Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?

500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?


Plagegeister aller Art und deren Bekämpfung: 500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.12.2012, 07:59   #1
mister1
 
500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun? - Unglücklich

500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?


Hallo!

Mein Rechner hat was... er braucht Stunden zum Hochfahren (obwohl i7), anfangs laufen um die 500 Prozesse gleichzeitig (mehrere svchost.exe, netsh.exe *32, conhost.exe); hab ich mal über Nacht laufen lassen - "nur mehr" 74 Prozesse, wobei die Festplattendiode permanent leuchtet.
CPU Auslastung ist zwar bei 1%, Speicher bei 33%, trotzdem kann ich weder ein Programm öffnen, noch cmd.exe ausführen- es braucht alles einfach ewig.

Wie ist es dazu gekommen?
Ich kanns nur vermuten, da der Rechner bei mir im Dauerbetrieb läuft und ich ihn ca. 1 mal pro Woche neu starte. Zuletzt habe ich wg. dem Handy meiner Lebensgefährtin iCloud installiert; der Applemist hat klarerweise nicht wirklich funktioniert; mit Revo Unistaller deinstalliert und auch noch mal den CCleaner drüberfahren lassen. Weiter habe ich noch die restlichen unnötigen Apple Dienste deinstalliert.
Kann mir aber nicht ganz vorstellen, dass dadurch die groben Probleme entstanden sind....

Nachfolgend die logs:

Zitat:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.09.29.05

Windows 7 Service Pack 1 x64 FAT32 (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Network23 :: NETWORKSTATION [Administrator]

11.12.2012 10:27:02
mbam-log-2012-12-11 (12-27-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 652932
Laufzeit: 1 Stunde(n), 51 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Network23\Downloads\ca_setup.exe (PUP.PasswordTool) -> Keine Aktion durchgeführt.

(Ende)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.12.2012 17:22:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 3,78 Gb Available Physical Memory | 63,44% Memory free
11,96 Gb Paging File | 9,66 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 178,46 Gb Free Space | 19,16% Space Free | Partition Type: NTFS
Drive E: | 3,76 Gb Total Space | 3,75 Gb Free Space | 99,71% Space Free | Partition Type: FAT32
Drive F: | 931,51 Gb Total Space | 684,38 Gb Free Space | 73,47% Space Free | Partition Type: NTFS
 
