Malwarebytes Anti-Malware Log-Report, leider 24 Einträge

hesse1986 · 06.01.2013, 22:31

Hallo,

ich bin durch die Google Suche auf dieses Forum gestoßen. Mein Laptop, ca. 3,5 Jahre alt, Windows 7, ist auf einmal nach dem hochfahren sehr langsam gewesen und das ausführen von Anwendungen ging nicht mehr und er hing sich auf. Im abgesicherten Modus mit Netzwerkaufforderung lief alles problemes. Ich bin dann auf die o.g. Software gestoßen und habe den Scan durchlaufen lassen - wobei ich sagen muss, dass ich immer die Windows Updates ausführe und auch Avira Antivirus immer auf dem aktuellen Stand habe.

Beim dem Scan sind leider 24 Einträge gefunden worden. Ich habe dann alles wie hier beschrieben und empfohlen gelöscht. Nun der Report und mit der Hoffnung und Hilfe, was nun noch zu tun ist!

Vielen, vielen Dank im Voraus !

Gruß hesse1986

////

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.04.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ICH-PC [Administrator]

Schutz: Aktiviert

04.01.2013 19:51:56
mbam-log-2013-01-04 (19-51-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239244
Laufzeit: 11 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.

(Ende)

markusg · 07.01.2013, 00:43

Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hesse1986 · 07.01.2013, 20:19

Hallo,

vielen Dank für die Antwort und die Hilfestellung mit dem OTL Programm. Anbei die 2 .txt Dateien.

OTL.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.01.2013 19:52:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christopher\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,06% Memory free
5,99 Gb Paging File | 4,48 Gb Available in Paging File | 74,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 123,18 Gb Free Space | 45,83% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
 
Computer Name: ICH-PC | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.07 19:51:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.09.17 19:13:13 | 007,244,800 | ---- | M] () -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.exe
PRC - [2012.09.11 16:52:04 | 003,021,440 | ---- | M] () -- C:\Programme\Digital Trends Club\Payback-Reporting.exe
PRC - [2012.09.11 16:52:02 | 001,377,920 | ---- | M] () -- C:\Programme\Digital Trends Club\Payback-Updater.exe
PRC - [2012.08.16 16:28:10 | 003,302,528 | ---- | M] (Payback) -- C:\Programme\PaybackLSPService\PaybackLspService.exe
PRC - [2012.08.16 16:28:06 | 000,060,544 | ---- | M] () -- C:\Programme\PaybackLSPService\Payback-WatchDog.exe
PRC - [2012.08.09 18:42:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.05.09 00:34:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:34:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 00:34:11 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.06 19:36:14 | 000,331,608 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.04.06 18:19:01 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2009.06.11 17:18:04 | 000,161,776 | ---- | M] (Google) -- C:\Windows\Temp\gis17f7b\GoogleUpdater.exe
PRC - [2009.03.05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.10.29 15:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.10.01 19:05:12 | 004,365,688 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.10.01 17:38:54 | 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008.10.01 17:38:46 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.06.23 10:24:12 | 000,343,552 | ---- | M] (AVM Berlin GmbH) -- C:\Programme\avmwlanstick\FRITZWLanMini.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.16 16:28:06 | 000,060,544 | ---- | M] () -- C:\Programme\PaybackLSPService\Payback-WatchDog.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.13 11:32:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.03 19:48:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.17 19:13:13 | 007,244,800 | ---- | M] () [Auto | Running] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.exe -- (FreemiumSystemStoreService)
SRV - [2012.09.11 16:52:04 | 003,021,440 | ---- | M] () [Auto | Running] -- C:\Programme\Digital Trends Club\Payback-Reporting.exe -- (Payback-Reporting-Service)
SRV - [2012.09.11 16:52:02 | 001,377,920 | ---- | M] () [Auto | Running] -- C:\Programme\Digital Trends Club\Payback-Updater.exe -- (Payback-Update-Service)
SRV - [2012.08.16 16:28:10 | 003,302,528 | ---- | M] (Payback) [Auto | Running] -- C:\Programme\PaybackLSPService\PaybackLspService.exe -- (PaybackLSPService)
SRV - [2012.06.08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.05.09 00:34:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 00:34:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.01.06 19:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.01.06 19:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.10.29 15:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.10.23 16:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.10.01 17:38:46 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- f:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.09 00:34:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 00:34:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.22 12:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012.01.05 00:01:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.01.05 00:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.12.24 14:18:16 | 000,967,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm139.sys -- (tdrpman139)
DRV - [2010.12.24 14:18:10 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.01.14 21:55:54 | 000,009,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.25 07:50:44 | 000,164,864 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.05.08 21:58:00 | 007,551,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 09:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.12.29 17:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.09.12 16:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 13:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0D03E934-F087-41B1-9466-DB7A966240CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0D03E934-F087-41B1-9466-DB7A966240CE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D03E934-F087-41B1-9466-DB7A966240CE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/ws/?source=6a1885c1&tbp=rbox&toolbarid=blekkotb_002&u=201206052D1640B0BF16223079A155A9&q={searchTerms}
IE - HKCU\..\SearchScopes\{5F422C2E-2BB1-4EC1-A418-B8AB016A3D95}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: fpw%40informatik.tu-darmstadt.de:0.7.2%20Beta
FF - prefs.js..extensions.enabledAddons: plugin%40andasa.de:2.0.11.362
FF - prefs.js..extensions.enabledAddons: gacela2%40nurago.com:12.6.151
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: gacela2@nurago.com:11.1.3066
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christopher\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ [2013.01.07 00:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.03 19:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.03 19:48:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.03 19:48:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.03 19:48:56 | 000,000,000 | ---D | M]
 
