Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus nach Facebook-"Video"?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.04.2013, 14:20   #1
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Hallo,

ich habe vor einigen Tagen dummerweise auf ein vermeintliches Video bei Facebook geklickt, woraufhin sich ein neuer Tab öffnete wo ich eine Datei hätte herunterladen sollen um das Video zu sehen. Ich habe den Tab dann direkt geschlossen und das Thema erstmal abgehakt. einige Tage später bekam ich eine Nachricht, dass ich 2 Pornovideos "geliked" hätte, was ich definitiv nicht getan habe. Ich konnte aber weder bei mir noch bei der Person die mir das mitgeteilt hat nochmal etwas dazu finden...

Auf der Suche nach Hinweisen zu dem Thema habe ich eine Seite gefunden auf der steht, dass es sich um einen "Selbst-replizierenden Wurm" handelt.

Da ich selber nicht allzuviel Ahnung von dem Thema habe, bin ich mir unsicher ob mein PC nun mit irgendetwas infiziert ist oder nicht. Ich hoffe hier kann mir jemand helfen.

Avira Antivir findet nichts, Malewarebytes Anti-Maleware hat auch nichts beim kompletten Scan gefunden. Ad-Aware (habe ich nur für einen weiteren Scan installiert und außer bei dem Scan immer deaktiviert) hat bei einem Quick-Scan eine Sache gefunden, die ich dummerweise schon gelöscht habe und ich weiß nicht ob bzw. wo ich die log-files finden kann. Spybot hat jede Menge Funde gehabt, alle zwischen Klasse 1 und 5...

Bei dem Scan mit GMER kamen folgende Fehlermeldungen:
1. C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

2. C:\Users\***\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

Hier die log-files von OTL, Extras, gmer und Spybot:

Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.04.2013 13:58:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,03% Memory free
15,92 Gb Paging File | 13,63 Gb Available in Paging File | 85,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,87 Gb Free Space | 49,86% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D1ECA-16C4-4D85-9702-7E4C2E6AC167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B2A680B-C5EC-43CC-85DC-6FF23595E105}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D7AAE3B-3298-49BF-8092-175010B8203F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{25F6075E-6CF0-4348-9FFF-9E79FB183FB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{331E3BAB-03F7-4AB6-8979-A2EC5B4B70F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34E85162-7E62-4291-B6FA-90B40120E1F6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A724997-D429-4FF2-8150-D1AA2E6C7967}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5174C8AB-CCFC-45F6-8F0C-E2DDE2EE7562}" = lport=137 | protocol=17 | dir=in | app=system | 
"{606BA6DA-71B4-49F6-837E-B060D92D4218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60D7EF28-E601-415D-A340-F710C71D8A2B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73CC2E96-B689-4BDC-A352-341AA2B4417C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{790F1CD0-46A2-439E-87BD-D249A60C3F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79F8A380-5C69-49A5-A512-7D127FEE5093}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7C2BA455-F8D0-42B1-859B-530AEECA65AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99137CD1-AAF8-403F-A9F5-21DE2B1EB3F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A526CDA5-9975-4F2A-8141-E36A101C8369}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A881DEC4-BF96-4AB5-ADCB-1C557FEEF0B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8E8E366-058C-42F3-8664-561201440831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFDB7142-FE27-4E3D-A6DE-EA3B9857F616}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B10DC8E5-1E19-4AA9-95FB-F6DC31BC0063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC8B3877-DE17-4030-B75E-4D4F7BA27DBD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD270723-4037-44D0-BCD6-9E13635DFD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F254A677-B6C4-493D-BE02-76ECC55791C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F98495EA-978B-414C-8F39-B39D6AEB1E07}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03543A78-1844-4DB2-884E-E61B63628747}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | 
"{042ED58F-8A80-4EFA-897A-765EF33B192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{05AED89E-ED3B-473A-83C4-2211FBA44AEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0AA1CA60-9CC2-41E7-8015-3B429133BDE5}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | 
"{111CE07C-7E3B-43AC-9229-68B478A481E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{13763ACD-07AB-47DB-AF24-79D7BF32280A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14450B91-2C51-406C-8141-E1C210DE7554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E3F1706-6F9F-4731-8A84-0D7BEF0333B3}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | 
"{2672A338-5ACF-4DC7-B46C-270CE3AB8193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2905AFAA-A4C6-4F91-A5AC-55841AE293AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4007DF4D-F0FE-4952-BE38-34D3C8477368}" = protocol=6 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | 
"{468D3BB1-EDE5-4E86-A934-2A617EA82D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4F87F356-EC0B-433A-884C-6D8AF3A33A6F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{58B56E31-97A9-47E1-B592-37C8FC732AF2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{61DA499B-918F-4AF7-B4AE-B9DE32904BB4}" = protocol=17 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | 
"{6A187ED3-A888-439B-B44A-9E4E76A1AF30}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | 
"{6E0A4E84-59EC-40E4-92F7-E493795BFF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6E122F83-70B3-4223-949C-0D69B6775166}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{720569FF-D6F1-48FD-9F7F-D3B3B3A6E829}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | 
"{72F56326-E1FE-4A1A-9F22-B9BAD18DF314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FC0FDCC-3540-4F3B-A328-6E19E40E775F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{88567FB6-CDCA-4D8E-B86A-D5B304552723}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{8A04F809-2DE6-4AF7-B578-E5D55C5AC2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{996491A3-ABD4-4708-A5B5-394113955E2A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | 
"{A27A58D8-CEAE-4DC4-BB2D-E8293559D25E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A4699B08-3471-45A7-88BC-590D6DD82F60}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{A57D9C23-0DA1-48FA-90A8-19864BAC64C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{ADA65890-5F0E-4042-BFFE-5F9B1A6A8878}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{AE7F76DA-369E-4769-851D-EC65DCEFE41D}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{AF2D453E-4190-4940-BB76-60013BF52C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B5051A1B-C957-4856-A820-CB1D110EDCF3}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | 
"{B67D4C3B-F8E4-4B17-94F7-B1BC5637E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B67FFFE8-EA25-413A-BE2D-F31B7DA9760A}" = protocol=6 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | 
"{BB8ADD7A-1DEE-49B7-899B-F255E921561C}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | 
"{BBAC2AFB-70A1-4E5F-9717-A5D015D31535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1D7B709-7660-48AE-8319-38889D9FB003}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | 
"{C6096757-F656-4E16-A079-7D34A1F6074E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D04F6D4A-B679-4F86-9CAA-FC57B2574E12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7C3465F-A32D-4729-8ED4-ABA7BD3F5507}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{DA2594F0-B444-4749-B476-175EB4BD38D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC4E6DA9-BCA4-4060-AF42-8AE3A00BA27F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | 
"{DC686CAE-FE56-44C5-8262-36F60E761493}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{E59AA3BF-5656-4905-9224-35C975175372}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E78923F0-03F5-49B7-A92E-FA4A02798388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD2E393-8ADC-4C1C-945A-36DFF02079A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F49E385A-195F-4ABC-90FB-6394EAAAE309}" = protocol=17 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | 
"{F70042D6-99C3-49CD-80CE-0C12531B100C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB547F36-260D-4F78-8C65-E56257CB545F}" = protocol=6 | dir=out | app=system | 
"{FE40AFE4-BEAD-4E73-BADB-7B64A44AE3E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{FF333F3C-BEC7-4B50-A613-FA0A44CCA871}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{6AE52F37-B7A9-494A-BA51-EF413B05870C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{7A8A84B8-B9A8-4727-AC4A-939DE9AE84B7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Free Video Converter_is1" = Free Video Converter V 3.1
"FreePDF_XP" = FreePDF (Remove only)
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"XnView_is1" = XnView 1.99
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2013 05:52:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12310
Description = 
 
Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12298
Description = 
 
Error - 09.03.2013 10:44:59 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 07:39:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 16:24:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 09:14:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 13:04:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 11:07:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 13:11:41 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 08:45:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 17:15:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 22.04.2013 12:36:10 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 08.01.2013 05:36:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 06:56:45 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy9" den Befehl "chkdsk" aus.
 
Error - 08.01.2013 07:34:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 07:34:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 11:30:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 11:30:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 18:31:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 18:31:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.01.2013 13:54:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.01.2013 13:54:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---

[/CODE]

OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.04.2013 14:17:05 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Trojaner-Board\OTL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,99% Memory free
15,92 Gb Paging File | 13,61 Gb Available in Paging File | 85,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,66 Gb Free Space | 49,59% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\Trojaner-Board\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startzentrale.de
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{70FEE180-EBE5-4fa3-B9FB-49E3D343B7FF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{7EE9917A-A530-4c18-B879-D95660327BEC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startzentrale.de"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.07.28 22:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.07.28 22:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.10 20:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.21 21:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 16:59:13 | 000,000,000 | ---D | M]
 
[2012.07.28 23:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.21 21:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions
[2013.04.21 21:05:52 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.04.21 21:05:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.03.22 18:44:48 | 000,161,094 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\thumbnailZoom@dadler.github.com.xpi
[2013.04.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 16:59:12 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.08.10 20:09:04 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24FCBEE-B986-47D8-8AD0-EBDD2C422BF8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.23 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board
[2013.04.21 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.04.21 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.21 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.04.21 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.21 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.04.21 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2013.04.21 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.04.21 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.21 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013.04.21 21:04:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.04.21 21:04:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.21 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.04.21 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.21 20:54:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.21 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.19 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.12 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.07 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ
[2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.01 22:31:20 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 22:31:20 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 22:31:20 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.23 13:57:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.23 13:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 13:49:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 13:49:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.23 13:49:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.23 13:49:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.23 13:49:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 13:45:07 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.23 13:44:38 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 13:44:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.21 21:04:07 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.04.21 21:04:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.21 20:54:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.10 15:51:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 14:36:53 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.07 18:39:09 | 000,014,565 | ---- | M] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 22:31:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 22:31:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 22:31:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.23 13:57:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.21 21:06:22 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.21 20:54:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.21 20:54:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.07 18:39:09 | 000,014,565 | ---- | C] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf
[2013.04.02 13:51:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.04 18:17:57 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012.10.05 12:22:56 | 000,000,282 | ---- | C] () -- C:\Windows\game.ini
[2012.09.28 19:17:46 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.28 19:17:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.28 19:17:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.25 17:28:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.25 17:28:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.12 19:43:53 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2012.08.07 15:34:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.07.28 23:04:22 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.07.28 22:55:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.28 17:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.28 17:50:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 17:50:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.28 17:50:32 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.21 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.09.08 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development
[2013.01.04 18:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.08.02 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.12.13 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2012.07.29 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.01 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation
[2012.07.28 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Splashtop
[2013.04.13 15:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.10.31 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
         