Computer Name: NETWORKSTATION | User Name: Network23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.11 09:21:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012.11.26 21:14:55 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 21:10:50 | 000,639,264 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.11.26 21:10:47 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.26 21:10:46 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 21:10:33 | 000,387,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2012.10.23 10:47:48 | 007,859,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.23 10:40:39 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012.07.26 15:00:10 | 000,124,592 | ---- | M] (Caphyon) -- C:\Program Files (x86)\Caphyon\Advanced Web Ranking\ALMServer.exe
PRC - [2012.07.26 15:00:05 | 000,124,592 | ---- | M] (Caphyon) -- C:\Program Files (x86)\Caphyon\Advanced Web Ranking\AWRServer.exe
PRC - [2012.07.26 15:00:03 | 000,124,592 | ---- | M] (Caphyon) -- C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009.08.25 17:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
PRC - [2009.07.14 02:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2009.07.14 02:14:27 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netsh.exe
PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.25 17:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.06.29 09:51:26 | 000,171,688 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010.11.20 14:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010.08.09 03:04:10 | 000,166,704 | -H-- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.03 09:41:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.26 21:14:55 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 21:10:47 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.09 17:20:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012.07.26 15:00:10 | 000,124,592 | ---- | M] (Caphyon) [Auto | Running] -- C:\Program Files (x86)\Caphyon\Advanced Web Ranking\ALMServer.exe -- (ALMServer)
SRV - [2012.07.26 15:00:05 | 000,124,592 | ---- | M] (Caphyon) [Auto | Running] -- C:\Program Files (x86)\Caphyon\Advanced Web Ranking\AWRServer.exe -- (AWRServer)
SRV - [2012.07.26 15:00:03 | 000,124,592 | ---- | M] (Caphyon) [Auto | Running] -- C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe -- (AWRScheduler)
SRV - [2012.04.10 11:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.26 11:17:16 | 009,665,536 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011.09.26 11:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.06 00:07:54 | 000,602,416 | ---- | M] (Ariolic Software, Ltd. (hxxp://www.ariolic.com)) [On_Demand | Stopped] -- C:\Program Files (x86)\ActiveSMART 2.9\ASmartService.exe -- (ActiveSMART Service)
SRV - [2010.11.20 13:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.14 14:15:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.14 14:15:50 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.11 17:49:38 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.01 22:49:31 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012.08.01 22:47:53 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.08.01 22:47:12 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2012.08.01 22:46:46 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2012.08.01 22:46:36 | 000,018,832 | ---- | M] (PenMount) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmkbdfltr.sys -- (pmkbdfltr)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.08.26 18:14:43 | 001,061,888 | -H-- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.09 14:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.08.07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.22 09:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.17 19:54:54 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012.04.10 11:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.12 07:43:23 | 000,013,412 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS -- (FNETDEVI)
DRV - [2009.12.18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.05.05 06:22:00 | 000,008,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS -- (usbscan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 60 78 A3 DD 63 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {58C63EB0-6EE6-4840-B7E1-A5A3A96A5F60}
IE - HKCU\..\SearchScopes\{0D983C11-A11D-4BFE-A45A-1CB43CA14E0F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{4914C60E-6A4F-425B-BD91-7F0AF4159168}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKCU\..\SearchScopes\{58C63EB0-6EE6-4840-B7E1-A5A3A96A5F60}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{B80D6BAE-FBBD-4294-8891-9130E2F89E80}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=2c5ae431-45fc-45dd-886a-7c7274fb33ee&apn_sauid=F52328B9-013A-4910-906E-25B84AFF695B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 69.162.159.148:8800
 
========== FireFox ==========
 
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.0
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: firefox-extension%40shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: survey-remover%40gmx.com:3.1.2
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.6.1
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.41
FF - prefs.js..extensions.enabledAddons: %7BF3E8C2AC-3D1F-11E2-AE85-D21C6188709B%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2736476&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Network23\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Network23\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Network23\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Network23\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.25 06:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.04.29 15:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.25 06:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.25 06:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.03 09:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.14 18:24:17 | 000,000,000 | ---D | M]
 