[2010.12.24 18:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions
[2012.12.22 00:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pcnr4deh.default\extensions
[2010.12.24 18:26:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pcnr4deh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.11 18:59:39 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pcnr4deh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012.10.03 10:32:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pcnr4deh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.10 22:06:10 | 000,000,000 | ---D | M] (Andasa iCat) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pcnr4deh.default\extensions\plugin@andasa.de
[2012.12.22 00:00:26 | 001,037,627 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\extensions\fpw@informatik.tu-darmstadt.de.xpi
[2012.12.03 19:55:15 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.12.19 18:43:25 | 000,000,933 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\11-suche.xml
[2011.12.19 18:43:25 | 000,002,419 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:43:25 | 000,010,525 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\gmx-suche.xml
[2013.01.05 12:29:12 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\icqplugin-1.xml
[2011.06.04 16:34:49 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\icqplugin-2.xml
[2011.07.15 14:25:10 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\icqplugin-3.xml
[2011.08.13 11:13:44 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\icqplugin-4.xml
[2010.12.07 18:33:14 | 000,001,056 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\icqplugin.xml
[2011.12.19 18:43:25 | 000,002,457 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\lastminute.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\startsear.xml
[2011.12.19 18:43:24 | 000,005,508 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pcnr4deh.default\searchplugins\webde-suche.xml
[2012.12.03 19:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.03 19:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.03 19:48:54 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2013.01.07 00:10:59 | 000,000,000 | ---D | M] (Digital Trends Club) -- C:\PROGRAM FILES\DIGITAL TRENDS CLUB
[2012.12.03 19:48:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.22 17:26:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 20:22:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.05 12:57:29 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012.06.22 17:26:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 17:26:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 17:26:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 17:26:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Digital Trends Club\Gacela2.dll (Payback)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Payback-WatchDog] C:\Program Files\PaybackLSPService\Payback-WatchDog.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Digital Trends Club\Gacela2.dll (Payback)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PaybackLSPService.DLL (Payback)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\PaybackLSPService.DLL (Payback)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\PaybackLSPService.DLL (Payback)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\PaybackLSPService.DLL (Payback)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\PaybackLSPService.DLL (Payback)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{0a1f406f-3061-11e0-885a-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{0a1f406f-3061-11e0-885a-001f1621dd94}\Shell\AutoRun\command - "" = F:\CD_Start.exe
O33 - MountPoints2\{4992ab98-85f3-11df-ad3b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{4992ab98-85f3-11df-ad3b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4992abac-85f3-11df-ad3b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{4992abac-85f3-11df-ad3b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4992abb4-85f3-11df-ad3b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{4992abb4-85f3-11df-ad3b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{58303dec-759b-11e0-b5d9-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{58303dec-759b-11e0-b5d9-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e54c377-861d-11e0-9d1c-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{8e54c377-861d-11e0-9d1c-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{930aadd4-d89e-11e1-92f2-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{930aadd4-d89e-11e1-92f2-001f1621dd94}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{958de360-113d-11e0-8b4b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{958de360-113d-11e0-8b4b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c146bb92-772b-11e0-b52d-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{c146bb92-772b-11e0-b52d-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c146bb94-772b-11e0-b52d-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{c146bb94-772b-11e0-b52d-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0372f53-74db-11e0-b523-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{d0372f53-74db-11e0-b523-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d5f03b3c-8850-11df-baa5-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{d5f03b3c-8850-11df-baa5-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2855bab-2c6f-11e1-a298-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e2855bab-2c6f-11e1-a298-001f1621dd94}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\{e4794c19-7c96-11e0-8e92-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4794c19-7c96-11e0-8e92-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4794c29-7c96-11e0-8e92-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4794c29-7c96-11e0-8e92-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.06 23:19:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Documents\Bankgeschäfte
[2013.01.03 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Malwarebytes
[2013.01.03 21:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.03 21:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 21:28:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.03 21:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.03 21:28:34 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Local\Programs
[2012.12.30 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.30 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.07 19:53:18 | 000,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 19:53:18 | 000,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 19:51:11 | 000,662,726 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.07 19:51:11 | 000,624,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.07 19:51:11 | 000,133,630 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.07 19:51:11 | 000,110,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.07 19:48:26 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.01.07 19:46:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.07 19:45:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.07 19:45:26 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 00:10:01 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-33569901-2919875-1445580196-1000UA.job
[2013.01.06 23:45:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.06 23:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.05 15:10:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-33569901-2919875-1445580196-1000Core.job
[2013.01.05 12:23:59 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.30 21:48:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2012.12.26 11:24:28 | 000,495,699 | ---- | M] () -- C:\Users\Christopher\Desktop\DSCN2651.JPG
[2012.12.26 11:24:10 | 000,395,664 | ---- | M] () -- C:\Users\Christopher\Desktop\DSCN2648.JPG
[2012.12.22 13:44:37 | 000,368,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.12.30 21:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.12.26 11:23:11 | 000,495,699 | ---- | C] () -- C:\Users\Christopher\Desktop\DSCN2651.JPG
[2012.12.26 11:23:11 | 000,395,664 | ---- | C] () -- C:\Users\Christopher\Desktop\DSCN2648.JPG
[2012.08.16 18:16:52 | 000,003,160 | ---- | C] () -- C:\Windows\System32\PaybackLSPService.ini
[2012.08.16 18:16:52 | 000,001,856 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.03.18 17:51:03 | 000,014,276 | ---- | C] () -- C:\Users\Christopher\ESt2011_Müller_Christopher.elfo
[2012.03.18 16:45:54 | 000,016,002 | ---- | C] () -- C:\Users\Christopher\ESt2011_Müller_Herbert_und_Müller_Renate.elfo
[2011.02.25 14:59:32 | 000,007,680 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.16 01:35:17 | 000,004,096 | -H-- | C] () -- C:\Users\Christopher\AppData\Local\keyfile3.drm
[2011.02.04 14:18:53 | 000,000,032 | ---- | C] () -- C:\Windows\CD_START.INI
[2011.02.04 14:10:47 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.12.24 19:21:27 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.25 10:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\wklnhst.dat
[2009.08.25 10:28:59 | 000,024,206 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.12.24 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Acronis
[2010.12.24 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.18 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\elsterformular
[2012.05.24 18:56:38 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Freemium
[2012.10.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\HTC
[2012.10.28 13:30:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\HTC Sync
[2013.01.03 23:53:47 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ICQ
[2011.08.27 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Jens Lorek
[2012.06.18 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Nokia
[2010.12.24 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Nokia Ovi Suite
[2012.01.06 15:59:35 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Nokia Suite
[2012.09.17 19:16:01 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\OpenCandy
[2012.10.28 13:30:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Outlook
[2010.12.24 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\PC Suite
[2012.06.05 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\pdfforge
[2010.12.24 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\T-Online
[2012.07.19 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\TeamViewer
[2010.12.30 23:34:52 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\TubeBox
[2012.09.17 19:16:37 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\TuneUp Software
[2011.11.05 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Verbindungsassistent
[2010.10.17 12:17:09 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.12.24 17:43:54 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2011.06.06 17:59:40 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.24 18:35:09 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2009.12.16 21:34:04 | 000,000,000 | ---D | M] -- C:\7c695e7cb043b1482c94de5bc9
[2011.04.06 18:27:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.06.10 14:45:20 | 000,000,000 | ---D | M] -- C:\CabLogs
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.06 12:39:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.06 23:34:37 | 000,000,000 | ---D | M] -- C:\exe Dateien
[2012.01.30 22:09:09 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2009.06.10 11:10:38 | 000,000,000 | ---D | M] -- C:\Intel
[2012.08.18 21:27:50 | 000,000,000 | ---D | M] -- C:\Macromedia
[2011.09.12 17:28:17 | 000,000,000 | ---D | M] -- C:\Microgaming
[2009.08.07 18:01:22 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.03 21:28:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.05 12:23:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.08.06 12:39:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.24 19:21:25 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.07 19:55:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.28 13:30:39 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.24 18:29:12 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.07 19:45:36 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.11 17:05:35 | 000,000,000 | ---D | M] -- C:\wlbinaries
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.06.11 17:18:07 | 000,001,022 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.04.14 21:31:01 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.14 21:31:02 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.10.11 20:00:49 | 000,001,140 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-33569901-2919875-1445580196-1000Core.job
[2011.10.11 20:00:49 | 000,001,162 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-33569901-2919875-1445580196-1000UA.job
[2012.04.11 16:51:52 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.18 22:27:20 | 000,014,276 | ---- | M] () -- C:\Users\Christopher\ESt2011_Müller_Christopher.elfo
[2012.03.18 18:09:00 | 000,016,002 | ---- | M] () -- C:\Users\Christopher\ESt2011_Müller_Herbert_und_Müller_Renate.elfo
[2013.01.07 20:00:05 | 003,670,016 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat
[2013.01.07 20:00:05 | 000,262,144 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat.LOG1
[2010.12.24 18:04:16 | 000,000,000 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat.LOG2
[2011.01.12 17:25:38 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{274f5f18-1e68-11e0-bc4d-bd63bb09cfc8}.TM.blf
[2011.01.12 17:25:38 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{274f5f18-1e68-11e0-bc4d-bd63bb09cfc8}.TMContainer00000000000000000001.regtrans-ms
[2011.01.12 17:25:38 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{274f5f18-1e68-11e0-bc4d-bd63bb09cfc8}.TMContainer00000000000000000002.regtrans-ms
[2010.12.24 18:04:17 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.12.24 18:04:17 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.12.24 18:04:17 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.12.24 19:21:32 | 000,000,020 | -HS- | M] () -- C:\Users\Christopher\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---

Extras.txtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.01.2013 19:52:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christopher\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,06% Memory free
5,99 Gb Paging File | 4,48 Gb Available in Paging File | 74,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 123,18 Gb Free Space | 45,83% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
 
Computer Name: ICH-PC | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017D8FDD-60BC-4265-9961-0B66B0B179A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{07647C91-1460-4925-B168-D44B91488EFE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{13CC5568-50E7-4EE5-BEA7-E5DDB4B30D37}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{158E3634-F3C5-4D59-A884-42736EEBCDC3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{23D59C06-9575-4B6E-BBE0-AABC1B44A372}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2D4D912C-CD53-4DD1-9505-4A02F324C5E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AB1249B-CC94-4046-995E-85C1FB257EAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{414A0818-B94F-46C0-8DF7-302ADE04606B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F14400A-72BB-429F-BD50-B541205588F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{639B62BB-A566-448F-A385-ADBC58001713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D81F1C12-E1C0-47D3-B86F-7FF301576B86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA27951F-DCB3-4E84-A595-E15B2E5ADA6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB4F10D6-4387-418A-B1CE-CB66BC99D3DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E02BEA95-646C-40F1-AD3F-D4C9DD8AAA90}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE7E5464-196D-4BB5-B469-A94ED745E7B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F0020F-2366-4C3F-9A10-EA8E196C7CBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DB73116-28DF-41C8-B79B-46FEF5D0B4FA}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{12BBE31E-308E-4B0B-9972-A6E77005120D}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{18FAD50C-B5A3-4BD1-80B5-91E0A8C5545B}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{19EA287F-D411-476A-9B6F-D1E7500380FC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{1C3D3D24-FEB4-4848-B924-E87047731983}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{34B597A3-0C0A-4ED2-84E9-EB19AC7F05F6}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{361B38BD-DC30-4434-88D4-1B9F8CE2042B}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{39D3E8B0-DE16-4415-87D4-926B01114034}" = dir=in | app=c:\program files\htc\htc sync manager\htc sync\htcsyncloader.exe | 
"{4785897E-98C1-4774-A558-EEFA6DBDABCF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{5FBEEC91-1550-490C-9816-9E3A5F7C5280}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62BC8737-F81C-494B-A1DF-B5C706CA600B}" = protocol=6 | dir=out | app=system | 
"{6761B745-F22A-43BE-929E-1A0EC231A93C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7717C187-8C78-40DA-8AC6-B9242CB6D310}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FA97719-C823-45A7-ADBF-8D13455C8A1C}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{83B093A8-EB7C-4D23-BD3C-C774B4D983C2}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{88813D29-3B77-4F4A-9AEA-561EBF068B9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{897BCAA0-72FE-4C21-9A31-C369217E633C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8BF83652-6A70-4D29-B318-98AEFA29CCDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C9B5655-E089-41E9-A93B-3E677DB1C3E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E6BC40D-AD34-406D-9A83-E9BF5D19BEE8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8FD6ECAA-AE46-41B9-A1E1-A027F59E0545}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{912317C3-B8BD-44F4-828F-7928A53CA300}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{98AF4DBD-DB62-4CAC-A435-98A5949D0306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CFA5277-E766-45CD-AEFD-7529359F85E3}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{ABF8F02F-8563-4E30-B5C5-E54F22CB0A50}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACF1ADBF-83E9-46A9-8B97-592AECEB367E}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{BAE6FDF0-1E2F-4747-85E7-5337C8FB16CA}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{BF124975-E02B-4796-B1BF-8EAAC1CAA187}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{C1F4FD87-FEF3-41F9-94FB-C90AFEAE9BC7}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{C27F93EE-59A1-479A-9626-62EFCC77ECC7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{C86E1836-55B2-4A8B-A002-1D429FCE5F24}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CC2D2524-E6D7-4CA4-9972-C4B263407A86}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{D24AEFDD-E9FB-4743-8A17-85AEEAF89F48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D27030F1-E046-40B3-9BCE-A3A7252E2DCD}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{DD80613E-9D9A-4E39-ADBC-199DED9C1142}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E564B433-CAAA-461E-B7F1-4EEBBE51B2ED}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{EE2B8FE9-E192-4B16-A361-54C98242A461}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F12DF7CA-6434-49C8-956E-3A014CD9E110}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F5B0991B-5F31-4CF9-B65B-751A369B038D}" = dir=in | app=c:\users\christopher\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{01B682FA-464F-4D66-93CE-4DA9E0324C23}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"TCP Query User{3D91D326-9A3E-42C7-A736-BF0EA4E8535E}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{57684A50-0C46-4394-853D-52F3004B17DF}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{5D13C0EC-91B2-4985-8653-20ED2544EF11}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{6D9366F4-88BE-4F0F-A493-122238AA50BC}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{91706178-8D15-46D5-947C-AE5464268699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A757BA5A-7CAE-4C35-A39D-AC21A11E9BBA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A7B4937F-50B3-47AD-AB77-7E9C310AD84F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{C6FBED35-DF5A-4B82-BF2F-90C2B36B06A2}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{FF072566-F2F1-4EDB-8E91-D4DE4E1BA93C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0A0ED35B-47DB-4D25-AE26-02AB9C7F5D37}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{41A9C88B-7AAA-456F-B675-BE08CCA6E93A}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{53A5273F-2487-48A4-A81F-5429024BD6CD}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{56EA921A-E809-41C4-BA61-D7F7A283B410}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"UDP Query User{645B45A4-3FEE-4C80-968C-E70844430792}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{7172BDC8-AF60-4247-B349-0FD985E71519}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B22FDCCA-863D-45E9-AB83-073DE6DAA846}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DB50D669-0B9F-45A8-B1F0-5E979E4B92E7}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{E3CD1ECD-AA5D-4C0B-BAC0-29A4B6F361CF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{F66D679B-8846-43D1-B11F-7AD9E8AFF22B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.56
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = Digital Trends Club
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83E58D0D-7FF8-448D-9151-C3EE1BDE8380}" = Falk Navi-Manager
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{924A365C-6727-42B9-91AC-C8C2CAC0B835}" = Falk Navi-Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA3215C7-7032-4D4D-B21F-C9D941749283}" = Corel Home Office 5.0.56
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"Angebote ALDI SÜD" = Angebote ALDI SÜD Bildschirmschoner
"Avira AntiVir Desktop" = Avira Free Antivirus
"Badaboom" = Badaboom 1.1.1.194
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"Google Updater" = Google Updater
"HotspotShield" = Hotspot Shield 2.24
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"KeePass Password Safe_is1" = KeePass Password Safe 1.05
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2013 17:29:32 | Computer Name = Ich-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync Manager\ptt\NMTvWizard.exe.Manifest".  Die abhängige Assemblierung "NScCoreComponents,type="win32",version="5.3.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.01.2013 17:30:27 | Computer Name = Ich-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync Manager\NEE\NeroBRServer.exe.Manifest".  Die abhängige Assemblierung "Nero3D,processorArchitecture="x86",publicKeyToken="782f0d87cd3d50b0",type="win32",version="10.6.0.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.01.2013 07:24:08 | Computer Name = Ich-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.01.2013 08:51:42 | Computer Name = Ich-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.01.2013 13:35:14 | Computer Name = Ich-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.01.2013 13:35:14 | Computer Name = Ich-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4758
 