--- --- ---

[/CODE]

gmer:
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-23 14:29:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000072ad1a22 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000072ad1ad0 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000072ad1b08 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000072ad1bba 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000072ad1bda 2 bytes [AD, 72]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076d41465 2 bytes [D4, 76]
.text   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread   [844:856]                                                                                                                                             0000000077ad3e45
Thread   [844:860]                                                                                                                                             0000000075f17587
Thread   [844:864]                                                                                                                                             0000000074f6c59c
Thread   [844:868]                                                                                                                                             0000000074f6c59c
Thread   [844:916]                                                                                                                                             0000000074f6c59c
Thread   [844:920]                                                                                                                                             0000000077ad2e25
Thread   [844:932]                                                                                                                                             0000000074f6c41c
Thread   [844:936]                                                                                                                                             0000000074e8e2db
Thread   [844:940]                                                                                                                                             0000000074f6c59c
Thread   [844:944]                                                                                                                                             0000000074f6c41c
Thread   [844:948]                                                                                                                                             0000000074f6c41c
Thread   [844:952]                                                                                                                                             0000000074f6c41c
Thread   [844:956]                                                                                                                                             0000000074f6c41c
Thread   [844:960]                                                                                                                                             0000000074f6c41c
Thread   [844:964]                                                                                                                                             0000000074f6c41c
Thread   [844:968]                                                                                                                                             0000000074f6c41c
Thread   [844:972]                                                                                                                                             0000000074f6c41c
Thread   [844:976]                                                                                                                                             0000000074f6c41c
Thread   [844:980]                                                                                                                                             0000000074f6c41c
Thread   [844:984]                                                                                                                                             0000000074f6c41c
Thread   [844:988]                                                                                                                                             0000000074f6c41c
Thread   [844:992]                                                                                                                                             0000000074f6c41c
Thread   [844:996]                                                                                                                                             0000000074f6c41c
Thread   [844:1000]                                                                                                                                            0000000074f6c41c
Thread   [844:1004]                                                                                                                                            0000000074f6c41c
Thread   [844:1008]                                                                                                                                            0000000074f6c41c
Thread   [844:1012]                                                                                                                                            0000000074f6c59c
Thread   [844:1016]                                                                                                                                            0000000074278df0
Thread   [844:1020]                                                                                                                                            0000000074278df0
Thread   [844:156]                                                                                                                                             0000000074278df0
Thread   [844:160]                                                                                                                                             0000000074274e70
Thread   [844:464]                                                                                                                                             0000000074f6c59c
Thread   [844:3096]                                                                                                                                            0000000074f6c59c
Thread   [844:3904]                                                                                                                                            0000000074f6c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:2964]                                                                                                              0000000001203fe1
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3296]                                                                                                              0000000070338c3c
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3300]                                                                                                              0000000070338f11
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3304]                                                                                                              000000007033882e
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3308]                                                                                                              0000000073e9786a

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---
und hier auch noch von Spybot:
Code:
ATTFilter
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Processing: 130422-181356.xml
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Microsoft.Windows.Security.InternetExplorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\  iexplore.exe
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Macromedia.FlashPlayer.Cookies
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\cdn.flashtalking.com\  ftLocalComms.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\core.mochibot.com\  com.mochibot.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\doug1izaerwt3.cloudfront.net\  fa3e9c783cb6bec308806b37b0c2d78f26f4de4d.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\ia.media-imdb.com\  IMDBTEST.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\images-na.ssl-images-amazon.com\  mercury.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\imagesrv.adition.com\  movad.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\members.bet365.com\  FCE.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  com.mochiads.lock.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  com.mochiads.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  mochiLCStatus.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  services.mochiads.com.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  __coinsEventLC__.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  __ms_1353002146639_77109.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  __ms_1353002146639_77109_fromgame.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochibot.com\  com.mochibot.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\  analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\  soundData.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\  videostats.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server11.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server22.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server25.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server29.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server44.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server6.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.afcdn.com\  analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\streamcloud.eu\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  pa411.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  SpilGames_hot_pursuit_city_UserData.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  WAG_DogfightAces_Campaign.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  WAG_DogfightAces_Defence.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  WAG_DogfightAces_Main.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.naiadexports.com\  naiad.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www8.agame.com\  com.spilgames.settings.1.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\yesload.net\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\js.adscale.de\adscale-playlist.swf\  ADSCALE_VOLUME.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##12B5C53856D2479D\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##1BB569B201A2417E\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4109631858BF8467\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4BADABEB8E8C69D1\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##5AB2FEA9FC7F8419\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##8ABE9FD535F69C17\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##D8042BAA605AE25F\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##F3593E2E0230D607\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\skype.com\#ui\  preferences.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.putlocker.com\video_player.swf\  org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.sockshare.com\video_player.swf\  org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\a.affil.io\s\af.swf\  afstorage.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\back7.keycaptcha.com\js\keycaptcha-logo\  kcv_uid.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\dex.ct-ads.com\cdn\storage.swf\  cta.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\heias.com\x\heias_sc.swf\  heias.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\icq.com\IrCQNet\chat2009.swf\  chat_pref.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\olympia.ard.de\flash\OSMFPlayer.swf\  HDCore.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\player\flowplayer.commercial-3.2.7.swf\  org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\stat.ed.cupidplc.com\images\ed2.swf\  srfp_28.sol
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MediaPlex
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***)  Cookie:***@mediaplex.com/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***)  Cookie:***@apmebf.com/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .apmebf.com/ (S)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .mediaplex.com/ (svid)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .apmebf.com/ (TT)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (S)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .apmebf.com/ (LCLK)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (LCLK)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (TT)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (PBLP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .mediaplex.com/ (mojo1)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .mediaplex.com/ (mojo3)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: FastClick
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***)  Cookie:***@fastclick.net/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .fastclick.net/ (pluto)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: DoubleClick
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .doubleclick.net/ (id)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .googleads.g.doubleclick.net/ (ebNewBandWidth_.googleads.g.doubleclick.net)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .doubleclick.net/ (_drt_)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Zedo
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (ZEDOIDA)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (PCA1395102)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (PI)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFMCap)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFgeo)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (ZEDOIDX)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFcat)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFad)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Tradedoubler
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TradeDoublerGUID)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_EH_0)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_POOL)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_UNIQUE_IMP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_PIC)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (BT)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Statcounter
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .statcounter.com/ (is_unique)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: BurstMedia
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .burstnet.com/ (BI75128)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .www.burstnet.com/ (56Q8)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Adviva
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .adviva.net/ (ug)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: CasaleMedia
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMD2)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (C7M5)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMID)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMPS)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMPP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMRUM2)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMST)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMDD)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: WebTrends live
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  statse.webtrendslive.com/ (ACOOKIE)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  ntbtlog.txt
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  Directx.log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  setupact.log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  DtcInstall.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  ntbtlog.txt
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  Directx.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  setupact.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  DtcInstall.log
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: 7-Zip
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\  FolderHistory
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\  PanelPath0
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Internet Explorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\TypedURLs  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Management Console
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Microsoft Management Console\Recent File List  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Media Player
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\MediaPlayer\Player\Settings\  Client ID
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Direct3D
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS DirectDraw
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS DirectInput
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\  Id
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Paint
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Windows.OpenWith
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Windows Explorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Windows Media SDK
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\  ComputerName
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\  UniqueID
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\  VolumeSerialNumber
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Cookie
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***)  Cookies
[i] 2013-04-22 18:36:09 Already cleaned: Firefox (*** (default))  Cookies
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Cache
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***)  Cache
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Verlauf
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***)  History
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Summary: 
[i] 2013-04-22 18:36:09 Errors while cleaning: 0
[i] 2013-04-22 18:36:09 Files moved into quarantine: 4
[i] 2013-04-22 18:36:09 Files successfully cleaned: 133
[+] 2013-04-22 18:36:10 : Gratulation, alles (aus Datei 130422-181356.xml) wurde gelöscht.
         
Schonmal Danke im voraus!

Geändert von zwn (23.04.2013 um 14:32 Uhr)

Alt 24.04.2013, 12:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows
, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)?
Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.04.2013, 13:50   #3
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Hallo und danke für eine erste schnelle Antwort!

Die Professional-Edition habe ich, weil sie mir von der Uni kostenlos zur Verfügung gestellt wird.

Ich habe wie gesagt auch mit Ad-Aware gescannt, wobei bei dem Quick-Scan direkt nach/bei der Installation ein Fund gemeldet wurde, allerdings finde ich dazu keine Logs...
Ich hatte auch ein zweites mal mit Spybot gescannt, aber auch davon kann ich den Log nicht finden. Dabei waren es glaube ich 12 Funde...