[2011.08.26 18:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\Extensions
[2012.12.07 20:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions
[2012.11.02 07:29:07 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.08.01 21:50:34 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.10.12 09:19:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.09.29 09:31:49 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions\DeviceDetection@logitech.com
[2012.03.07 22:53:13 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions\ext@sprng.me
[2012.10.19 06:43:47 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Network23\AppData\Roaming\mozilla\Firefox\Profiles\tf7ftem6.default\extensions\firefox@ghostery.com
[2012.11.20 23:46:53 | 000,234,741 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.12.07 20:16:29 | 002,142,826 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\firebug@software.joehewitt.com.xpi
[2012.01.01 13:39:58 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\firefox-extension@shareaholic.com.xpi
[2011.08.28 15:46:47 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2012.10.20 08:04:12 | 000,051,442 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\survey-remover@gmx.com.xpi
[2012.07.27 07:11:15 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\tabscope@xuldev.org.xpi
[2012.12.04 13:08:48 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.01.21 23:47:39 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012.09.08 07:57:28 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.11.23 13:06:49 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.02 16:17:02 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.06.11 06:33:12 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2012.12.04 23:51:22 | 000,011,493 | ---- | M] () (No name found) -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\extensions\{F3E8C2AC-3D1F-11E2-AE85-D21C6188709B}.xpi
[2012.04.29 15:44:30 | 000,001,798 | ---- | M] () -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\searchplugins\funmoods.xml
[2012.08.26 09:57:47 | 000,005,471 | ---- | M] () -- C:\Users\Network23\AppData\Roaming\mozilla\firefox\profiles\tf7ftem6.default\searchplugins\googlecom-in-english.xml
[2012.10.27 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.03 09:41:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.10 07:25:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 06:59:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.10 07:25:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.07 15:27:04 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.10 07:25:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.10 07:25:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.10 07:25:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.at/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Network23\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Network23\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Network23\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\10.11.8.2_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\10.11.8.2_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Network23\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Network23\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\
CHR - Extension: WOT = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.7_0\
CHR - Extension: YouTube = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Springpad Extension = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: Google Mail = C:\Users\Network23\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.08.27 07:44:33 | 000,003,276 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	
O1 - Hosts: 127.0.0.1	localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe ()
O4 - HKCU..\Run: [IBP]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3113C47-BF91-4FA5-AFD1-52D78BDB4DD4}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ad2aace-5acd-11e1-920d-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad2aace-5acd-11e1-920d-90fba6863feb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6ad2aada-5acd-11e1-920d-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad2aada-5acd-11e1-920d-90fba6863feb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6ad2aaec-5acd-11e1-920d-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad2aaec-5acd-11e1-920d-90fba6863feb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6ad2aaf5-5acd-11e1-920d-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad2aaf5-5acd-11e1-920d-90fba6863feb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8adebcec-1c94-11e1-bc66-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{8adebcec-1c94-11e1-bc66-90fba6863feb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9a5cd075-c438-11e1-93fb-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5cd075-c438-11e1-93fb-90fba6863feb}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{9a5cd082-c438-11e1-93fb-90fba6863feb}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5cd082-c438-11e1-93fb-90fba6863feb}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.11 09:33:59 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Roaming\Malwarebytes
[2012.12.11 09:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.11 09:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.11 09:33:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.11 09:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.09 16:33:46 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\ElevatedDiagnostics
[2012.12.09 12:57:09 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Roaming\VS Revo Group