Error - 05.01.2013 13:35:14 | Computer Name = Ich-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4758
 
Error - 06.01.2013 06:58:55 | Computer Name = Ich-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.01.2013 17:11:19 | Computer Name = Ich-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2013 14:47:15 | Computer Name = Ich-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.01.2013 07:55:25 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1070
 
Error - 05.01.2013 07:57:15 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Server" wurde nicht richtig gestartet.
 
Error - 05.01.2013 07:57:15 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1070
 
Error - 05.01.2013 08:49:43 | Computer Name = Ich-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?01.?2013 um 12:59:19 unerwartet heruntergefahren.
 
Error - 05.01.2013 08:50:25 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Freemium System Store Service erreicht.
 
Error - 05.01.2013 08:50:25 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemium System Store Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 05.01.2013 08:51:13 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   DslMNLwf
 
Error - 06.01.2013 06:58:39 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   DslMNLwf
 
Error - 06.01.2013 17:10:13 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   DslMNLwf
 
Error - 07.01.2013 14:46:10 | Computer Name = Ich-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   DslMNLwf
 
 
< End of report >

--- --- ---

markusg · 07.01.2013, 20:28

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O33 - MountPoints2\{0a1f406f-3061-11e0-885a-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{0a1f406f-3061-11e0-885a-001f1621dd94}\Shell\AutoRun\command - "" = F:\CD_Start.exe
O33 - MountPoints2\{4992ab98-85f3-11df-ad3b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{4992ab98-85f3-11df-ad3b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4992abac-85f3-11df-ad3b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{4992abac-85f3-11df-ad3b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4992abb4-85f3-11df-ad3b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{4992abb4-85f3-11df-ad3b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{58303dec-759b-11e0-b5d9-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{58303dec-759b-11e0-b5d9-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e54c377-861d-11e0-9d1c-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{8e54c377-861d-11e0-9d1c-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{930aadd4-d89e-11e1-92f2-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{930aadd4-d89e-11e1-92f2-001f1621dd94}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{958de360-113d-11e0-8b4b-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{958de360-113d-11e0-8b4b-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c146bb92-772b-11e0-b52d-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{c146bb92-772b-11e0-b52d-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c146bb94-772b-11e0-b52d-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{c146bb94-772b-11e0-b52d-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0372f53-74db-11e0-b523-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{d0372f53-74db-11e0-b523-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d5f03b3c-8850-11df-baa5-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{d5f03b3c-8850-11df-baa5-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2855bab-2c6f-11e1-a298-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e2855bab-2c6f-11e1-a298-001f1621dd94}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\{e4794c19-7c96-11e0-8e92-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4794c19-7c96-11e0-8e92-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4794c29-7c96-11e0-8e92-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4794c29-7c96-11e0-8e92-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

hesse1986 · 07.01.2013, 21:02

Wow....vielen Dank für die schnelle Antwort. Habe es wie beschrieben gemacht und hier der Bericht:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a1f406f-3061-11e0-885a-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a1f406f-3061-11e0-885a-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a1f406f-3061-11e0-885a-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a1f406f-3061-11e0-885a-001f1621dd94}\ not found.
File F:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4992ab98-85f3-11df-ad3b-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4992ab98-85f3-11df-ad3b-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4992ab98-85f3-11df-ad3b-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4992ab98-85f3-11df-ad3b-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4992abac-85f3-11df-ad3b-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4992abac-85f3-11df-ad3b-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4992abac-85f3-11df-ad3b-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4992abac-85f3-11df-ad3b-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4992abb4-85f3-11df-ad3b-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4992abb4-85f3-11df-ad3b-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4992abb4-85f3-11df-ad3b-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4992abb4-85f3-11df-ad3b-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58303dec-759b-11e0-b5d9-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58303dec-759b-11e0-b5d9-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58303dec-759b-11e0-b5d9-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58303dec-759b-11e0-b5d9-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f3864ca-11df-11e0-a4dd-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e54c377-861d-11e0-9d1c-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e54c377-861d-11e0-9d1c-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e54c377-861d-11e0-9d1c-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e54c377-861d-11e0-9d1c-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e54c37a-861d-11e0-9d1c-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{930aadd4-d89e-11e1-92f2-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930aadd4-d89e-11e1-92f2-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{930aadd4-d89e-11e1-92f2-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930aadd4-d89e-11e1-92f2-001f1621dd94}\ not found.
File F:\HTC_Sync_Manager_PC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{958de360-113d-11e0-8b4b-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{958de360-113d-11e0-8b4b-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{958de360-113d-11e0-8b4b-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{958de360-113d-11e0-8b4b-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb9140c3-bc5a-11e0-b561-001f1621dd94}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146bb92-772b-11e0-b52d-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c146bb92-772b-11e0-b52d-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146bb92-772b-11e0-b52d-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c146bb92-772b-11e0-b52d-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146bb94-772b-11e0-b52d-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c146bb94-772b-11e0-b52d-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146bb94-772b-11e0-b52d-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c146bb94-772b-11e0-b52d-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0372f53-74db-11e0-b523-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0372f53-74db-11e0-b523-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0372f53-74db-11e0-b523-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0372f53-74db-11e0-b523-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5f03b3c-8850-11df-baa5-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5f03b3c-8850-11df-baa5-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5f03b3c-8850-11df-baa5-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5f03b3c-8850-11df-baa5-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2855bab-2c6f-11e1-a298-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2855bab-2c6f-11e1-a298-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2855bab-2c6f-11e1-a298-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2855bab-2c6f-11e1-a298-001f1621dd94}\ not found.
File G:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4794c19-7c96-11e0-8e92-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4794c19-7c96-11e0-8e92-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4794c19-7c96-11e0-8e92-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4794c19-7c96-11e0-8e92-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4794c29-7c96-11e0-8e92-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4794c29-7c96-11e0-8e92-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4794c29-7c96-11e0-8e92-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4794c29-7c96-11e0-8e92-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4794c2c-7c96-11e0-8e92-001f1621dd94}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\HTC_Sync_Manager_PC.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Christopher
->Flash cache emptied: 550 bytes

User: Default

User: Default User

User: Gast

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Christopher
->Temp folder emptied: 128731 bytes
->Temporary Internet Files folder emptied: 7615384 bytes
->Java cache emptied: 4951327 bytes
->FireFox cache emptied: 65313847 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34756249 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 560636 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01072013_205417

Files\Folders moved on Reboot...
C:\Windows\temp\gis17f7b\2.4.1487.6512\de\cires.dll.mui moved successfully.
C:\Windows\temp\gis17f7b\2.4.1487.6512\ci.dll moved successfully.
C:\Windows\temp\gis17f7b\2.4.1487.6512\cires.dll moved successfully.
C:\Windows\temp\gis17f7b\GoogleUpdater.exe moved successfully.
File move failed. C:\Windows\temp\GacelaLSPService.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg · 08.01.2013, 19:29

Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

hesse1986 · 08.01.2013, 21:20

Hallo,

danke.... Hier das logfile

21:14:10.0772 4808 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:14:11.0302 4808 ============================================================
21:14:11.0302 4808 Current date / time: 2013/01/08 21:14:11.0302
21:14:11.0302 4808 SystemInfo:
21:14:11.0302 4808
21:14:11.0302 4808 OS Version: 6.1.7601 ServicePack: 1.0
21:14:11.0302 4808 Product type: Workstation
21:14:11.0302 4808 ComputerName: ICH-PC
21:14:11.0302 4808 UserName: Christopher
21:14:11.0302 4808 Windows directory: C:\Windows
21:14:11.0302 4808 System windows directory: C:\Windows
21:14:11.0302 4808 Processor architecture: Intel x86
21:14:11.0302 4808 Number of processors: 2
21:14:11.0302 4808 Page size: 0x1000
21:14:11.0302 4808 Boot type: Normal boot
21:14:11.0302 4808 ============================================================
21:14:13.0080 4808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:14:13.0080 4808 ============================================================
21:14:13.0080 4808 \Device\Harddisk0\DR0:
21:14:13.0080 4808 MBR partitions:
21:14:13.0080 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x21996800
21:14:13.0080 4808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x21997000, BlocksNum 0x3A97000
21:14:13.0080 4808 ============================================================
21:14:13.0143 4808 C: <-> \Device\Harddisk0\DR0\Partition1
21:14:13.0174 4808 D: <-> \Device\Harddisk0\DR0\Partition2
21:14:13.0174 4808 ============================================================
21:14:13.0174 4808 Initialize success
21:14:13.0174 4808 ============================================================
21:15:23.0995 6532 ============================================================
21:15:23.0995 6532 Scan started
21:15:23.0995 6532 Mode: Manual; SigCheck; TDLFS;
21:15:23.0995 6532 ============================================================
21:15:25.0165 6532 ================ Scan system memory ========================
21:15:25.0165 6532 System memory - ok
21:15:25.0165 6532 ================ Scan services =============================
21:15:25.0555 6532 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:15:25.0774 6532 1394ohci - ok
21:15:25.0930 6532 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:15:25.0961 6532 ACPI - ok
21:15:26.0070 6532 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:15:26.0273 6532 AcpiPmi - ok
21:15:26.0616 6532 [ CBBB27038AC34458C84376715C9C7F16 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
21:15:26.0678 6532 AcrSch2Svc - ok
21:15:26.0741 6532 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:15:26.0772 6532 AdobeFlashPlayerUpdateSvc - ok
21:15:26.0834 6532 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:15:26.0990 6532 adp94xx - ok
21:15:27.0037 6532 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:15:27.0115 6532 adpahci - ok
21:15:27.0146 6532 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:15:27.0193 6532 adpu320 - ok
21:15:27.0271 6532 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:15:27.0412 6532 AeLookupSvc - ok
21:15:27.0552 6532 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:15:27.0661 6532 AFD - ok
21:15:27.0739 6532 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:15:27.0817 6532 agp440 - ok
21:15:27.0895 6532 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:15:28.0051 6532 aic78xx - ok
21:15:28.0114 6532 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:15:28.0519 6532 ALG - ok
21:15:28.0550 6532 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:15:28.0644 6532 aliide - ok
21:15:28.0706 6532 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:15:28.0894 6532 amdagp - ok
21:15:28.0956 6532 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:15:28.0987 6532 amdide - ok
21:15:29.0018 6532 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:15:29.0128 6532 AmdK8 - ok
21:15:29.0159 6532 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:15:29.0346 6532 AmdPPM - ok
21:15:29.0393 6532 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:15:29.0471 6532 amdsata - ok
21:15:29.0518 6532 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:15:29.0596 6532 amdsbs - ok
21:15:29.0658 6532 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:15:29.0674 6532 amdxata - ok
21:15:29.0783 6532 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:15:29.0814 6532 AntiVirSchedulerService - ok
21:15:29.0861 6532 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:15:29.0876 6532 AntiVirService - ok
21:15:29.0923 6532 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:15:30.0126 6532 AppID - ok
21:15:30.0173 6532 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:15:30.0251 6532 AppIDSvc - ok
21:15:30.0313 6532 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:15:30.0376 6532 Appinfo - ok
21:15:30.0500 6532 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:15:30.0516 6532 Apple Mobile Device - ok
21:15:30.0594 6532 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:15:30.0641 6532 arc - ok
21:15:30.0672 6532 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:15:30.0688 6532 arcsas - ok
21:15:30.0734 6532 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:30.0922 6532 AsyncMac - ok
21:15:30.0968 6532 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:15:31.0000 6532 atapi - ok
21:15:31.0046 6532 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:15:31.0140 6532 AudioEndpointBuilder - ok
21:15:31.0156 6532 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:15:31.0187 6532 Audiosrv - ok
21:15:31.0249 6532 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:15:31.0312 6532 avgntflt - ok
21:15:31.0405 6532 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:15:31.0530 6532 avipbb - ok
21:15:31.0546 6532 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:15:31.0592 6532 avkmgr - ok
21:15:31.0655 6532 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:15:31.0858 6532 AxInstSV - ok
21:15:31.0920 6532 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:15:32.0076 6532 b06bdrv - ok
21:15:32.0216 6532 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:15:32.0419 6532 b57nd60x - ok
21:15:32.0466 6532 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:15:32.0716 6532 BDESVC - ok
21:15:32.0747 6532 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:15:32.0887 6532 Beep - ok
21:15:32.0934 6532 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:15:33.0028 6532 BFE - ok
21:15:33.0106 6532 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:15:33.0199 6532 BITS - ok
21:15:33.0324 6532 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:15:33.0386 6532 blbdrive - ok
21:15:33.0480 6532 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:15:33.0527 6532 Bonjour Service - ok
21:15:33.0574 6532 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:15:33.0792 6532 bowser - ok
21:15:33.0808 6532 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:15:34.0088 6532 BrFiltLo - ok
21:15:34.0104 6532 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:15:34.0369 6532 BrFiltUp - ok
21:15:34.0400 6532 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:15:34.0556 6532 Browser - ok
21:15:34.0603 6532 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:15:34.0837 6532 Brserid - ok
21:15:34.0853 6532 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:15:34.0946 6532 BrSerWdm - ok
21:15:34.0962 6532 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:15:35.0056 6532 BrUsbMdm - ok
21:15:35.0087 6532 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:15:35.0414 6532 BrUsbSer - ok
21:15:35.0430 6532 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:15:35.0602 6532 BTHMODEM - ok
21:15:35.0664 6532 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:15:35.0836 6532 bthserv - ok
21:15:35.0867 6532 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:15:36.0038 6532 cdfs - ok
21:15:36.0179 6532 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:15:36.0288 6532 cdrom - ok
21:15:36.0382 6532 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:15:36.0553 6532 CertPropSvc - ok
21:15:36.0647 6532 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:15:36.0787 6532 circlass - ok
21:15:36.0928 6532 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:15:36.0959 6532 CLFS - ok
21:15:37.0068 6532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:37.0177 6532 clr_optimization_v2.0.50727_32 - ok
21:15:37.0333 6532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:15:37.0349 6532 clr_optimization_v4.0.30319_32 - ok
21:15:37.0427 6532 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:15:37.0536 6532 CmBatt - ok
21:15:37.0583 6532 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:15:37.0645 6532 cmdide - ok
21:15:37.0645 6532 cmnsusbser - ok
21:15:37.0739 6532 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:15:37.0864 6532 CNG - ok
21:15:37.0926 6532 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:15:37.0942 6532 Compbatt - ok
21:15:38.0082 6532 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:15:38.0254 6532 CompositeBus - ok
21:15:38.0269 6532 COMSysApp - ok
21:15:38.0363 6532 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:15:38.0425 6532 crcdisk - ok
21:15:38.0456 6532 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:15:38.0534 6532 CryptSvc - ok
21:15:38.0597 6532 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:15:38.0659 6532 DcomLaunch - ok
21:15:38.0706 6532 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:15:38.0924 6532 defragsvc - ok
21:15:38.0971 6532 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:15:39.0174 6532 DfsC - ok
21:15:39.0330 6532 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:15:39.0502 6532 Dhcp - ok
21:15:39.0533 6532 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:15:39.0595 6532 discache - ok
21:15:39.0642 6532 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:15:39.0720 6532 Disk - ok
21:15:39.0829 6532 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:15:39.0985 6532 Dnscache - ok
21:15:40.0016 6532 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:15:40.0188 6532 dot3svc - ok
21:15:40.0313 6532 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:15:40.0453 6532 DPS - ok
21:15:40.0547 6532 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:15:40.0640 6532 drmkaud - ok
21:15:40.0718 6532 [ E577B5C4A6BE078E5445CDCFB65BE7AB ] DslMNLwf C:\Windows\system32\DRIVERS\dslmnlwf.sys
21:15:40.0781 6532 DslMNLwf - ok
21:15:40.0796 6532 [ C6B2E10CFE79169C72F0269087B9A603 ] dsltestSp5 C:\Windows\system32\Drivers\dsltestSp5.sys
21:15:40.0921 6532 dsltestSp5 - ok
21:15:41.0015 6532 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:15:41.0140 6532 DXGKrnl - ok
21:15:41.0202 6532 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:15:41.0483 6532 EapHost - ok
21:15:41.0654 6532 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:15:41.0966 6532 ebdrv - ok
21:15:42.0029 6532 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:15:42.0138 6532 EFS - ok
21:15:42.0278 6532 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:15:42.0403 6532 ehRecvr - ok
21:15:42.0466 6532 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:15:42.0622 6532 ehSched - ok
21:15:42.0700 6532 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:15:42.0793 6532 elxstor - ok
21:15:42.0918 6532 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:15:43.0043 6532 ErrDev - ok
21:15:43.0136 6532 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:15:43.0183 6532 EventSystem - ok
21:15:43.0261 6532 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:15:43.0355 6532 exfat - ok
21:15:43.0386 6532 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:15:43.0558 6532 fastfat - ok
21:15:43.0682 6532 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:15:43.0823 6532 Fax - ok
21:15:43.0932 6532 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:15:44.0088 6532 fdc - ok
21:15:44.0228 6532 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:15:44.0338 6532 fdPHost - ok
21:15:44.0353 6532 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:15:44.0447 6532 FDResPub - ok
21:15:44.0478 6532 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:15:44.0556 6532 FileInfo - ok
21:15:44.0634 6532 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:15:44.0774 6532 Filetrace - ok
21:15:44.0821 6532 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:15:45.0008 6532 flpydisk - ok
21:15:45.0040 6532 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:15:45.0118 6532 FltMgr - ok
21:15:45.0196 6532 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:15:45.0289 6532 FontCache - ok
21:15:45.0398 6532 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:15:45.0414 6532 FontCache3.0.0.0 - ok