Ansonsten sind Avira und Malewarebytes nie fündig geworden. Bei Avira gab es ein paar mal die Meldung das das Update Fehlgeschlagen ist.
Macht es bei Malewarebytes einen Unterschied ob ich das mit einem Doppelklick öffne oder mit Rechtsklick und "Als Administrator"?

Ich hatte zwischendurch mal 2 Tage oder so öfter mal einen "Skriptfehler", kann aber leider nicht mehr sagen was für einen und er ist auch nie mehr aufgetaucht...
__________________

Alt 24.04.2013, 13:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2013, 14:46   #5
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



So ich habe alle Schritte befolgt. Bei dem Scan mit MBAR wurde nichts gefunden, folglich konnte ich auch keinen "CleanUp" Button klicken, habe aber trotzdem einen Neustart durchgeführt. Bei dem Scan mit aswMBR habe ich nach dem Download der Definitionen die Internetverbindung während des Scans getrennt, da ja die Anti-Viren Programme deaktivert sein sollen. Und ich hoffe das "Quick Scan" die richtige Einstellung war.

Hier die Ergebnisse:
MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

24.04.2013 15:13:43
mbar-log-2013-04-24 (15-13-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 9179
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-24 15:22:38
-----------------------------
15:22:38.721    OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:38.721    Number of processors: 4 586 0x3A09
15:22:38.721    ComputerName: ***-PC  UserName: ***
15:22:38.721    Initialze error 1 
15:24:48.591    AVAST engine defs: 13042400
15:26:04.991    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:26:04.991    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
15:26:05.021    Disk 0 MBR read successfully
15:26:05.021    Disk 0 MBR scan
15:26:05.021    Disk 0 unknown MBR code
15:26:05.031    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
15:26:05.031    Disk 0 scanning C:\Windows\system32\drivers
15:26:05.041    Service scanning
15:26:06.251    Modules scanning
15:26:06.251    Disk 0 trace - called modules:
15:26:06.271    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
15:26:06.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007815060]
15:26:06.281    3 CLASSPNP.SYS[fffff88001d6843f] -> nt!IofCallDriver -> [0xfffffa80071c5db0]
15:26:06.281    5 ACPI.sys[fffff88000f627a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071ca050]
15:26:06.291    AVAST engine scan C:\Windows
15:26:06.291    AVAST engine scan C:\Windows\system32
15:26:06.301    AVAST engine scan C:\Windows\system32\drivers
15:26:06.301    AVAST engine scan C:\Users\***
15:26:06.311    AVAST engine scan C:\ProgramData
15:26:06.311    Scan finished successfully
15:26:33.171    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:26:33.181    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
TDSS-Killer
Code:
ATTFilter
15:32:19.0502 6024  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:32:19.0502 6024  UEFI system
15:32:20.0110 6024  ============================================================
15:32:20.0110 6024  Current date / time: 2013/04/24 15:32:20.0110
15:32:20.0110 6024  SystemInfo:
15:32:20.0110 6024  
15:32:20.0110 6024  OS Version: 6.1.7601 ServicePack: 1.0
15:32:20.0110 6024  Product type: Workstation
15:32:20.0110 6024  ComputerName: ***-PC
15:32:20.0110 6024  UserName: ***
15:32:20.0110 6024  Windows directory: C:\Windows
15:32:20.0110 6024  System windows directory: C:\Windows
15:32:20.0110 6024  Running under WOW64
15:32:20.0110 6024  Processor architecture: Intel x64
15:32:20.0110 6024  Number of processors: 4
15:32:20.0110 6024  Page size: 0x1000
15:32:20.0110 6024  Boot type: Normal boot
15:32:20.0110 6024  ============================================================
15:32:20.0485 6024  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:20.0500 6024  ============================================================
15:32:20.0500 6024  \Device\Harddisk0\DR0:
15:32:20.0500 6024  GPT partitions:
15:32:20.0500 6024  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {26927547-BBF4-4498-89D8-219C9C6CD535}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
15:32:20.0500 6024  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {2EB6D383-2EFE-4D21-869C-5EBBBABDE8C7}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
15:32:20.0500 6024  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7C37525D-5200-40DC-AF27-8B30545F5D90}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x9FF4000
15:32:20.0500 6024  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A159DD78-AF6A-4D4B-9CBD-44732B793EF7}, Name: Basic data partition, StartLBA 0xA066800, BlocksNum 0x6A69F800
15:32:20.0500 6024  MBR partitions:
15:32:20.0500 6024  ============================================================
15:32:20.0516 6024  C: <-> \Device\Harddisk0\DR0\Partition3
15:32:20.0547 6024  D: <-> \Device\Harddisk0\DR0\Partition4
15:32:20.0547 6024  ============================================================
15:32:20.0547 6024  Initialize success
15:32:20.0547 6024  ============================================================
15:32:39.0189 6076  ============================================================
15:32:39.0189 6076  Scan started
15:32:39.0189 6076  Mode: Manual; SigCheck; TDLFS; 
15:32:39.0189 6076  ============================================================
15:32:39.0392 6076  ================ Scan system memory ========================
15:32:39.0392 6076  System memory - ok
15:32:39.0392 6076  ================ Scan services =============================
15:32:39.0501 6076  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:32:39.0595 6076  1394ohci - ok
15:32:39.0610 6076  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:32:39.0626 6076  ACPI - ok
15:32:39.0641 6076  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:32:39.0657 6076  AcpiPmi - ok
15:32:39.0751 6076  [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:32:39.0766 6076  Ad-Aware Service - ok
15:32:39.0844 6076  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:32:39.0875 6076  AdobeARMservice - ok
15:32:39.0969 6076  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:39.0985 6076  AdobeFlashPlayerUpdateSvc - ok
15:32:40.0000 6076  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:32:40.0016 6076  adp94xx - ok
15:32:40.0016 6076  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:32:40.0031 6076  adpahci - ok
15:32:40.0047 6076  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:32:40.0063 6076  adpu320 - ok
15:32:40.0078 6076  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:32:40.0094 6076  AeLookupSvc - ok
15:32:40.0141 6076  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:32:40.0172 6076  AFD - ok
15:32:40.0187 6076  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:32:40.0203 6076  agp440 - ok
15:32:40.0219 6076  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:32:40.0265 6076  ALG - ok
15:32:40.0281 6076  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:32:40.0281 6076  aliide - ok
15:32:40.0328 6076  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:32:40.0375 6076  AMD External Events Utility - ok
15:32:40.0390 6076  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:32:40.0406 6076  amdide - ok
15:32:40.0406 6076  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:32:40.0437 6076  AmdK8 - ok
15:32:40.0593 6076  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:32:40.0843 6076  amdkmdag - ok
15:32:40.0874 6076  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:32:40.0921 6076  amdkmdap - ok
15:32:40.0921 6076  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:32:40.0936 6076  AmdPPM - ok
15:32:40.0952 6076  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:32:40.0967 6076  amdsata - ok
15:32:40.0967 6076  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:32:40.0983 6076  amdsbs - ok
15:32:40.0999 6076  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:32:40.0999 6076  amdxata - ok
15:32:41.0061 6076  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:32:41.0077 6076  AntiVirSchedulerService - ok
15:32:41.0108 6076  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:32:41.0123 6076  AntiVirService - ok
15:32:41.0139 6076  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:32:41.0201 6076  AppID - ok
15:32:41.0233 6076  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:32:41.0279 6076  AppIDSvc - ok
15:32:41.0311 6076  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:32:41.0357 6076  Appinfo - ok
15:32:41.0389 6076  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
15:32:41.0404 6076  AppleCharger - ok
15:32:41.0435 6076  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:32:41.0435 6076  AppleChargerSrv - ok
15:32:41.0451 6076  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:32:41.0482 6076  AppMgmt - ok
15:32:41.0482 6076  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:32:41.0498 6076  arc - ok
15:32:41.0498 6076  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:32:41.0513 6076  arcsas - ok
15:32:41.0529 6076  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:32:41.0545 6076  AsyncMac - ok
15:32:41.0576 6076  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:32:41.0576 6076  atapi - ok
15:32:41.0623 6076  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:32:41.0654 6076  AtiHDAudioService - ok
15:32:41.0685 6076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:32:41.0763 6076  AudioEndpointBuilder - ok
15:32:41.0779 6076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:32:41.0794 6076  AudioSrv - ok
15:32:41.0810 6076  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:32:41.0825 6076  avgntflt - ok
15:32:41.0857 6076  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:32:41.0872 6076  avipbb - ok
15:32:41.0903 6076  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:32:41.0919 6076  avkmgr - ok
15:32:41.0935 6076  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:32:41.0966 6076  AxInstSV - ok
15:32:41.0981 6076  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:32:42.0013 6076  b06bdrv - ok
15:32:42.0028 6076  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:32:42.0044 6076  b57nd60a - ok
15:32:42.0059 6076  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:32:42.0091 6076  BDESVC - ok
15:32:42.0106 6076  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:32:42.0137 6076  Beep - ok
15:32:42.0169 6076  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:32:42.0215 6076  BFE - ok
15:32:42.0231 6076  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:32:42.0278 6076  BITS - ok
15:32:42.0293 6076  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:32:42.0309 6076  blbdrive - ok
15:32:42.0325 6076  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:32:42.0325 6076  bowser - ok
15:32:42.0340 6076  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:32:42.0371 6076  BrFiltLo - ok
15:32:42.0371 6076  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:32:42.0371 6076  BrFiltUp - ok
15:32:42.0403 6076  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:32:42.0403 6076  Browser - ok
15:32:42.0418 6076  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:32:42.0449 6076  Brserid - ok
15:32:42.0449 6076  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:32:42.0465 6076  BrSerWdm - ok
15:32:42.0465 6076  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:32:42.0481 6076  BrUsbMdm - ok
15:32:42.0481 6076  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:32:42.0496 6076  BrUsbSer - ok
15:32:42.0496 6076  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:32:42.0527 6076  BTHMODEM - ok
15:32:42.0543 6076  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:32:42.0559 6076  bthserv - ok
15:32:42.0574 6076  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:32:42.0605 6076  cdfs - ok
15:32:42.0621 6076  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:32:42.0637 6076  cdrom - ok
15:32:42.0637 6076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:32:42.0699 6076  CertPropSvc - ok
15:32:42.0699 6076  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:32:42.0715 6076  circlass - ok
15:32:42.0746 6076  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:32:42.0746 6076  CLFS - ok
15:32:42.0793 6076  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:42.0808 6076  clr_optimization_v2.0.50727_32 - ok
15:32:42.0839 6076  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:32:42.0855 6076  clr_optimization_v2.0.50727_64 - ok
15:32:42.0886 6076  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:42.0917 6076  clr_optimization_v4.0.30319_32 - ok
15:32:42.0933 6076  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:32:42.0949 6076  clr_optimization_v4.0.30319_64 - ok
15:32:42.0964 6076  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:32:42.0980 6076  CmBatt - ok
15:32:42.0995 6076  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:32:42.0995 6076  cmdide - ok
15:32:43.0011 6076  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:32:43.0042 6076  CNG - ok
15:32:43.0042 6076  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:32:43.0058 6076  Compbatt - ok