[2012.12.07 01:12:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.12.05 19:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.05 19:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.05 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.05 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.05 19:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.04 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\Network23\Documents\hd.vg
[2012.12.04 08:17:51 | 000,000,000 | ---D | C] -- C:\Users\Network23\Documents\FTP Backup
[2012.12.03 07:46:13 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\TSVNCache
[2012.12.03 07:43:04 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{4382FFF0-FF73-472F-8A46-7608BD469B12}
[2012.12.03 01:48:37 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Roaming\TortoiseSVN
[2012.12.02 19:52:45 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Roaming\Subversion
[2012.12.02 19:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012.12.02 19:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2012.12.02 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2012.12.02 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.12.02 18:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.02 18:25:50 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.02 18:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.02 08:00:55 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{B8ECAF73-8BE7-4638-AD32-51178342F5EC}
[2012.11.29 11:22:01 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Roaming\NewSoft
[2012.11.29 10:45:47 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{8927CBC6-F460-430F-899E-9DDDC7247855}
[2012.11.28 16:01:37 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{1CE8A844-BCD3-4D18-88B0-776A5636E36A}
[2012.11.26 13:23:35 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{C9C792BD-6E1D-4F71-8779-5D515F3231DC}
[2012.11.23 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{83798BFB-35BB-42D5-A40F-45C4C718E715}
[2012.11.21 07:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
[2012.11.21 07:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV
[2012.11.21 07:41:30 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{842B7861-1F43-4628-A910-E789931E2873}
[2012.11.20 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{F479917C-C578-4D1D-B7BD-21C7072B89EB}
[2012.11.19 23:04:19 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{3A5077BB-3C19-4473-8D29-C82631C98B6B}
[2012.11.18 22:24:30 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{CD4F7B73-15D8-407F-8B76-485346B25048}
[2012.11.16 09:43:54 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{2D67F162-329B-4139-8EBE-077C639BEB76}
[2012.11.15 07:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.14 18:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.14 18:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.13 07:53:08 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{C301857B-B8D0-4A76-ACBA-6EF1DA7B06BD}
[2012.11.12 07:32:04 | 000,000,000 | ---D | C] -- C:\Users\Network23\AppData\Local\{688A3045-2B55-483B-BA11-3F507C6EDCDE}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.11 13:03:55 | 000,017,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 13:03:49 | 000,017,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 12:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.11 12:32:47 | 504,700,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 23:52:43 | 005,048,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.08 12:02:30 | 000,002,043 | ---- | M] () -- C:\Users\Network23\Desktop\SEnukeXCr.lnk
[2012.12.05 17:15:50 | 000,000,952 | ---- | M] () -- C:\Users\Network23\Desktop\BookmarkingDemon 6.lnk
[2012.12.04 16:02:45 | 000,001,456 | ---- | M] () -- C:\Users\Network23\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.12.03 21:31:32 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.12.03 09:19:27 | 000,000,132 | ---- | M] () -- C:\Users\Network23\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.12.03 07:50:57 | 000,007,598 | ---- | M] () -- C:\Users\Network23\AppData\Local\Resmon.ResmonCfg
[2012.11.30 11:54:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.14 14:15:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 14:15:50 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.14 11:43:30 | 018,078,386 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.14 10:28:13 | 000,001,239 | ---- | M] () -- C:\Users\Network23\Downloads - Verknüpfung.lnk
[2012.11.13 15:12:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.09 23:36:31 | 005,048,512 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.26 15:00:14 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.11.14 11:39:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 11:21:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 10:28:13 | 000,001,239 | ---- | C] () -- C:\Users\Network23\Downloads - Verknüpfung.lnk
[2012.09.06 21:54:57 | 000,000,049 | -H-- | C] () -- C:\Users\Network23\AppData\Roaming\eMail Verifier.ini
[2012.08.10 13:37:13 | 000,000,184 | ---- | C] () -- C:\Windows\SysWow64\ALMServer.ini
[2012.08.10 13:37:13 | 000,000,183 | ---- | C] () -- C:\Windows\SysWow64\AWRServer.ini
[2012.07.05 20:39:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.03.18 00:47:14 | 000,188,863 | ---- | C] () -- C:\Windows\Submitter Uninstaller.exe
[2012.03.12 00:00:34 | 003,230,348 | ---- | C] () -- C:\Users\Network23\.websiteauditor.properties
[2012.03.11 23:57:05 | 000,536,703 | ---- | C] () -- C:\Users\Network23\.linkassistant.properties
[2012.03.11 23:44:16 | 000,728,350 | ---- | C] () -- C:\Users\Network23\.spyglass.properties
[2012.03.11 23:34:06 | 000,334,055 | ---- | C] () -- C:\Users\Network23\.ranktracker.properties