21:15:47.0161 6532 [ EAE9B4318A46C08037BDB5CFE3053CF2 ] FreemiumSystemStoreService C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.exe
21:15:47.0910 6532 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - warning
21:15:47.0910 6532 FreemiumSystemStoreService - detected UnsignedFile.Multi.Generic (1)
21:15:47.0941 6532 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:15:47.0988 6532 FsDepends - ok
21:15:48.0082 6532 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:15:48.0175 6532 Fs_Rec - ok
21:15:48.0238 6532 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:15:48.0253 6532 fvevol - ok
21:15:48.0300 6532 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:15:48.0347 6532 gagp30kx - ok
21:15:48.0472 6532 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:15:48.0534 6532 GEARAspiWDM - ok
21:15:48.0628 6532 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:15:48.0721 6532 gpsvc - ok
21:15:48.0893 6532 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:48.0924 6532 gupdate - ok
21:15:48.0940 6532 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:48.0955 6532 gupdatem - ok
21:15:49.0018 6532 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:15:49.0049 6532 gusvc - ok
21:15:49.0080 6532 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:15:49.0174 6532 hcw85cir - ok
21:15:49.0236 6532 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:15:49.0298 6532 HDAudBus - ok
21:15:49.0314 6532 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:15:49.0392 6532 HidBatt - ok
21:15:49.0439 6532 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:15:49.0579 6532 HidBth - ok
21:15:49.0610 6532 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:15:49.0735 6532 HidIr - ok
21:15:49.0813 6532 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:15:49.0907 6532 hidserv - ok
21:15:49.0938 6532 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:15:50.0063 6532 HidUsb - ok
21:15:50.0110 6532 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:15:50.0234 6532 hkmsvc - ok
21:15:50.0297 6532 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:15:50.0406 6532 HomeGroupListener - ok
21:15:50.0453 6532 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:15:50.0515 6532 HomeGroupProvider - ok
21:15:50.0578 6532 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:15:50.0656 6532 HpSAMD - ok
21:15:50.0765 6532 [ 44452F7A09D00573DC6E714874257CC9 ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
21:15:50.0796 6532 hshld - ok
21:15:50.0843 6532 [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
21:15:50.0936 6532 HssDrv - ok
21:15:51.0092 6532 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
21:15:51.0124 6532 HssSrv - ok
21:15:51.0155 6532 [ 6B1DC08D22231C9E508A715F07FCE7FB ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
21:15:51.0217 6532 HssTrayService - ok
21:15:51.0233 6532 HssWd - ok
21:15:51.0295 6532 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:15:51.0498 6532 HTCAND32 - ok
21:15:51.0607 6532 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
21:15:51.0623 6532 HTCMonitorService - ok
21:15:51.0701 6532 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
21:15:51.0904 6532 htcnprot - ok
21:15:51.0997 6532 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:15:52.0028 6532 HTTP - ok
21:15:52.0028 6532 hwdatacard - ok
21:15:52.0122 6532 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:15:52.0153 6532 hwpolicy - ok
21:15:52.0247 6532 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:15:52.0403 6532 i8042prt - ok
21:15:52.0512 6532 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:15:52.0528 6532 IAANTMON - ok
21:15:52.0574 6532 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:15:52.0590 6532 iaStor - ok
21:15:52.0715 6532 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:15:52.0855 6532 iaStorV - ok
21:15:52.0980 6532 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:15:53.0152 6532 idsvc - ok
21:15:53.0245 6532 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:15:53.0308 6532 iirsp - ok
21:15:53.0401 6532 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:15:53.0698 6532 IKEEXT - ok
21:15:53.0854 6532 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:15:54.0181 6532 IntcAzAudAddService - ok
21:15:54.0228 6532 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:15:54.0322 6532 intelide - ok
21:15:54.0368 6532 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:15:54.0431 6532 intelppm - ok
21:15:54.0493 6532 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:15:54.0618 6532 IPBusEnum - ok
21:15:54.0680 6532 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:15:54.0852 6532 IpFilterDriver - ok
21:15:54.0946 6532 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:15:55.0024 6532 iphlpsvc - ok
21:15:55.0086 6532 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:15:55.0211 6532 IPMIDRV - ok
21:15:55.0258 6532 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:15:55.0429 6532 IPNAT - ok
21:15:55.0538 6532 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:15:55.0632 6532 iPod Service - ok
21:15:55.0679 6532 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:15:55.0835 6532 IRENUM - ok
21:15:55.0882 6532 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:15:55.0944 6532 isapnp - ok
21:15:56.0006 6532 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:15:56.0100 6532 iScsiPrt - ok
21:15:56.0240 6532 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:15:56.0365 6532 kbdclass - ok
21:15:56.0396 6532 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:15:56.0568 6532 kbdhid - ok
21:15:56.0584 6532 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:15:56.0615 6532 KeyIso - ok
21:15:56.0693 6532 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:15:56.0802 6532 KSecDD - ok
21:15:56.0833 6532 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:15:56.0927 6532 KSecPkg - ok
21:15:57.0036 6532 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:15:57.0239 6532 KtmRm - ok
21:15:57.0270 6532 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:15:57.0442 6532 LanmanServer - ok
21:15:57.0504 6532 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:15:57.0613 6532 LanmanWorkstation - ok
21:15:57.0738 6532 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:15:57.0910 6532 lltdio - ok
21:15:58.0003 6532 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:15:58.0159 6532 lltdsvc - ok
21:15:58.0190 6532 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:15:58.0300 6532 lmhosts - ok
21:15:58.0378 6532 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:15:58.0440 6532 LSI_FC - ok
21:15:58.0487 6532 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:15:58.0580 6532 LSI_SAS - ok
21:15:58.0596 6532 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:15:58.0674 6532 LSI_SAS2 - ok
21:15:58.0690 6532 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:15:58.0814 6532 LSI_SCSI - ok
21:15:58.0877 6532 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:15:58.0970 6532 luafv - ok
21:15:59.0033 6532 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:15:59.0095 6532 MBAMProtector - ok
21:15:59.0204 6532 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:15:59.0236 6532 MBAMScheduler - ok
21:15:59.0282 6532 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:15:59.0314 6532 MBAMService - ok
21:15:59.0548 6532 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
21:15:59.0657 6532 McComponentHostService - ok
21:15:59.0750 6532 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:15:59.0782 6532 Mcx2Svc - ok
21:15:59.0906 6532 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:16:00.0062 6532 megasas - ok
21:16:00.0094 6532 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:16:00.0234 6532 MegaSR - ok
21:16:00.0296 6532 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:16:00.0437 6532 MMCSS - ok
21:16:00.0468 6532 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:16:00.0530 6532 Modem - ok
21:16:00.0702 6532 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:16:00.0780 6532 monitor - ok
21:16:00.0796 6532 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:16:00.0905 6532 mouclass - ok
21:16:00.0936 6532 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:16:00.0983 6532 mouhid - ok
21:16:01.0108 6532 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:16:01.0139 6532 mountmgr - ok
21:16:01.0217 6532 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:16:01.0373 6532 MozillaMaintenance - ok
21:16:01.0451 6532 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:16:01.0544 6532 mpio - ok
21:16:01.0638 6532 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:16:01.0778 6532 mpsdrv - ok
21:16:01.0856 6532 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:16:01.0966 6532 MpsSvc - ok
21:16:02.0122 6532 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:16:02.0278 6532 MRxDAV - ok
21:16:02.0418 6532 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:02.0496 6532 mrxsmb - ok
21:16:02.0590 6532 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:02.0714 6532 mrxsmb10 - ok
21:16:02.0777 6532 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:02.0917 6532 mrxsmb20 - ok
21:16:02.0933 6532 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:16:03.0026 6532 msahci - ok
21:16:03.0042 6532 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:16:03.0151 6532 msdsm - ok
21:16:03.0276 6532 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:16:03.0370 6532 MSDTC - ok
21:16:03.0463 6532 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:16:03.0557 6532 Msfs - ok
21:16:03.0588 6532 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:16:03.0791 6532 mshidkmdf - ok
21:16:03.0838 6532 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:16:03.0853 6532 msisadrv - ok
21:16:03.0884 6532 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:16:04.0040 6532 MSiSCSI - ok
21:16:04.0040 6532 msiserver - ok
21:16:04.0118 6532 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:16:04.0181 6532 MSKSSRV - ok
21:16:04.0212 6532 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:04.0321 6532 MSPCLOCK - ok
21:16:04.0352 6532 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:16:04.0446 6532 MSPQM - ok
21:16:04.0508 6532 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:16:04.0586 6532 MsRPC - ok
21:16:04.0618 6532 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:16:04.0633 6532 mssmbios - ok
21:16:04.0664 6532 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:16:04.0742 6532 MSTEE - ok
21:16:04.0789 6532 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:16:04.0883 6532 MTConfig - ok
21:16:04.0961 6532 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:16:05.0023 6532 Mup - ok
21:16:05.0101 6532 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:16:05.0148 6532 napagent - ok
21:16:05.0195 6532 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:16:05.0288 6532 NativeWifiP - ok
21:16:05.0351 6532 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:16:05.0413 6532 NDIS - ok
21:16:05.0491 6532 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:16:05.0678 6532 NdisCap - ok
21:16:05.0694 6532 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:05.0834 6532 NdisTapi - ok
21:16:05.0881 6532 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:06.0053 6532 Ndisuio - ok
21:16:06.0131 6532 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:06.0287 6532 NdisWan - ok
21:16:06.0443 6532 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:16:06.0630 6532 NDProxy - ok
21:16:06.0926 6532 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:16:07.0004 6532 Nero BackItUp Scheduler 3 - ok
21:16:07.0082 6532 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:16:07.0254 6532 NetBIOS - ok
21:16:07.0379 6532 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:16:07.0441 6532 NetBT - ok
21:16:07.0472 6532 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:16:07.0535 6532 Netlogon - ok
21:16:07.0597 6532 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:16:07.0706 6532 Netman - ok
21:16:07.0738 6532 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:16:07.0831 6532 netprofm - ok
21:16:07.0925 6532 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:16:07.0956 6532 NetTcpPortSharing - ok
21:16:08.0018 6532 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:16:08.0096 6532 nfrd960 - ok
21:16:08.0128 6532 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:16:08.0268 6532 NlaSvc - ok
21:16:08.0424 6532 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:16:08.0455 6532 NMIndexingService - ok
21:16:08.0518 6532 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
21:16:08.0736 6532 nmwcd - ok
