!
Mein System macht soweit keine Probleme mehr und scheint ordnungsgemäss zu funktionieren. Keine Abstürze vom Explorer und keine sonstigen Auffälligkeiten mehr.

Zu Punkt 1 hier der Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.02.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Hannelore :: KARIN-PC [Administrator]

Schutz: Aktiviert

02.04.2013 16:47:34
mbam-log-2013-04-02 (16-47-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244432
Laufzeit: 5 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset bringt folgende Ergebnisse :

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b18d90fa4a9de499ebbde58c9daee76
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-09 05:21:27
# local_time=2012-02-09 06:21:27 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 196177 196177 0 0
# compatibility_mode=3588 16777214 85 82 4346838 32690662 0 0
# compatibility_mode=5893 16776574 100 94 24911686 80429047 0 0
# compatibility_mode=8192 67108863 100 0 3790 3790 0 0
# scanned=220686
# found=0
# cleaned=0
# scan_time=10230
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6b18d90fa4a9de499ebbde58c9daee76
# engine=13407
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-17 01:41:39
# local_time=2013-03-17 02:41:39 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 5035 126153083 0 0
# compatibility_mode=5893 16776574 100 94 59641529 115158890 0 0
# scanned=42967
# found=0
# cleaned=0
# scan_time=974
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6b18d90fa4a9de499ebbde58c9daee76
# engine=13515
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-30 11:55:13
# local_time=2013-03-30 12:55:13 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 503303 127269897 0 0
# compatibility_mode=5893 16776574 100 94 60758343 116275704 0 0
# scanned=211476
# found=1
# cleaned=1
# scan_time=10366
sh=4A3A6118B26152CE95780F5297F00D5733772178 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UXAN90GS\firstload_com[1].htm"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6b18d90fa4a9de499ebbde58c9daee76
# engine=13533
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-02 04:37:49
# local_time=2013-04-02 06:37:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 74159 127546053 0 0
# compatibility_mode=5893 16776574 100 94 61034499 116551860 0 0
# scanned=199486
# found=0
# cleaned=0
# scan_time=5635

bin allerdings unterwegs, d.h. ich habe noch eine Stick und eine Festplatte zuhause die nicht mitgescannt wurden, dies kann ich frühestens am Donnerstag Abend erledigen. Eset war am Anfang des Ganzen, bevor ich mich hier ans Board gewendet habe mein Mittel erster Wahl, bin mir nicht sicher ob da schon was gefunden wurde, nachdem logs für mich ein bisschen wie chinesisch sind hab ich mir die nie so genau angeschaut

hat auf alle Fälle nichts geholfen, die Probleme waren weiter am bestehen...

Aneri · 02.04.2013, 18:48

Wunderbar dein System ist soweit ich das sehen kann sauber.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Benutzerkonto Einstellungen:

Wir sehen immer wieder User mit Administratorrechten. Hier kann jeder Nutzer eines Windowsrechners schon die erste Türe schließen. Arbeite mit einem eingeschränkten Benutzerkonto anstelle eines Kontos mit Administratorrechten. Diese sind für das tägliche Arbeiten nicht nötig, und solltest du einmal Software installieren wollen wirst du im normalfall nach deinem Passwort gefragt.

Solltest du Hilfe bei der Erstellung eines "eingeschränkten Kontos" benötigen helfe ich dir gern weiter.

Systemupdates:

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Besonders Java erfährt zur Zeit regelmäßig sicherheitsrelevante Updates

Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
Klicke erneut OK.

schneller Plugin-Test: PluginCheck

Antivirensoftware

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

alternatives Browsen

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Wenn du möchtest, kannst du das Trojaner Board Forum mit einer kleinen Spende unterstützen.

kruemmel · 02.04.2013, 19:13

Ein ganz ganz herzliches Dankeschön an dich!!!!
Freu mich total das das alles jetzt so gut geklappt hat und das die Hilfe auch für mich, absoluten Computer-Laie, sehr gut zu verstehen und zu machen war

und ein danke für die Tips! dass mit den Administratorrechten wurde schon umgesetzt

eine frage hab ich jetzt noch: und zwar hab ich bevor ich den thread angefangen habe mich durch diese anleitung zum "wie man hier postet" durchgeackert ->http://www.trojaner-board.de/69886-a...-beachten.html

und da war dann von etwas abschalten die rede, und zwar hier:

Zitat:

Schritt 1

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop (CD/DVD-Emulatoren mit DeFogger deaktivieren).

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

muss ich da noch etwas machen? das Dings-was-es-auch-immer-sein-mag wieder einschalten?

Aneri · 03.04.2013, 07:13

Hallo Kruemmel, danke für deine Rückmeldung. Verfahre wie hier beschrieben...

Starte das Tool mit Doppelklick.
Klicke nun auf den Re-enable Button

und nun wünsche ich dir nochmals viel Spaß mit dem Rechner, wenn es Probleme gibt einfach vorbeischauen.

Windows Explorer stürzt ununterbrochen ab, Virus?

Plagegeister aller Art und deren Bekämpfung: Windows Explorer stürzt ununterbrochen ab, Virus?