[2012.02.27 20:04:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2012.01.29 21:39:12 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.08 23:58:48 | 000,000,132 | ---- | C] () -- C:\Users\Network23\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.29 12:11:48 | 000,001,456 | ---- | C] () -- C:\Users\Network23\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.27 19:56:35 | 000,000,132 | ---- | C] () -- C:\Users\Network23\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.12.27 19:49:04 | 000,000,132 | ---- | C] () -- C:\Users\Network23\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.12.15 19:11:45 | 003,362,144 | ---- | C] () -- C:\Windows\AppsMsnDe.exe
[2011.12.03 12:28:53 | 000,129,384 | ---- | C] () -- C:\ProgramData\1322911203.bdinstall.bin
[2011.12.03 12:18:45 | 000,087,690 | ---- | C] () -- C:\ProgramData\1322911082.bdinstall.bin
[2011.12.02 01:46:37 | 000,195,138 | ---- | C] () -- C:\ProgramData\1322786363.bdinstall.bin
[2011.12.01 21:57:19 | 000,007,598 | ---- | C] () -- C:\Users\Network23\AppData\Local\Resmon.ResmonCfg
[2011.11.12 07:40:59 | 000,000,030 | R--- | C] () -- C:\Windows\SysWow64\drivers\RevHDD.ini
[2011.11.04 19:43:32 | 000,000,236 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.11.04 13:23:09 | 000,010,240 | ---- | C] () -- C:\Users\Network23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.02 16:16:05 | 000,020,531 | -H-- | C] () -- C:\ProgramData\W77X4
[2011.11.02 14:17:09 | 000,001,772 | ---- | C] () -- C:\Windows\If42le.ini
[2011.11.02 14:17:09 | 000,000,290 | ---- | C] () -- C:\Windows\Pexplore.ini
[2011.11.02 14:15:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2011.11.02 14:14:33 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2011.11.02 14:13:03 | 000,000,134 | ---- | C] () -- C:\Windows\A21U.INI
[2011.10.27 10:12:47 | 000,002,160 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.09.16 05:46:23 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.08.28 15:05:33 | 000,202,252 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.08.26 18:15:00 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2011.08.26 18:15:00 | 000,005,116 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2011.08.26 18:14:59 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\RT2870.bin
[2011.08.26 12:06:02 | 018,078,386 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.04 13:22:39 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\ACD Systems
[2011.12.31 02:46:17 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Affilorama
[2011.12.04 10:22:20 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Amazon
[2012.04.29 15:38:06 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\AnvSoft
[2012.03.02 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Article Marketing Robot
[2012.09.06 20:33:25 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\AtomPark
[2012.03.02 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\EurekaLog
[2012.12.08 16:17:30 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\FileZilla
[2012.08.28 11:14:15 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Foxit Software
[2011.10.10 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\GrabPro
[2011.12.13 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\HartlauerFotoService3
[2012.12.04 10:31:40 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\IBP
[2011.09.07 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Itsth
[2011.10.28 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\JonathanLeger.com
[2011.11.16 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Lasersoft Imaging
[2011.09.29 09:37:31 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Leadertech
[2012.09.10 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\LiveSoftware
[2012.04.29 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\MAGIX
[2012.10.05 13:19:26 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012.09.06 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Maxprog
[2012.04.14 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\MySEOSolution_DB_Dir
[2012.12.11 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\NetSpeedMonitor
[2012.11.29 11:22:01 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\NewSoft
[2011.08.28 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Opera
[2012.11.29 11:12:10 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Orbit
[2011.11.11 23:43:06 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Poker4ever
[2011.10.10 23:01:12 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\ProgSense
[2011.12.02 01:40:30 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\QuickScan
[2012.09.10 23:33:52 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\SendBlaster2
[2012.09.21 18:11:41 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\SeoWebEmpire
[2012.03.18 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Sick Marketing
[2012.03.02 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.12.02 19:52:45 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Subversion
[2012.10.13 18:05:23 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\Sync App Settings
[2011.12.15 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\TeamViewer
[2012.08.27 07:26:20 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\TweetAdder3
[2011.10.13 01:53:13 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\ubot
[2012.12.08 13:29:45 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\UBot Studio
[2012.12.09 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\uTorrent
[2012.12.09 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\Network23\AppData\Roaming\VS Revo Group
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Network23\Documents\Firefox-Sync-Schlüssel.html:BDU
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9FF7C773