15:32:43.0073 6076  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:32:43.0105 6076  CompositeBus - ok
15:32:43.0105 6076  COMSysApp - ok
15:32:43.0120 6076  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:32:43.0120 6076  crcdisk - ok
15:32:43.0151 6076  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:32:43.0183 6076  CryptSvc - ok
15:32:43.0198 6076  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:32:43.0261 6076  CSC - ok
15:32:43.0276 6076  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:32:43.0307 6076  CscService - ok
15:32:43.0339 6076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:32:43.0370 6076  DcomLaunch - ok
15:32:43.0385 6076  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:32:43.0417 6076  defragsvc - ok
15:32:43.0432 6076  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:32:43.0479 6076  DfsC - ok
15:32:43.0495 6076  DgiVecp - ok
15:32:43.0526 6076  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:32:43.0557 6076  Dhcp - ok
15:32:43.0557 6076  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:32:43.0604 6076  discache - ok
15:32:43.0604 6076  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:32:43.0619 6076  Disk - ok
15:32:43.0635 6076  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:32:43.0651 6076  dmvsc - ok
15:32:43.0682 6076  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:32:43.0713 6076  Dnscache - ok
15:32:43.0729 6076  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:32:43.0775 6076  dot3svc - ok
15:32:43.0791 6076  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:32:43.0822 6076  DPS - ok
15:32:43.0838 6076  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:32:43.0838 6076  drmkaud - ok
15:32:43.0869 6076  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:32:43.0885 6076  DXGKrnl - ok
15:32:43.0900 6076  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:32:43.0916 6076  EapHost - ok
15:32:43.0978 6076  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:32:44.0087 6076  ebdrv - ok
15:32:44.0119 6076  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:32:44.0134 6076  EFS - ok
15:32:44.0181 6076  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:32:44.0228 6076  ehRecvr - ok
15:32:44.0243 6076  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:32:44.0275 6076  ehSched - ok
15:32:44.0290 6076  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:32:44.0306 6076  elxstor - ok
15:32:44.0321 6076  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:32:44.0337 6076  ErrDev - ok
15:32:44.0368 6076  [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
15:32:44.0384 6076  EtronHub3 - ok
15:32:44.0415 6076  [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
15:32:44.0446 6076  EtronXHCI - ok
15:32:44.0462 6076  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:32:44.0509 6076  EventSystem - ok
15:32:44.0524 6076  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:32:44.0555 6076  exfat - ok
15:32:44.0571 6076  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:32:44.0587 6076  fastfat - ok
15:32:44.0618 6076  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:32:44.0649 6076  Fax - ok
15:32:44.0665 6076  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:32:44.0665 6076  fdc - ok
15:32:44.0680 6076  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:32:44.0696 6076  fdPHost - ok
15:32:44.0711 6076  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:32:44.0727 6076  FDResPub - ok
15:32:44.0743 6076  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:32:44.0758 6076  FileInfo - ok
15:32:44.0758 6076  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:32:44.0789 6076  Filetrace - ok
15:32:44.0789 6076  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:32:44.0805 6076  flpydisk - ok
15:32:44.0805 6076  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:32:44.0821 6076  FltMgr - ok
15:32:44.0867 6076  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:32:44.0914 6076  FontCache - ok
15:32:44.0945 6076  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:32:44.0961 6076  FontCache3.0.0.0 - ok
15:32:44.0977 6076  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:32:44.0992 6076  FsDepends - ok
15:32:45.0008 6076  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:32:45.0023 6076  Fs_Rec - ok
15:32:45.0055 6076  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:32:45.0070 6076  fvevol - ok
15:32:45.0086 6076  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:32:45.0101 6076  gagp30kx - ok
15:32:45.0117 6076  gdrv - ok
15:32:45.0164 6076  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
15:32:45.0179 6076  gfibto - ok
15:32:45.0211 6076  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:32:45.0257 6076  gpsvc - ok
15:32:45.0289 6076  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
15:32:45.0304 6076  GVTDrv64 - ok
15:32:45.0304 6076  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:32:45.0335 6076  hcw85cir - ok
15:32:45.0367 6076  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:32:45.0398 6076  HdAudAddService - ok
15:32:45.0413 6076  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:32:45.0429 6076  HDAudBus - ok
15:32:45.0429 6076  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:32:45.0445 6076  HidBatt - ok
15:32:45.0460 6076  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:32:45.0476 6076  HidBth - ok
15:32:45.0491 6076  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:32:45.0507 6076  HidIr - ok
15:32:45.0523 6076  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:32:45.0538 6076  hidserv - ok
15:32:45.0554 6076  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:32:45.0569 6076  HidUsb - ok
15:32:45.0601 6076  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:32:45.0647 6076  hkmsvc - ok
15:32:45.0647 6076  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:32:45.0663 6076  HomeGroupListener - ok
15:32:45.0694 6076  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:32:45.0710 6076  HomeGroupProvider - ok
15:32:45.0725 6076  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:32:45.0725 6076  HpSAMD - ok
15:32:45.0757 6076  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:32:45.0788 6076  HTTP - ok
15:32:45.0803 6076  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:32:45.0803 6076  hwpolicy - ok
15:32:45.0819 6076  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:32:45.0835 6076  i8042prt - ok
15:32:45.0850 6076  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:32:45.0866 6076  iaStor - ok
15:32:45.0897 6076  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:32:45.0913 6076  IAStorDataMgrSvc - ok
15:32:45.0928 6076  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:32:45.0959 6076  iaStorV - ok
15:32:45.0991 6076  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:32:46.0006 6076  ICCS ( UnsignedFile.Multi.Generic ) - warning
15:32:46.0006 6076  ICCS - detected UnsignedFile.Multi.Generic (1)
15:32:46.0069 6076  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:32:46.0100 6076  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:32:46.0100 6076  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:32:46.0131 6076  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:32:46.0162 6076  idsvc - ok
15:32:46.0193 6076  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:32:46.0193 6076  iirsp - ok
15:32:46.0225 6076  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:32:46.0271 6076  IKEEXT - ok
15:32:46.0303 6076  [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:32:46.0318 6076  Intel(R) Capability Licensing Service Interface - ok
15:32:46.0334 6076  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:32:46.0349 6076  intelide - ok
15:32:46.0349 6076  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:32:46.0381 6076  intelppm - ok
15:32:46.0396 6076  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:32:46.0427 6076  IPBusEnum - ok
15:32:46.0443 6076  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:46.0459 6076  IpFilterDriver - ok
15:32:46.0490 6076  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:32:46.0521 6076  iphlpsvc - ok
15:32:46.0537 6076  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:32:46.0552 6076  IPMIDRV - ok
15:32:46.0568 6076  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:32:46.0599 6076  IPNAT - ok
15:32:46.0615 6076  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:32:46.0630 6076  IRENUM - ok
15:32:46.0646 6076  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:32:46.0661 6076  isapnp - ok
15:32:46.0677 6076  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:32:46.0693 6076  iScsiPrt - ok
15:32:46.0708 6076  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:32:46.0708 6076  iusb3hcs - ok
15:32:46.0724 6076  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:32:46.0739 6076  iusb3hub - ok
15:32:46.0755 6076  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:32:46.0771 6076  iusb3xhc - ok
15:32:46.0802 6076  [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:32:46.0817 6076  jhi_service - ok
15:32:46.0833 6076  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:46.0833 6076  kbdclass - ok
15:32:46.0849 6076  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:32:46.0864 6076  kbdhid - ok
15:32:46.0880 6076  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:32:46.0895 6076  KeyIso - ok
15:32:46.0911 6076  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:32:46.0927 6076  KSecDD - ok
15:32:46.0927 6076  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:32:46.0942 6076  KSecPkg - ok
15:32:46.0942 6076  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:32:46.0973 6076  ksthunk - ok
15:32:46.0989 6076  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:32:47.0051 6076  KtmRm - ok
15:32:47.0067 6076  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:32:47.0067 6076  L1C - ok
15:32:47.0098 6076  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:32:47.0145 6076  LanmanServer - ok
15:32:47.0161 6076  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:47.0176 6076  LanmanWorkstation - ok
15:32:47.0208 6076  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:32:47.0254 6076  lltdio - ok
15:32:47.0254 6076  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:32:47.0286 6076  lltdsvc - ok
15:32:47.0301 6076  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:32:47.0332 6076  lmhosts - ok
15:32:47.0364 6076  [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:32:47.0379 6076  LMS - ok
15:32:47.0395 6076  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:32:47.0410 6076  LSI_FC - ok
15:32:47.0426 6076  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:32:47.0426 6076  LSI_SAS - ok
15:32:47.0442 6076  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:32:47.0442 6076  LSI_SAS2 - ok
15:32:47.0457 6076  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:32:47.0473 6076  LSI_SCSI - ok
15:32:47.0488 6076  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:32:47.0520 6076  luafv - ok
15:32:47.0535 6076  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:32:47.0551 6076  Mcx2Svc - ok
15:32:47.0566 6076  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:32:47.0566 6076  megasas - ok
15:32:47.0582 6076  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:32:47.0598 6076  MegaSR - ok
15:32:47.0598 6076  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:32:47.0613 6076  MEIx64 - ok
15:32:47.0613 6076  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:32:47.0660 6076  MMCSS - ok
15:32:47.0660 6076  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:32:47.0691 6076  Modem - ok
15:32:47.0691 6076  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:32:47.0707 6076  monitor - ok
15:32:47.0738 6076  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:32:47.0754 6076  mouclass - ok
15:32:47.0754 6076  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:32:47.0769 6076  mouhid - ok
15:32:47.0800 6076  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:32:47.0816 6076  mountmgr - ok
15:32:47.0863 6076  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:32:47.0878 6076  MozillaMaintenance - ok
15:32:47.0878 6076  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:32:47.0894 6076  mpio - ok
15:32:47.0910 6076  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:32:47.0956 6076  mpsdrv - ok
15:32:47.0972 6076  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:32:47.0988 6076  MpsSvc - ok
15:32:48.0003 6076  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:32:48.0019 6076  MRxDAV - ok
15:32:48.0066 6076  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:48.0081 6076  mrxsmb - ok
15:32:48.0097 6076  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:48.0112 6076  mrxsmb10 - ok
15:32:48.0144 6076  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:48.0159 6076  mrxsmb20 - ok
15:32:48.0159 6076  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:32:48.0175 6076  msahci - ok