21:16:08.0752 6532 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
21:16:09.0032 6532 nmwcdc - ok
21:16:09.0095 6532 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:16:09.0220 6532 Npfs - ok
21:16:09.0282 6532 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:16:09.0438 6532 nsi - ok
21:16:09.0469 6532 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:16:09.0563 6532 nsiproxy - ok
21:16:09.0641 6532 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:16:09.0875 6532 Ntfs - ok
21:16:09.0922 6532 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:16:10.0187 6532 Null - ok
21:16:10.0249 6532 [ 603B0C9BB86F7B3EFB88A482C6663EC4 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:16:10.0405 6532 NVHDA - ok
21:16:10.0655 6532 [ 2877CD56310938A170810BDE50FD3F01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:16:11.0170 6532 nvlddmkm - ok
21:16:11.0232 6532 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:16:11.0294 6532 nvraid - ok
21:16:11.0310 6532 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:16:11.0435 6532 nvstor - ok
21:16:11.0544 6532 [ 993BD983E233DFA160090FAD01F40F29 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:16:11.0575 6532 nvsvc - ok
21:16:11.0653 6532 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:16:11.0731 6532 nv_agp - ok
21:16:11.0778 6532 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:16:11.0856 6532 ohci1394 - ok
21:16:11.0981 6532 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:12.0121 6532 ose - ok
21:16:12.0230 6532 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:16:12.0371 6532 p2pimsvc - ok
21:16:12.0418 6532 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:16:12.0527 6532 p2psvc - ok
21:16:12.0589 6532 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:16:12.0714 6532 Parport - ok
21:16:12.0917 6532 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:16:13.0026 6532 partmgr - ok
21:16:13.0088 6532 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:16:13.0198 6532 Parvdm - ok
21:16:13.0244 6532 [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
21:16:13.0291 6532 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:16:13.0291 6532 PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:16:13.0478 6532 [ BFD86C4B51F954445DF0E217EAC94E84 ] Payback-Reporting-Service C:\Program Files\Digital Trends Club\Payback-Reporting.exe
21:16:13.0619 6532 Payback-Reporting-Service - ok
21:16:13.0681 6532 [ D5FE5A35A4E78233677BC7288277A648 ] Payback-Update-Service C:\Program Files\Digital Trends Club\Payback-Updater.exe
21:16:13.0759 6532 Payback-Update-Service - ok
21:16:13.0915 6532 [ 81C7A38D5B9F87F9634A5356110C79DE ] PaybackLSPService C:\Program Files\PaybackLSPService\PaybackLSPService.exe
21:16:14.0071 6532 PaybackLSPService - ok
21:16:14.0196 6532 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:16:14.0243 6532 PcaSvc - ok
21:16:14.0321 6532 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:16:14.0461 6532 pccsmcfd - ok
21:16:14.0524 6532 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:16:14.0648 6532 pci - ok
21:16:14.0789 6532 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:16:14.0836 6532 pciide - ok
21:16:14.0914 6532 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:16:14.0976 6532 pcmcia - ok
21:16:15.0007 6532 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:16:15.0085 6532 pcw - ok
21:16:15.0148 6532 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:16:15.0366 6532 PEAUTH - ok
21:16:15.0491 6532 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:16:15.0772 6532 pla - ok
21:16:15.0865 6532 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:16:15.0881 6532 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:16:15.0881 6532 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:16:15.0959 6532 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:16:16.0130 6532 PlugPlay - ok
21:16:16.0193 6532 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:16:16.0318 6532 PNRPAutoReg - ok
21:16:16.0380 6532 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:16:16.0411 6532 PNRPsvc - ok
21:16:16.0489 6532 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:16:16.0567 6532 PolicyAgent - ok
21:16:16.0645 6532 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:16:16.0692 6532 Power - ok
21:16:16.0754 6532 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:16:16.0910 6532 PptpMiniport - ok
21:16:17.0066 6532 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:16:17.0160 6532 Processor - ok
21:16:17.0254 6532 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:16:17.0394 6532 ProfSvc - ok
21:16:17.0425 6532 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:16:17.0472 6532 ProtectedStorage - ok
21:16:17.0566 6532 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
21:16:17.0581 6532 ProtexisLicensing - ok
21:16:17.0675 6532 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:16:17.0753 6532 Psched - ok
21:16:17.0815 6532 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:16:17.0846 6532 PSI_SVC_2 - ok
21:16:17.0940 6532 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:16:18.0127 6532 ql2300 - ok
21:16:18.0158 6532 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:16:18.0299 6532 ql40xx - ok
21:16:18.0377 6532 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:16:18.0533 6532 QWAVE - ok
21:16:18.0580 6532 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:16:18.0736 6532 QWAVEdrv - ok
21:16:18.0751 6532 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:16:18.0938 6532 RasAcd - ok
21:16:19.0001 6532 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:16:19.0126 6532 RasAgileVpn - ok
21:16:19.0204 6532 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:16:19.0328 6532 RasAuto - ok
21:16:19.0391 6532 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:19.0547 6532 Rasl2tp - ok
21:16:19.0625 6532 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:16:19.0812 6532 RasMan - ok
21:16:19.0828 6532 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:19.0952 6532 RasPppoe - ok
21:16:19.0968 6532 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:16:20.0140 6532 RasSstp - ok
21:16:20.0296 6532 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:16:20.0452 6532 rdbss - ok
21:16:20.0483 6532 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:16:20.0592 6532 rdpbus - ok
21:16:20.0639 6532 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:20.0748 6532 RDPCDD - ok
21:16:20.0810 6532 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:16:21.0013 6532 RDPENCDD - ok
21:16:21.0060 6532 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:16:21.0091 6532 RDPREFMP - ok
21:16:21.0122 6532 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:16:21.0247 6532 RDPWD - ok
21:16:21.0341 6532 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:16:21.0481 6532 rdyboost - ok
21:16:21.0590 6532 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:16:21.0762 6532 RemoteAccess - ok
21:16:21.0809 6532 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:16:21.0996 6532 RemoteRegistry - ok
21:16:22.0090 6532 [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
21:16:22.0136 6532 resetWinService ( UnsignedFile.Multi.Generic ) - warning
21:16:22.0136 6532 resetWinService - detected UnsignedFile.Multi.Generic (1)
21:16:22.0246 6532 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SYSTEM32\Rezip.exe
21:16:22.0339 6532 Rezip ( UnsignedFile.Multi.Generic ) - warning
21:16:22.0339 6532 Rezip - detected UnsignedFile.Multi.Generic (1)
21:16:22.0448 6532 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
21:16:22.0464 6532 RichVideo - ok
21:16:22.0526 6532 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:16:22.0620 6532 RpcEptMapper - ok
21:16:22.0667 6532 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:16:22.0823 6532 RpcLocator - ok
21:16:23.0072 6532 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:16:23.0119 6532 RpcSs - ok
21:16:23.0150 6532 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:16:23.0478 6532 rspndr - ok
21:16:23.0525 6532 [ D6FAE13AFACEF23A6471D23284B8A164 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
21:16:23.0696 6532 RTL8169 - ok
21:16:23.0774 6532 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
21:16:23.0962 6532 rtl8192se - ok
21:16:24.0071 6532 [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
21:16:24.0149 6532 RTSTOR - ok
21:16:24.0196 6532 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:16:24.0258 6532 SamSs - ok
21:16:24.0336 6532 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:16:24.0476 6532 sbp2port - ok
21:16:24.0539 6532 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:16:24.0710 6532 SCardSvr - ok
21:16:24.0742 6532 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:16:24.0866 6532 scfilter - ok
21:16:24.0976 6532 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:16:25.0085 6532 Schedule - ok
21:16:25.0147 6532 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:16:25.0194 6532 SCPolicySvc - ok
21:16:25.0288 6532 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:16:25.0506 6532 SDRSVC - ok
21:16:25.0568 6532 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:16:25.0662 6532 secdrv - ok
21:16:25.0787 6532 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:16:25.0896 6532 seclogon - ok
21:16:25.0912 6532 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:16:25.0990 6532 SENS - ok
21:16:26.0052 6532 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:16:26.0161 6532 SensrSvc - ok
21:16:26.0239 6532 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:16:26.0333 6532 Serenum - ok
21:16:26.0348 6532 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:16:26.0442 6532 Serial - ok
21:16:26.0536 6532 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:16:26.0629 6532 sermouse - ok
21:16:26.0863 6532 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:16:26.0988 6532 ServiceLayer - ok
21:16:27.0097 6532 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:16:27.0378 6532 SessionEnv - ok
21:16:27.0472 6532 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:16:27.0659 6532 sffdisk - ok
21:16:27.0674 6532 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:16:27.0830 6532 sffp_mmc - ok
21:16:27.0862 6532 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:16:27.0940 6532 sffp_sd - ok
21:16:28.0002 6532 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:16:28.0376 6532 sfloppy - ok
21:16:28.0642 6532 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:16:29.0032 6532 SharedAccess - ok
21:16:29.0188 6532 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:16:29.0375 6532 ShellHWDetection - ok
21:16:29.0422 6532 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:16:29.0515 6532 sisagp - ok
21:16:29.0562 6532 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:16:29.0624 6532 SiSRaid2 - ok
21:16:29.0656 6532 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:16:29.0718 6532 SiSRaid4 - ok
21:16:29.0780 6532 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:16:29.0905 6532 SkypeUpdate - ok
21:16:29.0952 6532 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:16:30.0014 6532 Smb - ok
21:16:30.0108 6532 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\Windows\system32\DRIVERS\snman380.sys
21:16:30.0155 6532 snapman380 - ok
21:16:30.0202 6532 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:16:30.0233 6532 SNMPTRAP - ok
21:16:30.0311 6532 [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
21:16:30.0498 6532 SNP2UVC - ok
21:16:30.0529 6532 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:16:30.0607 6532 spldr - ok
21:16:30.0654 6532 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:16:30.0716 6532 Spooler - ok
21:16:30.0810 6532 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:16:30.0997 6532 sppsvc - ok
21:16:31.0060 6532 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:16:31.0153 6532 sppuinotify - ok
21:16:31.0200 6532 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:16:31.0309 6532 srv - ok
21:16:31.0340 6532 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:16:31.0372 6532 srv2 - ok
21:16:31.0387 6532 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:16:31.0465 6532 srvnet - ok
21:16:31.0528 6532 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:16:31.0559 6532 SSDPSRV - ok
21:16:31.0606 6532 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:16:31.0652 6532 ssmdrv - ok
21:16:31.0684 6532 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:16:31.0762 6532 SstpSvc - ok
21:16:31.0808 6532 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:16:31.0824 6532 stexstor - ok
21:16:31.0902 6532 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:16:32.0011 6532 StiSvc - ok
21:16:32.0058 6532 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:16:32.0136 6532 swenum - ok