< End of report >
--- --- ---


Die OTL Extras logfile ist im Anhang zu finden.

Beide PUP's würden in der Zwischenzeit gelöscht - der Rechner fährt etwas schneller hoch und hat nur mehr um die 91 Prozesse laufen; wobei das System noch immer extrem lahmt.

Solltet Ihr noch irgendwelche logs brauchen bzw ich etwas vergessen haben, bitte einfach bescheid geben.

Viele Grüße und Danke im Voraus,
Mister1

Alt 12.12.2012, 08:01   #2
Psychotic
/// Malwareteam
 
500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun? - Standard

500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?


Zitat:
O1 - Hosts: 127.0.0.1 acdid.acdsystems.com0.0.0.0 Host patched by b0tter
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com

Wer geklaute Software einsetzt, braucht sich über Ärger nicht zu wundern...




Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________

__________________
Alt 12.12.2012, 08:07   #3
mister1
 
500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun? - Standard

500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?


Das is schon lange nicht mehr drauf. Ich habe vergessen die Hosts wieder abzuändern.
__________________
Alt 12.12.2012, 08:48   #4
Psychotic
/// Malwareteam
 
500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun? - Standard

500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?


Zitat:
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

[2012.01.08 23:58:48 | 000,000,132 | ---- | C] () -- C:\Users\Network23\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.29 12:11:48 | 000,001,456 | ---- | C] () -- C:\Users\Network23\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.27 19:56:35 | 000,000,132 | ---- | C] () -- C:\Users\Network23\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.12.27 19:49:04 | 000,000,132 | ---- | C] () -- C:\Users\Network23\AppData\Roaming\Adobe GIF Format CS5 Prefs
Verarschen können wir uns auch alleine...
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu 500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?
adobe, antivir, application/pdf:, auslastung, avira, bho, bonjour, desktop, downloader, email, festplatte, firefox, flash player, format, ftp, helper, icloud, logfile, monitor.exe, mozilla, nvidia update, pandora.tv, plug-in, programm, prozesse, realtek, registry, senden, software, svchost.exe, temp


« Avira meldet TR/Sirefef.BV.2 -- C:\\windows\system32\ac97inctc.ddl und nach Quarantäne c:\\windows\system32\persfw.dll | Zeus 2, Java Virus, Obfuscate »


Ähnliche Themen: 500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?


  1. 15 laufende svchost.exe prozesse
    Mülltonne - 20.11.2014 (0)
  2. Etliche laufende Prozesse bei Systemstart trotz Deaktivierung mittels msconfig
    Log-Analyse und Auswertung - 07.08.2014 (5)
  3. 3 laufende conhost.exe-Prozesse
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (26)
  4. hohe CPU Auslastung ohne erkennbar laufende Prozesse
    Netzwerk und Hardware - 17.03.2013 (1)
  5. Zu viele laufende Prozesse
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (7)
  6. Hab ich einen Virus auf dem PC? 13x svchost.exe und ca 93 Prozesse offen bei Systemstart.
    Log-Analyse und Auswertung - 12.12.2011 (1)
  7. 104 laufende Prozesse
    Log-Analyse und Auswertung - 09.08.2011 (1)
  8. 104 laufende Prozesse - PC ziemlich langsam
    Mülltonne - 07.08.2011 (0)
  9. HighjackThis LogFile 104 laufende Prozesse
    Log-Analyse und Auswertung - 06.08.2011 (2)
  10. Eindeutig zu viele svchost Prozesse....
    Plagegeister aller Art und deren Bekämpfung - 24.01.2011 (11)
  11. winlogon.exe und laufende nicht zu beendende Prozesse
    Log-Analyse und Auswertung - 26.07.2010 (43)
  12. Task-Manager - viele Prozesse mit SVCHOST
    Log-Analyse und Auswertung - 05.07.2010 (2)
  13. gestartete Anwedung will auf laufende Prozesse im Arbeitsspeicher zugreifen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (4)
  14. CPU Überlastung durch svchost Prozesse
    Plagegeister aller Art und deren Bekämpfung - 14.10.2009 (1)
  15. Task manager auf 100% (8 mal svchost.exe Prozesse laufen im Taskmanager)
    Log-Analyse und Auswertung - 01.02.2009 (0)
  16. svchost .exe verursacht 99 Prozesse
    Log-Analyse und Auswertung - 24.05.2007 (6)
  17. laufende prozesse? z.B. soun.pif ?!
    Alles rund um Windows - 21.07.2005 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun? - Hallo! Mein Rechner hat was... er braucht Stunden zum Hochfahren (obwohl i7), anfangs laufen um die 500 Prozesse gleichzeitig (mehrere svchost.exe, netsh.exe *32, conhost.exe); hab ich mal über Nacht laufen - 500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun?...
Archiv
Du betrachtest: 500 laufende Prozesse - svchost.exe - netsh.exe *32 - was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55