15:32:48.0190 6076  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:32:48.0190 6076  msdsm - ok
15:32:48.0206 6076  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:32:48.0237 6076  MSDTC - ok
15:32:48.0253 6076  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:32:48.0284 6076  Msfs - ok
15:32:48.0315 6076  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:32:48.0331 6076  mshidkmdf - ok
15:32:48.0346 6076  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:32:48.0346 6076  msisadrv - ok
15:32:48.0378 6076  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:32:48.0393 6076  MSiSCSI - ok
15:32:48.0393 6076  msiserver - ok
15:32:48.0424 6076  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:32:48.0456 6076  MSKSSRV - ok
15:32:48.0471 6076  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:48.0502 6076  MSPCLOCK - ok
15:32:48.0502 6076  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:32:48.0534 6076  MSPQM - ok
15:32:48.0549 6076  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:32:48.0549 6076  MsRPC - ok
15:32:48.0565 6076  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:32:48.0565 6076  mssmbios - ok
15:32:48.0580 6076  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:32:48.0596 6076  MSTEE - ok
15:32:48.0612 6076  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:32:48.0627 6076  MTConfig - ok
15:32:48.0643 6076  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:32:48.0643 6076  Mup - ok
15:32:48.0674 6076  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:32:48.0705 6076  napagent - ok
15:32:48.0721 6076  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:32:48.0736 6076  NativeWifiP - ok
15:32:48.0783 6076  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:32:48.0846 6076  NDIS - ok
15:32:48.0846 6076  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:32:48.0877 6076  NdisCap - ok
15:32:48.0892 6076  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:48.0908 6076  NdisTapi - ok
15:32:48.0924 6076  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:48.0955 6076  Ndisuio - ok
15:32:48.0955 6076  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:48.0986 6076  NdisWan - ok
15:32:49.0002 6076  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:32:49.0017 6076  NDProxy - ok
15:32:49.0033 6076  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:32:49.0064 6076  NetBIOS - ok
15:32:49.0064 6076  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:32:49.0095 6076  NetBT - ok
15:32:49.0111 6076  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:32:49.0111 6076  Netlogon - ok
15:32:49.0142 6076  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:32:49.0189 6076  Netman - ok
15:32:49.0189 6076  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:32:49.0267 6076  netprofm - ok
15:32:49.0298 6076  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:49.0314 6076  NetTcpPortSharing - ok
15:32:49.0345 6076  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:32:49.0345 6076  nfrd960 - ok
15:32:49.0360 6076  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:32:49.0392 6076  NlaSvc - ok
15:32:49.0392 6076  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:32:49.0423 6076  Npfs - ok
15:32:49.0423 6076  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:32:49.0454 6076  nsi - ok
15:32:49.0454 6076  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:32:49.0485 6076  nsiproxy - ok
15:32:49.0516 6076  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:32:49.0563 6076  Ntfs - ok
15:32:49.0579 6076  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:32:49.0610 6076  Null - ok
15:32:49.0657 6076  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:32:49.0672 6076  nvraid - ok
15:32:49.0688 6076  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:32:49.0704 6076  nvstor - ok
15:32:49.0735 6076  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:32:49.0750 6076  nv_agp - ok
15:32:49.0766 6076  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:32:49.0782 6076  ohci1394 - ok
15:32:49.0828 6076  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:49.0860 6076  ose - ok
15:32:49.0953 6076  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:32:50.0062 6076  osppsvc - ok
15:32:50.0078 6076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:32:50.0109 6076  p2pimsvc - ok
15:32:50.0125 6076  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:32:50.0140 6076  p2psvc - ok
15:32:50.0156 6076  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:32:50.0172 6076  Parport - ok
15:32:50.0218 6076  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:32:50.0218 6076  partmgr - ok
15:32:50.0250 6076  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:32:50.0265 6076  PcaSvc - ok
15:32:50.0281 6076  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:32:50.0296 6076  pci - ok
15:32:50.0312 6076  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:32:50.0328 6076  pciide - ok
15:32:50.0343 6076  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:32:50.0343 6076  pcmcia - ok
15:32:50.0359 6076  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:32:50.0374 6076  pcw - ok
15:32:50.0390 6076  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:32:50.0421 6076  PEAUTH - ok
15:32:50.0452 6076  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:32:50.0499 6076  PeerDistSvc - ok
15:32:50.0562 6076  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:32:50.0577 6076  PerfHost - ok
15:32:50.0624 6076  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:32:50.0686 6076  pla - ok
15:32:50.0718 6076  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:32:50.0749 6076  PlugPlay - ok
15:32:50.0764 6076  PnkBstrA - ok
15:32:50.0796 6076  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:32:50.0827 6076  PNRPAutoReg - ok
15:32:50.0842 6076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:32:50.0858 6076  PNRPsvc - ok
15:32:50.0874 6076  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
15:32:50.0874 6076  Point64 - ok
15:32:50.0920 6076  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:32:50.0983 6076  PolicyAgent - ok
15:32:50.0983 6076  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:32:51.0014 6076  Power - ok
15:32:51.0061 6076  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:32:51.0076 6076  PptpMiniport - ok
15:32:51.0108 6076  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:32:51.0123 6076  Processor - ok
15:32:51.0154 6076  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:32:51.0186 6076  ProfSvc - ok
15:32:51.0186 6076  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:32:51.0201 6076  ProtectedStorage - ok
15:32:51.0217 6076  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:32:51.0248 6076  Psched - ok
15:32:51.0279 6076  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:32:51.0310 6076  ql2300 - ok
15:32:51.0310 6076  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:32:51.0326 6076  ql40xx - ok
15:32:51.0342 6076  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:32:51.0357 6076  QWAVE - ok
15:32:51.0373 6076  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:32:51.0373 6076  QWAVEdrv - ok
15:32:51.0388 6076  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:32:51.0404 6076  RasAcd - ok
15:32:51.0420 6076  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:32:51.0435 6076  RasAgileVpn - ok
15:32:51.0451 6076  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:32:51.0466 6076  RasAuto - ok
15:32:51.0482 6076  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:51.0513 6076  Rasl2tp - ok
15:32:51.0529 6076  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:32:51.0560 6076  RasMan - ok
15:32:51.0560 6076  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:51.0591 6076  RasPppoe - ok
15:32:51.0607 6076  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:32:51.0638 6076  RasSstp - ok
15:32:51.0654 6076  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:32:51.0685 6076  rdbss - ok
15:32:51.0700 6076  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:32:51.0700 6076  rdpbus - ok
15:32:51.0716 6076  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:51.0732 6076  RDPCDD - ok
15:32:51.0763 6076  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:32:51.0778 6076  RDPDR - ok
15:32:51.0794 6076  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:32:51.0810 6076  RDPENCDD - ok
15:32:51.0825 6076  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:32:51.0841 6076  RDPREFMP - ok
15:32:51.0872 6076  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:32:51.0903 6076  RDPWD - ok
15:32:51.0919 6076  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:32:51.0934 6076  rdyboost - ok
15:32:51.0950 6076  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:32:51.0981 6076  RemoteAccess - ok
15:32:51.0997 6076  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:32:52.0059 6076  RemoteRegistry - ok
15:32:52.0059 6076  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:32:52.0090 6076  RpcEptMapper - ok
15:32:52.0106 6076  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:32:52.0106 6076  RpcLocator - ok
15:32:52.0122 6076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:32:52.0153 6076  RpcSs - ok
15:32:52.0168 6076  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:32:52.0184 6076  rspndr - ok
15:32:52.0200 6076  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:32:52.0200 6076  s3cap - ok
15:32:52.0215 6076  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:32:52.0215 6076  SamSs - ok
15:32:52.0309 6076  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:32:52.0402 6076  SBAMSvc - ok
15:32:52.0418 6076  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:32:52.0434 6076  sbp2port - ok
15:32:52.0434 6076  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:32:52.0465 6076  SCardSvr - ok
15:32:52.0512 6076  [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService   C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
15:32:52.0543 6076  SCBackService - ok
15:32:52.0543 6076  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:32:52.0590 6076  scfilter - ok
15:32:52.0605 6076  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:32:52.0652 6076  Schedule - ok
15:32:52.0683 6076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:32:52.0699 6076  SCPolicySvc - ok
15:32:52.0699 6076  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:32:52.0730 6076  SDRSVC - ok
15:32:52.0824 6076  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
15:32:52.0870 6076  SDScannerService - ok
15:32:52.0933 6076  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:32:52.0980 6076  SDUpdateService - ok
15:32:52.0995 6076  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:32:52.0995 6076  SDWSCService - ok
15:32:53.0026 6076  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:32:53.0073 6076  secdrv - ok
15:32:53.0089 6076  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:32:53.0104 6076  seclogon - ok
15:32:53.0120 6076  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:32:53.0151 6076  SENS - ok
15:32:53.0151 6076  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:32:53.0167 6076  SensrSvc - ok
15:32:53.0167 6076  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:32:53.0182 6076  Serenum - ok
15:32:53.0182 6076  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:32:53.0214 6076  Serial - ok
15:32:53.0214 6076  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:32:53.0229 6076  sermouse - ok
15:32:53.0245 6076  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:32:53.0276 6076  SessionEnv - ok
15:32:53.0276 6076  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:32:53.0292 6076  sffdisk - ok
15:32:53.0292 6076  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:32:53.0323 6076  sffp_mmc - ok
15:32:53.0323 6076  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:32:53.0338 6076  sffp_sd - ok
15:32:53.0338 6076  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:32:53.0338 6076  sfloppy - ok
15:32:53.0354 6076  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:32:53.0385 6076  SharedAccess - ok
15:32:53.0401 6076  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:32:53.0432 6076  ShellHWDetection - ok
15:32:53.0432 6076  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:32:53.0448 6076  SiSRaid2 - ok
15:32:53.0448 6076  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:32:53.0463 6076  SiSRaid4 - ok
15:32:53.0526 6076  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:32:53.0572 6076  SkypeUpdate - ok
15:32:53.0588 6076  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:32:53.0619 6076  Smb - ok
15:32:53.0635 6076  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:32:53.0635 6076  SNMPTRAP - ok
15:32:53.0650 6076  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:32:53.0650 6076  spldr - ok
15:32:53.0682 6076  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:32:53.0697 6076  Spooler - ok
15:32:53.0728 6076  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:32:53.0775 6076  sppsvc - ok