21:16:32.0183 6532 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:16:32.0230 6532 swprv - ok
21:16:32.0292 6532 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:16:32.0386 6532 SysMain - ok
21:16:32.0479 6532 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:16:32.0620 6532 TabletInputService - ok
21:16:32.0682 6532 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
21:16:32.0760 6532 taphss - ok
21:16:32.0869 6532 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:16:33.0010 6532 TapiSrv - ok
21:16:33.0088 6532 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:16:33.0212 6532 TBS - ok
21:16:33.0446 6532 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:16:33.0649 6532 Tcpip - ok
21:16:33.0680 6532 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:16:33.0712 6532 TCPIP6 - ok
21:16:33.0868 6532 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:16:33.0992 6532 tcpipreg - ok
21:16:34.0086 6532 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:16:34.0226 6532 TDPIPE - ok
21:16:34.0289 6532 [ E22BF1642FCE508E1123543C8A51255B ] tdrpman139 C:\Windows\system32\DRIVERS\tdrpm139.sys
21:16:34.0538 6532 tdrpman139 - ok
21:16:34.0648 6532 [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService C:\Program Files\DSL-Manager\DslMgrSvc.exe
21:16:34.0819 6532 TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
21:16:34.0819 6532 TDslMgrService - detected UnsignedFile.Multi.Generic (1)
21:16:34.0928 6532 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:16:35.0084 6532 TDTCP - ok
21:16:35.0116 6532 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:16:35.0272 6532 tdx - ok
21:16:35.0334 6532 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:16:35.0443 6532 TermDD - ok
21:16:35.0584 6532 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:16:35.0802 6532 TermService - ok
21:16:35.0896 6532 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:16:36.0020 6532 Themes - ok
21:16:36.0098 6532 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:16:36.0176 6532 THREADORDER - ok
21:16:36.0208 6532 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:16:36.0317 6532 TrkWks - ok
21:16:36.0504 6532 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:16:36.0551 6532 TrustedInstaller - ok
21:16:36.0644 6532 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:16:36.0800 6532 tssecsrv - ok
21:16:36.0894 6532 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:16:37.0066 6532 TsUsbFlt - ok
21:16:37.0112 6532 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:16:37.0284 6532 tunnel - ok
21:16:37.0471 6532 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:16:37.0534 6532 uagp35 - ok
21:16:37.0565 6532 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:16:37.0721 6532 udfs - ok
21:16:37.0924 6532 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:16:38.0158 6532 UI0Detect - ok
21:16:38.0173 6532 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:16:38.0236 6532 uliagpkx - ok
21:16:38.0251 6532 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:16:38.0298 6532 umbus - ok
21:16:38.0376 6532 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:16:38.0454 6532 UmPass - ok
21:16:38.0594 6532 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:16:38.0657 6532 upnphost - ok
21:16:38.0704 6532 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:16:39.0016 6532 upperdev - ok
21:16:39.0125 6532 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:16:39.0281 6532 USBAAPL - ok
21:16:39.0359 6532 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:16:39.0484 6532 usbaudio - ok
21:16:39.0577 6532 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:16:39.0718 6532 usbccgp - ok
21:16:39.0796 6532 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:16:40.0154 6532 usbcir - ok
21:16:40.0186 6532 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:16:40.0342 6532 usbehci - ok
21:16:40.0373 6532 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:16:40.0700 6532 usbhub - ok
21:16:40.0778 6532 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:16:40.0919 6532 usbohci - ok
21:16:40.0997 6532 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:16:41.0137 6532 usbprint - ok
21:16:41.0246 6532 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
21:16:41.0496 6532 usbser - ok
21:16:41.0558 6532 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:16:41.0792 6532 UsbserFilt - ok
21:16:41.0902 6532 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:41.0995 6532 USBSTOR - ok
21:16:42.0104 6532 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:16:42.0214 6532 usbuhci - ok
21:16:42.0323 6532 uxddrv - ok
21:16:42.0416 6532 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:16:42.0541 6532 UxSms - ok
21:16:42.0557 6532 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:16:42.0650 6532 VaultSvc - ok
21:16:43.0025 6532 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:16:43.0118 6532 vdrvroot - ok
21:16:43.0259 6532 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:16:43.0508 6532 vds - ok
21:16:43.0571 6532 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:43.0664 6532 vga - ok
21:16:43.0820 6532 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:16:44.0023 6532 VgaSave - ok
21:16:44.0179 6532 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:16:44.0273 6532 vhdmp - ok
21:16:44.0320 6532 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:16:44.0366 6532 viaagp - ok
21:16:44.0538 6532 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:16:44.0632 6532 ViaC7 - ok
21:16:44.0694 6532 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:16:44.0725 6532 viaide - ok
21:16:44.0881 6532 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:16:45.0022 6532 volmgr - ok
21:16:45.0100 6532 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:16:45.0131 6532 volmgrx - ok
21:16:45.0224 6532 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:16:45.0334 6532 volsnap - ok
21:16:45.0380 6532 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:16:45.0458 6532 vsmraid - ok
21:16:45.0583 6532 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:16:45.0724 6532 VSS - ok
21:16:45.0848 6532 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:16:45.0942 6532 vwifibus - ok
21:16:45.0989 6532 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:16:46.0051 6532 vwififlt - ok
21:16:46.0082 6532 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:16:46.0176 6532 vwifimp - ok
21:16:46.0270 6532 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:16:46.0441 6532 W32Time - ok
21:16:46.0535 6532 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:16:46.0582 6532 WacomPen - ok
21:16:46.0628 6532 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:16:46.0738 6532 WANARP - ok
21:16:46.0753 6532 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:16:46.0784 6532 Wanarpv6 - ok
21:16:46.0909 6532 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:16:47.0128 6532 wbengine - ok
21:16:47.0190 6532 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:16:47.0237 6532 WbioSrvc - ok
21:16:47.0330 6532 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:16:47.0393 6532 wcncsvc - ok
21:16:47.0440 6532 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:16:47.0596 6532 WcsPlugInService - ok
21:16:47.0658 6532 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:16:47.0736 6532 Wd - ok
21:16:47.0798 6532 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:16:47.0876 6532 Wdf01000 - ok
21:16:47.0923 6532 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:16:48.0079 6532 WdiServiceHost - ok
21:16:48.0095 6532 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:16:48.0126 6532 WdiSystemHost - ok
21:16:48.0220 6532 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:16:48.0344 6532 WebClient - ok
21:16:48.0407 6532 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:16:48.0500 6532 Wecsvc - ok
21:16:48.0532 6532 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:16:48.0656 6532 wercplsupport - ok
21:16:48.0672 6532 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:16:48.0797 6532 WerSvc - ok
21:16:48.0844 6532 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:16:49.0015 6532 WfpLwf - ok
21:16:49.0031 6532 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:16:49.0093 6532 WIMMount - ok
21:16:49.0234 6532 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:16:49.0327 6532 WinDefend - ok
21:16:49.0327 6532 WinHttpAutoProxySvc - ok
21:16:49.0390 6532 [ C5E3A2EE25A3D86761AF7971EAEAC40C ] WINIO C:\Windows\system32\WinIo.sys
21:16:50.0497 6532 WINIO ( UnsignedFile.Multi.Generic ) - warning
21:16:50.0497 6532 WINIO - detected UnsignedFile.Multi.Generic (1)
21:16:50.0653 6532 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:16:50.0747 6532 Winmgmt - ok
21:16:50.0809 6532 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:16:51.0106 6532 WinRM - ok
21:16:51.0293 6532 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:16:51.0355 6532 WinUsb - ok
21:16:51.0449 6532 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:16:51.0605 6532 Wlansvc - ok
21:16:51.0698 6532 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:16:51.0792 6532 wlidsvc - ok
21:16:51.0901 6532 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:16:52.0042 6532 WmiAcpi - ok
21:16:52.0135 6532 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:16:52.0291 6532 wmiApSrv - ok
21:16:52.0556 6532 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:16:52.0728 6532 WMPNetworkSvc - ok
21:16:52.0822 6532 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:16:52.0993 6532 WPCSvc - ok
21:16:53.0071 6532 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:16:53.0196 6532 WPDBusEnum - ok
21:16:53.0321 6532 WPFFontCache_v0400 - ok
21:16:53.0383 6532 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:16:53.0570 6532 ws2ifsl - ok
21:16:53.0633 6532 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:16:53.0711 6532 wscsvc - ok
21:16:53.0726 6532 WSearch - ok
21:16:53.0945 6532 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:16:54.0070 6532 wuauserv - ok
21:16:54.0148 6532 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:16:54.0366 6532 WudfPf - ok
21:16:54.0491 6532 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:16:54.0553 6532 WUDFRd - ok
21:16:54.0772 6532 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:16:54.0881 6532 wudfsvc - ok
21:16:54.0974 6532 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:16:55.0208 6532 WwanSvc - ok
21:16:55.0224 6532 ================ Scan global ===============================
21:16:55.0567 6532 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:16:55.0708 6532 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
21:16:55.0754 6532 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
21:16:55.0910 6532 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:16:56.0004 6532 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:16:56.0020 6532 [Global] - ok
21:16:56.0020 6532 ================ Scan MBR ==================================
21:16:56.0035 6532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:16:56.0722 6532 \Device\Harddisk0\DR0 - ok
21:16:56.0722 6532 ================ Scan VBR ==================================
21:16:56.0784 6532 [ D897DFD40AC8E6EACDA0714867ED36D8 ] \Device\Harddisk0\DR0\Partition1
21:16:56.0784 6532 \Device\Harddisk0\DR0\Partition1 - ok
21:16:56.0846 6532 [ 3F4AB94CA07A8688A397C5D31374D966 ] \Device\Harddisk0\DR0\Partition2
21:16:56.0846 6532 \Device\Harddisk0\DR0\Partition2 - ok
21:16:56.0846 6532 ============================================================
21:16:56.0846 6532 Scan finished
21:16:56.0846 6532 ============================================================
21:16:56.0862 0872 Detected object count: 7
21:16:56.0862 0872 Actual detected object count: 7
21:19:06.0398 0872 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0398 0872 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:06.0398 0872 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0398 0872 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:06.0414 0872 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0414 0872 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:06.0414 0872 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0414 0872 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:06.0414 0872 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0414 0872 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:06.0414 0872 TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0414 0872 TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:06.0414 0872 WINIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:06.0414 0872 WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 09.01.2013, 00:35