15:32:53.0791 6076  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:32:53.0806 6076  sppuinotify - ok
15:32:53.0838 6076  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:32:53.0853 6076  srv - ok
15:32:53.0853 6076  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:32:53.0884 6076  srv2 - ok
15:32:53.0916 6076  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:32:53.0931 6076  srvnet - ok
15:32:53.0947 6076  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:32:53.0978 6076  SSDPSRV - ok
15:32:53.0994 6076  SSPORT - ok
15:32:53.0994 6076  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:32:54.0025 6076  SstpSvc - ok
15:32:54.0072 6076  [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService      C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
15:32:54.0087 6076  SSUService - ok
15:32:54.0103 6076  Steam Client Service - ok
15:32:54.0118 6076  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:32:54.0134 6076  stexstor - ok
15:32:54.0165 6076  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:32:54.0212 6076  stisvc - ok
15:32:54.0228 6076  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:32:54.0243 6076  storflt - ok
15:32:54.0243 6076  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:32:54.0259 6076  StorSvc - ok
15:32:54.0274 6076  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:32:54.0274 6076  storvsc - ok
15:32:54.0290 6076  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:32:54.0290 6076  swenum - ok
15:32:54.0306 6076  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:32:54.0337 6076  swprv - ok
15:32:54.0368 6076  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:32:54.0415 6076  SysMain - ok
15:32:54.0430 6076  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:32:54.0430 6076  TabletInputService - ok
15:32:54.0462 6076  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:32:54.0493 6076  TapiSrv - ok
15:32:54.0493 6076  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:32:54.0524 6076  TBS - ok
15:32:54.0555 6076  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:32:54.0618 6076  Tcpip - ok
15:32:54.0633 6076  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:32:54.0664 6076  TCPIP6 - ok
15:32:54.0680 6076  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:32:54.0696 6076  tcpipreg - ok
15:32:54.0711 6076  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:32:54.0727 6076  TDPIPE - ok
15:32:54.0742 6076  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:32:54.0758 6076  TDTCP - ok
15:32:54.0758 6076  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:32:54.0774 6076  tdx - ok
15:32:54.0805 6076  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:32:54.0805 6076  TermDD - ok
15:32:54.0820 6076  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:32:54.0852 6076  TermService - ok
15:32:54.0867 6076  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:32:54.0883 6076  Themes - ok
15:32:54.0914 6076  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:32:54.0930 6076  THREADORDER - ok
15:32:54.0930 6076  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:32:54.0961 6076  TrkWks - ok
15:32:54.0992 6076  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:32:55.0039 6076  TrustedInstaller - ok
15:32:55.0054 6076  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:32:55.0101 6076  tssecsrv - ok
15:32:55.0117 6076  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:32:55.0132 6076  TsUsbFlt - ok
15:32:55.0132 6076  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:32:55.0132 6076  TsUsbGD - ok
15:32:55.0148 6076  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:32:55.0210 6076  tunnel - ok
15:32:55.0226 6076  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:32:55.0226 6076  uagp35 - ok
15:32:55.0242 6076  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:32:55.0273 6076  udfs - ok
15:32:55.0288 6076  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:32:55.0304 6076  UI0Detect - ok
15:32:55.0320 6076  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:32:55.0335 6076  uliagpkx - ok
15:32:55.0351 6076  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:32:55.0351 6076  umbus - ok
15:32:55.0382 6076  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:32:55.0398 6076  UmPass - ok
15:32:55.0429 6076  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:32:55.0444 6076  UmRdpService - ok
15:32:55.0507 6076  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
15:32:55.0522 6076  UnlockerDriver5 - ok
15:32:55.0569 6076  [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:32:55.0585 6076  UNS - ok
15:32:55.0600 6076  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:32:55.0647 6076  upnphost - ok
15:32:55.0678 6076  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
15:32:55.0694 6076  usbccgp - ok
15:32:55.0710 6076  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:32:55.0741 6076  usbcir - ok
15:32:55.0756 6076  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:32:55.0772 6076  usbehci - ok
15:32:55.0788 6076  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:32:55.0819 6076  usbhub - ok
15:32:55.0850 6076  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:32:55.0866 6076  usbohci - ok
15:32:55.0881 6076  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:32:55.0912 6076  usbprint - ok
15:32:55.0944 6076  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:32:55.0959 6076  usbscan - ok
15:32:55.0990 6076  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:32:56.0022 6076  USBSTOR - ok
15:32:56.0022 6076  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:32:56.0053 6076  usbuhci - ok
15:32:56.0053 6076  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:32:56.0100 6076  UxSms - ok
15:32:56.0115 6076  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:32:56.0115 6076  VaultSvc - ok
15:32:56.0131 6076  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:32:56.0146 6076  vdrvroot - ok
15:32:56.0146 6076  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:32:56.0178 6076  vds - ok
15:32:56.0193 6076  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:32:56.0209 6076  vga - ok
15:32:56.0224 6076  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:32:56.0256 6076  VgaSave - ok
15:32:56.0287 6076  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:32:56.0287 6076  vhdmp - ok
15:32:56.0365 6076  [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:32:56.0412 6076  VIAHdAudAddService - ok
15:32:56.0427 6076  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:32:56.0443 6076  viaide - ok
15:32:56.0458 6076  [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
15:32:56.0474 6076  VIAKaraokeService - ok
15:32:56.0505 6076  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:32:56.0521 6076  vmbus - ok
15:32:56.0536 6076  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:32:56.0552 6076  VMBusHID - ok
15:32:56.0568 6076  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:32:56.0568 6076  volmgr - ok
15:32:56.0599 6076  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:32:56.0614 6076  volmgrx - ok
15:32:56.0630 6076  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:32:56.0630 6076  volsnap - ok
15:32:56.0646 6076  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:32:56.0661 6076  vsmraid - ok
15:32:56.0692 6076  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:32:56.0724 6076  VSS - ok
15:32:56.0739 6076  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:32:56.0755 6076  vwifibus - ok
15:32:56.0770 6076  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:32:56.0786 6076  W32Time - ok
15:32:56.0802 6076  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:32:56.0802 6076  WacomPen - ok
15:32:56.0833 6076  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:32:56.0864 6076  WANARP - ok
15:32:56.0880 6076  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:32:56.0895 6076  Wanarpv6 - ok
15:32:56.0926 6076  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:32:56.0973 6076  wbengine - ok
15:32:56.0973 6076  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:32:56.0989 6076  WbioSrvc - ok
15:32:57.0004 6076  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:32:57.0036 6076  wcncsvc - ok
15:32:57.0051 6076  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:32:57.0067 6076  WcsPlugInService - ok
15:32:57.0082 6076  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:32:57.0082 6076  Wd - ok
15:32:57.0114 6076  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:32:57.0176 6076  Wdf01000 - ok
15:32:57.0192 6076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:32:57.0207 6076  WdiServiceHost - ok
15:32:57.0207 6076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:32:57.0223 6076  WdiSystemHost - ok
15:32:57.0238 6076  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:32:57.0254 6076  WebClient - ok
15:32:57.0254 6076  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:32:57.0301 6076  Wecsvc - ok
15:32:57.0301 6076  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:32:57.0316 6076  wercplsupport - ok
15:32:57.0332 6076  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:32:57.0363 6076  WerSvc - ok
15:32:57.0363 6076  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:32:57.0379 6076  WfpLwf - ok
15:32:57.0394 6076  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:32:57.0394 6076  WIMMount - ok
15:32:57.0410 6076  WinDefend - ok
15:32:57.0410 6076  WinHttpAutoProxySvc - ok
15:32:57.0441 6076  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:32:57.0488 6076  Winmgmt - ok
15:32:57.0519 6076  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:32:57.0566 6076  WinRM - ok
15:32:57.0582 6076  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:32:57.0613 6076  Wlansvc - ok
15:32:57.0691 6076  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:32:57.0738 6076  wlidsvc - ok
15:32:57.0738 6076  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:32:57.0769 6076  WmiAcpi - ok
15:32:57.0769 6076  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:32:57.0800 6076  wmiApSrv - ok
15:32:57.0816 6076  WMPNetworkSvc - ok
15:32:57.0831 6076  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:32:57.0847 6076  WPCSvc - ok
15:32:57.0847 6076  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:32:57.0862 6076  WPDBusEnum - ok
15:32:57.0878 6076  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:32:57.0909 6076  ws2ifsl - ok
15:32:57.0909 6076  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:32:57.0925 6076  wscsvc - ok
15:32:57.0925 6076  WSearch - ok
15:32:57.0987 6076  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:32:58.0050 6076  wuauserv - ok
15:32:58.0081 6076  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:32:58.0096 6076  WudfPf - ok
15:32:58.0128 6076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:32:58.0143 6076  WUDFRd - ok
15:32:58.0174 6076  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:32:58.0190 6076  wudfsvc - ok
15:32:58.0206 6076  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:32:58.0221 6076  WwanSvc - ok
15:32:58.0237 6076  ================ Scan global ===============================
15:32:58.0252 6076  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:32:58.0284 6076  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:32:58.0284 6076  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:32:58.0315 6076  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:32:58.0346 6076  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:32:58.0346 6076  [Global] - ok
15:32:58.0346 6076  ================ Scan MBR ==================================
15:32:58.0362 6076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:32:58.0455 6076  \Device\Harddisk0\DR0 - ok
15:32:58.0455 6076  ================ Scan VBR ==================================
15:32:58.0455 6076  [ A649E871F768EFE980D4A2D1B9382860 ] \Device\Harddisk0\DR0\Partition1
15:32:58.0455 6076  \Device\Harddisk0\DR0\Partition1 - ok
15:32:58.0486 6076  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
15:32:58.0486 6076  \Device\Harddisk0\DR0\Partition2 - ok
15:32:58.0502 6076  [ AD080B2420D8B5E74E76E942A93214B7 ] \Device\Harddisk0\DR0\Partition3
15:32:58.0502 6076  \Device\Harddisk0\DR0\Partition3 - ok
15:32:58.0502 6076  [ 15A6FF2C409481E588EBBFAEA840CB3D ] \Device\Harddisk0\DR0\Partition4
15:32:58.0518 6076  \Device\Harddisk0\DR0\Partition4 - ok
15:32:58.0518 6076  ============================================================
15:32:58.0518 6076  Scan finished
15:32:58.0518 6076  ============================================================
15:32:58.0518 5224  Detected object count: 2
15:32:58.0518 5224  Actual detected object count: 2
15:33:21.0481 5224  ICCS ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:21.0481 5224  ICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:33:21.0481 5224  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:21.0481 5224  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:37:29.0247 1444  Deinitialize success
         


Alt 24.04.2013, 14:52   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Unauffällig...

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Virus nach Facebook-"Video"?

Alt 24.04.2013, 15:28   #7
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Was ist eigentlich mit den Funden von Spybot und den 2 Funden von TDSS-Killer? Kann ich die ruhigen Gewissens ignorieren?

Habe auch die nächsten Schritte ausgeführt. Hier die Ergebnisse:

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 24.04.2013 at 16:01:26,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\splashtop"
Successfully deleted: [Folder] "C:\Users\***\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\minidumps [92 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2013 at 16:03:19,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 24/04/2013 um 16:09:50 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\30wdt0hg.default\adawaretb
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\30wdt0hg.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2288 octets] - [24/04/2013 16:09:50]

########## EOF - C:\AdwCleaner[S1].txt - [2348 octets] ##########
         
OTL:
Code:
ATTFilter
OTL logfile created on: 24.04.2013 16:13:48 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 78,08% Memory free
15,92 Gb Paging File | 13,92 Gb Available in Paging File | 87,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,43 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,55 Gb Free Space | 71,60% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startzentrale.de
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{70FEE180-EBE5-4fa3-B9FB-49E3D343B7FF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{7EE9917A-A530-4c18-B879-D95660327BEC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startzentrale.de"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.10 20:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.21 21:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 16:59:13 | 000,000,000 | ---D | M]
 
[2012.07.28 23:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.24 16:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions
[2013.03.22 18:44:48 | 000,161,094 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\thumbnailZoom@dadler.github.com.xpi
[2013.04.24 16:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.10 20:09:04 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" File not found
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24FCBEE-B986-47D8-8AD0-EBDD2C422BF8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.24 16:12:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\adwcleaner
[2013.04.24 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2013.04.24 16:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.04.24 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.24 16:01:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.24 16:00:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\JRT
[2013.04.24 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TDSSKILLER
[2013.04.24 15:27:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\aswMBR
[2013.04.24 15:27:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.04.23 13:57:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.23 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board
[2013.04.21 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.04.21 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.21 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.04.21 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.21 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.04.21 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.21 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.04.21 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.21 21:04:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.04.21 21:04:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.21 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.04.21 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.21 20:54:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.21 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.19 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.12 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 07:56:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 07:56:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 07:56:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 07:56:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 07:56:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 07:56:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 07:56:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 07:56:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 07:56:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 07:56:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 07:56:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 07:56:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 07:56:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 07:56:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 07:56:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 07:56:20 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 07:56:20 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 07:56:20 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 07:56:20 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 07:56:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 07:56:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 07:54:47 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:54:47 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:54:47 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:54:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:54:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:54:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.07 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ
[2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.01 22:31:20 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 22:31:20 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 22:31:20 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.27 14:54:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.27 14:54:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.27 14:54:19 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.26 13:59:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.24 16:11:28 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.24 16:11:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.24 16:11:05 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 15:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 15:24:09 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 15:24:09 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 15:22:49 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.24 15:22:49 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.24 15:22:49 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.24 15:22:49 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.24 15:22:49 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 17:01:02 | 000,057,712 | ---- | M] () -- C:\Users\***\Desktop\Scan.PDF
[2013.04.23 13:57:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.23 13:57:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.21 21:04:07 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.04.21 21:04:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.21 20:54:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.12 16:09:13 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 16:09:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 15:51:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 14:36:53 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.07 18:39:09 | 000,014,565 | ---- | M] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.01 22:31:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 22:31:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 22:31:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.27 14:54:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.27 14:54:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.23 17:01:02 | 000,057,712 | ---- | C] () -- C:\Users\***\Desktop\Scan.PDF
[2013.04.23 13:57:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.21 21:06:22 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.21 20:54:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.21 20:54:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.07 18:39:09 | 000,014,565 | ---- | C] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf
[2013.04.02 13:51:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.04 18:17:57 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012.10.05 12:22:56 | 000,000,282 | ---- | C] () -- C:\Windows\game.ini
[2012.09.28 19:17:46 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.28 19:17:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.28 19:17:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.25 17:28:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.25 17:28:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.12 19:43:53 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2012.08.07 15:34:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.07.28 23:04:22 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.07.28 22:55:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.28 17:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.28 17:50:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 17:50:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.28 17:50:32 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2013 16:13:48 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 78,08% Memory free
15,92 Gb Paging File | 13,92 Gb Available in Paging File | 87,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,43 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,55 Gb Free Space | 71,60% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D1ECA-16C4-4D85-9702-7E4C2E6AC167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B2A680B-C5EC-43CC-85DC-6FF23595E105}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D7AAE3B-3298-49BF-8092-175010B8203F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{25F6075E-6CF0-4348-9FFF-9E79FB183FB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{331E3BAB-03F7-4AB6-8979-A2EC5B4B70F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34E85162-7E62-4291-B6FA-90B40120E1F6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A724997-D429-4FF2-8150-D1AA2E6C7967}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5174C8AB-CCFC-45F6-8F0C-E2DDE2EE7562}" = lport=137 | protocol=17 | dir=in | app=system | 
"{606BA6DA-71B4-49F6-837E-B060D92D4218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60D7EF28-E601-415D-A340-F710C71D8A2B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73CC2E96-B689-4BDC-A352-341AA2B4417C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{790F1CD0-46A2-439E-87BD-D249A60C3F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79F8A380-5C69-49A5-A512-7D127FEE5093}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7C2BA455-F8D0-42B1-859B-530AEECA65AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99137CD1-AAF8-403F-A9F5-21DE2B1EB3F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A526CDA5-9975-4F2A-8141-E36A101C8369}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A881DEC4-BF96-4AB5-ADCB-1C557FEEF0B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8E8E366-058C-42F3-8664-561201440831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFDB7142-FE27-4E3D-A6DE-EA3B9857F616}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B10DC8E5-1E19-4AA9-95FB-F6DC31BC0063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC8B3877-DE17-4030-B75E-4D4F7BA27DBD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD270723-4037-44D0-BCD6-9E13635DFD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F254A677-B6C4-493D-BE02-76ECC55791C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F98495EA-978B-414C-8F39-B39D6AEB1E07}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03543A78-1844-4DB2-884E-E61B63628747}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | 
"{042ED58F-8A80-4EFA-897A-765EF33B192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{05AED89E-ED3B-473A-83C4-2211FBA44AEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0AA1CA60-9CC2-41E7-8015-3B429133BDE5}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | 
"{111CE07C-7E3B-43AC-9229-68B478A481E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{13763ACD-07AB-47DB-AF24-79D7BF32280A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14450B91-2C51-406C-8141-E1C210DE7554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E3F1706-6F9F-4731-8A84-0D7BEF0333B3}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | 
"{2672A338-5ACF-4DC7-B46C-270CE3AB8193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2905AFAA-A4C6-4F91-A5AC-55841AE293AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4007DF4D-F0FE-4952-BE38-34D3C8477368}" = protocol=6 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | 
"{468D3BB1-EDE5-4E86-A934-2A617EA82D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4F87F356-EC0B-433A-884C-6D8AF3A33A6F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{58B56E31-97A9-47E1-B592-37C8FC732AF2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{61DA499B-918F-4AF7-B4AE-B9DE32904BB4}" = protocol=17 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | 
"{6A187ED3-A888-439B-B44A-9E4E76A1AF30}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | 
"{6E0A4E84-59EC-40E4-92F7-E493795BFF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6E122F83-70B3-4223-949C-0D69B6775166}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{720569FF-D6F1-48FD-9F7F-D3B3B3A6E829}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | 
"{72F56326-E1FE-4A1A-9F22-B9BAD18DF314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FC0FDCC-3540-4F3B-A328-6E19E40E775F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{88567FB6-CDCA-4D8E-B86A-D5B304552723}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{8A04F809-2DE6-4AF7-B578-E5D55C5AC2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{996491A3-ABD4-4708-A5B5-394113955E2A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | 
"{A27A58D8-CEAE-4DC4-BB2D-E8293559D25E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A4699B08-3471-45A7-88BC-590D6DD82F60}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{A57D9C23-0DA1-48FA-90A8-19864BAC64C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{ADA65890-5F0E-4042-BFFE-5F9B1A6A8878}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{AE7F76DA-369E-4769-851D-EC65DCEFE41D}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{AF2D453E-4190-4940-BB76-60013BF52C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B5051A1B-C957-4856-A820-CB1D110EDCF3}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | 
"{B67D4C3B-F8E4-4B17-94F7-B1BC5637E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B67FFFE8-EA25-413A-BE2D-F31B7DA9760A}" = protocol=6 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | 
"{BB8ADD7A-1DEE-49B7-899B-F255E921561C}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | 
"{BBAC2AFB-70A1-4E5F-9717-A5D015D31535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1D7B709-7660-48AE-8319-38889D9FB003}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | 
"{C6096757-F656-4E16-A079-7D34A1F6074E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D04F6D4A-B679-4F86-9CAA-FC57B2574E12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7C3465F-A32D-4729-8ED4-ABA7BD3F5507}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{DA2594F0-B444-4749-B476-175EB4BD38D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC4E6DA9-BCA4-4060-AF42-8AE3A00BA27F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | 
"{DC686CAE-FE56-44C5-8262-36F60E761493}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{E59AA3BF-5656-4905-9224-35C975175372}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E78923F0-03F5-49B7-A92E-FA4A02798388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD2E393-8ADC-4C1C-945A-36DFF02079A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F49E385A-195F-4ABC-90FB-6394EAAAE309}" = protocol=17 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | 
"{F70042D6-99C3-49CD-80CE-0C12531B100C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB547F36-260D-4F78-8C65-E56257CB545F}" = protocol=6 | dir=out | app=system | 
"{FE40AFE4-BEAD-4E73-BADB-7B64A44AE3E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{FF333F3C-BEC7-4B50-A613-FA0A44CCA871}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{6AE52F37-B7A9-494A-BA51-EF413B05870C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{7A8A84B8-B9A8-4727-AC4A-939DE9AE84B7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Free Video Converter_is1" = Free Video Converter V 3.1
"FreePDF_XP" = FreePDF (Remove only)
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"XnView_is1" = XnView 1.99
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2013 10:11:20 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 22.04.2013 12:36:10 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 24.04.2013 10:11:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.04.2013 10:11:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         

Alt 24.04.2013, 15:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Spybot kann man ignorieren => deinstallieren
Effektiv ist das Tool nicht und wir setzen das hier auch nicht ein

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2013, 16:51   #9
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Würdest du mir bitte (wenn möglich) erklären was es mit den 2 Funden von TDSS-Killer auf sich hat? Würde mich sehr freuen!

Hier die Ergebnisse von den letzten Scans:

Malewarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

24.04.2013 16:46:30
mbam-log-2013-04-24 (16-46-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 214184
Laufzeit: 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0109d86286a6345bd9b29566b251c08
# engine=13687
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-24 03:36:44
# local_time=2013-04-24 05:36:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10774 232237494 3565 0
# compatibility_mode=5893 16776574 100 94 428639 118447654 0 0
# scanned=157546
# found=0
# cleaned=0
# scan_time=2669
         

Alt 24.04.2013, 20:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Was gibt es da großartig zu erklären, naja der tdsskiller ist ein Spezialtool und kein Spielzeug, das Teil scant sehr aggressiv und zeigt dementsprechend auch öfter legitime Einträge als suspicious oder unknown oder unsigned (nicht signiert) an.

Das ist ICCS:

Code:
ATTFilter
15:32:46.0006 6076  ICCS - detected UnsignedFile.Multi.Generic (1)
15:32:46.0069 6076  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
         
Und das andere ist das:

Code:
ATTFilter
15:32:46.0100 6076  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:32:46.0131 6076  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
         
Wenn du die Pfade siehst, sollte es klar sein, dass es legit Objekte sind

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.04.2013, 21:14   #11
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Danke für die Erklärung! Jetzt wo dus sagst ist es einleuchtend...

Ich habe bisher keine weiteren Scans gemacht und Probleme hatte ich ja nie, ich war nur unsicher ob ich mir was eingefangen habe (was evtl. Passwörter o.ä. ausspäht...) Kleine Aktualisierung: war gerade auf "wetter.com" und da kam dann folgenede Meldung: "Invalid Certificate" und ich konnte nur auf "OK" klicken...

Die Tips werde ich befolgen. Sollte mir bei den nächsten Scans etwas auffallen oder gefunden werden, dann melde ich mich wieder.

Die ganzen Programme kann ich dann einfach wieder deinstallieren bzw. löschen oder?

Vielen, vielen Dank für die sehr schnelle Hilfe!

Geändert von zwn (25.04.2013 um 21:27 Uhr)

Alt 25.04.2013, 22:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 09:36   #13
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Hallo cosinus,

ich fürchte ich benötige nochmal deine Hilfe:
bei meinem letzten Scan mit Avira Antivir habe ich festgestellt, dass ich 43 Warnungen bekommen habe. Dummerweise weiß ich nicht wie ich damit umgehen soll, bzw. ob ich das ignorieren kann/darf/soll oder was ich sonst tun muss.
Wäre echt super wenn du mir da nochmal helfen könntest!

Da ich die log Datei nicht wie sonst mit in den Threat einfügen konnte (warum auch immer?) füge ich sie mal im Anhang an...

Alt 09.05.2013, 17:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Diese Warnungen sind normal, kannst du ignorieren. Manche Systemdateien sind exklusiv von Windows gesperrt, können dann weder von anderen Prozessen gelesen, geschrieben oder gelscht werden.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.05.2013, 08:51   #15
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



OK. ich fand es nur etwas seltsam. Ich habe mal die älteren Scans angeguckt und soviele Warnungen kamen das erste mal am 21.04. In der Woche davor waren es 0 Warnungen...
Vielen Dank nochmal!

Geändert von zwn (10.05.2013 um 08:59 Uhr)

Antwort

Themen zu Virus nach Facebook-"Video"?
7-zip, ad-aware, antivir, autorun, bho, black, converter, error, excel, flash player, helper, install.exe, logfile, mozilla, ntdll.dll, prozess, registry, rundll, safer networking, scan, security, senden, software, super, svchost.exe, system, teamspeak, trojaner-board, usb, virus, windows, wurm



Ähnliche Themen: Virus nach Facebook-"Video"?


  1. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  2. Facebook Virus "Ihr Computer muss gereinigt werden"
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (34)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Facebook: "Dein Computer muss gereinigt werden" (Virus/Malware?)
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (11)
  5. Windows7: "Facebook lol Virus/Trojaner"?
    Log-Analyse und Auswertung - 16.05.2014 (11)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Rechner befallen nach Video "14 year old girl did in front of public"
    Log-Analyse und Auswertung - 11.08.2013 (11)
  8. Facebook-Trojaner?: "14-y.o. girl"-Video versucht zu öffnen
    Log-Analyse und Auswertung - 28.07.2013 (1)
  9. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  10. Facebook-Virus "weeeeeeerrrr ist daaaaaass? " TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (11)
  11. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (1)
  12. "Scr-Virus" auf Facebook
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (4)
  13. Frage zu "Facebook Virus"
    Plagegeister aller Art und deren Bekämpfung - 21.09.2011 (12)
  14. PC wird immer langsamer! "?Facebook-Virus!?" ErBITTE dringend log.Auswertung!
    Log-Analyse und Auswertung - 27.08.2011 (16)
  15. Facebook-Virus "Bist du das...?"-Infektion
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (14)
  16. "Ist das dein Video"-Virus
    Log-Analyse und Auswertung - 02.09.2009 (7)
  17. Nach Virus keine "ausführen"befehl im startmenü und keine "ordneroptionen"!
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (2)

Zum Thema Virus nach Facebook-"Video"? - Hallo, ich habe vor einigen Tagen dummerweise auf ein vermeintliches Video bei Facebook geklickt, woraufhin sich ein neuer Tab öffnete wo ich eine Datei hätte herunterladen sollen um das Video - Virus nach Facebook-"Video"?...
Archiv
Du betrachtest: Virus nach Facebook-"Video"? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.