Hi,
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

hesse1986 · 10.01.2013, 18:45

Hello,

vielen Dank nochmals!

Hier die logfile:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-08.01 - Christopher 10.01.2013  18:27:46.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3067.1816 [GMT 1:00]
ausgeführt von:: c:\users\Christopher\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-10 bis 2013-01-10  ))))))))))))))))))))))))))))))
.
.
2013-01-10 17:37 . 2013-01-10 17:37	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-01-10 17:37 . 2013-01-10 17:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-08 18:29 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D560CEA-BCB7-4357-8F16-933E7AB94D6E}\mpengine.dll
2013-01-08 18:16 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-07 19:54 . 2013-01-07 19:54	--------	d-----w-	C:\_OTL
2013-01-03 20:28 . 2013-01-03 20:28	--------	d-----w-	c:\users\Christopher\AppData\Roaming\Malwarebytes
2013-01-03 20:28 . 2013-01-03 20:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-03 20:28 . 2013-01-03 20:28	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-03 20:28 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-03 20:28 . 2013-01-03 20:28	--------	d-----w-	c:\users\Christopher\AppData\Local\Programs
2012-12-30 14:15 . 2012-12-30 14:15	--------	d-----w-	c:\program files\CCleaner
2012-12-22 12:41 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 12:41 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-11 22:34 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-11 22:33 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:34 . 2012-04-11 15:51	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:34 . 2011-08-21 20:00	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 16:53 . 2012-10-22 16:53	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-10-22 16:53 . 2011-09-27 17:34	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-16 07:39 . 2012-11-29 21:23	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2009-05-01 21:02 . 2012-12-03 18:48	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-12-03 18:48	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-12-03 18:48 . 2012-12-03 18:48	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"Facebook Update"="c:\users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-01 165144]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-01 962464]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-01 4365688]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Payback-WatchDog"="c:\program files\PaybackLSPService\Payback-WatchDog.exe" [2012-08-16 60544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-8-7 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;f:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
S0 tdrpman139;Acronis Try&Decide and Restore Points filter (build 139);c:\windows\system32\DRIVERS\tdrpm139.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 FreemiumSystemStoreService;Freemium System Store Service;c:\program files\Freemium\SystemStore\Freemium.SystemStore.exe  -displayname Freemium System Store Service -servicename:FreemiumSystemStoreService [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Payback-Reporting-Service;Payback-Reporting-Service;c:\program files\Digital Trends Club\Payback-Reporting.exe [x]
S2 Payback-Update-Service;Payback-Update-Service;c:\program files\Digital Trends Club\Payback-Updater.exe [x]
S2 PaybackLSPService;PaybackLSPService;c:\program files\PaybackLSPService\PaybackLSPService.exe [x]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:34]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-33569901-2919875-1445580196-1000Core.job
- c:\users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 13:05]
.
2013-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-33569901-2919875-1445580196-1000UA.job
- c:\users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 13:05]
.
2013-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 15:48]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 20:30]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 20:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
LSP: c:\windows\system32\PaybackLSPService.DLL
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2010-12-24 18:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\FreemiumSystemStoreService]
"ImagePath"="\"c:\program files\Freemium\SystemStore\Freemium.SystemStore.exe\"  -displayname \"Freemium System Store Service\" -servicename:FreemiumSystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-10  18:41:07
ComboFix-quarantined-files.txt  2013-01-10 17:41
.
Vor Suchlauf: 15 Verzeichnis(se), 130.081.607.680 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 129.650.458.624 Bytes frei
.
- - End Of File - - 7D7D158505935BB3E91FB348327A5D9F

--- --- ---

markusg · 10.01.2013, 18:48

Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

hesse1986 · 10.01.2013, 19:30

Danke !

CCleaner hat ich schon - ich hoffe, ich hab alles richtig gemacht...

7-Zip 4.65 24.12.2010 notwendig
Acronis*True*Image*Home Acronis 24.12.2010 119MB 12.0.9601 notwendig
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 24.12.2010 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 22.10.2012 118MB 9.5.2 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 07.10.2011 11.6.1.629 notwendig
Alcatech BPM Studio Professional v4.9.1 24.12.2010 notwendig
Angebote ALDI SÜD Bildschirmschoner 24.12.2010 notwendig
Apple Application Support Apple Inc. 17.09.2012 64,4MB 2.2.2 notwendig
Apple Mobile Device Support Apple Inc. 17.09.2012 23,1MB 6.0.0.59vnotwendig
Apple Software Update Apple Inc. 13.07.2011 2,38MB 2.1.3.127 notwendig
Avira Free Antivirus Avira 15.11.2012 104MB 12.1.9.1236 notwendig
Badaboom 1.1.1.194 Elemental Technologies 24.12.2010 1.1.1.194 unbekannt
Bonjour Apple Inc. 16.10.2011 1,02MB 3.0.0.10 notwendig
CCleaner Piriform 19.12.2012 3.26 notwendig
Cisco EAP-FAST Module Cisco Systems, Inc. 04.02.2011 1,15MB 2.2.14 unbekannt
Cisco LEAP Module Cisco Systems, Inc. 04.02.2011 492KB 1.0.19 unbekannt
Cisco PEAP Module Cisco Systems, Inc. 04.02.2011 924KB 1.1.6 unbekannt
Compatibility Pack für 2007 Office System Microsoft Corporation 08.01.2013 175MB 12.0.6612.1000 notwendig
Corel Home Office 5.0.56 Corel Corporation 24.12.2010 notwendig
CorelDRAW Essentials 4 Corel Corporation 24.12.2010 notwendig
CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 24.12.2010 2,93MB notwendig
CyberLink MediaShow CyberLink Corp. 10.06.2009 315MB 4.1.2325 notwendig
CyberLink PhotoNow CyberLink Corp. 10.06.2009 21,7MB 1.1.5615 notwendig
CyberLink PowerDirector CyberLink Corp. 10.06.2009 421MB 7.0.2625 notwendig
CyberLink PowerDVD 8 CyberLink Corp. 10.06.2009 99,0MB 8.0.2606a notwendig
CyberLink PowerProducer CyberLink Corp. 10.06.2009 310MB 5.0.1.1412 notwendig
CyberLink YouCam CyberLink Corp. 10.06.2009 73,5MB 2.0.2521 notwendig
Digital Trends Club Payback 06.04.2011 8,92MB 11.1.540 notwendig
DivX Codec DivX, Inc. 24.12.2010 6.8.5 notwendig
DivX Converter DivX, Inc. 24.12.2010 7.1.0 notwendig
DivX Player DivX, Inc. 24.12.2010 7.2.0 notwendig
DivX Plus DirectShow Filters DivX, Inc. 24.12.2010 notwendig
DivX Web Player DivX,Inc. 24.12.2010 1.5.0 notwendig
dm-Fotowelt 10.02.2011 notwendig
DSL-Manager 24.12.2010 notwendig
e-Wörterbücher 24.12.2010 unbekannt
ElsterFormular Landesfinanzdirektion Thüringen 18.03.2012 160MB 13.1.1.8479p notwendig
Facebook Video Calling 1.2.0.287 Skype Limited 25.10.2012 4,76MB 1.2.287 notwendig
Falk Navi-Manager Falk Marcopolo Interactive GmbH 16.10.2011 1.4.0.0 notwendig
Foxlink Webcam Sonix 10.06.2009 5.8.51000.202_WHQL notwendig
Google Earth Google 11.06.2009 25,2MB 4.3.7284.3916 notwendig
Google Earth Plug-in Google 17.11.2011 40,8MB 6.1.0.5001 notwendig
Google Toolbar for Internet Explorer Google Inc. 24.09.2012 7.4.3230.2052 unnötig
Google Updater Google Inc. 24.12.2010 2.4.1487.6512 unbekannt
Hotspot Shield 2.24 AnchorFree 30.01.2012 2.24 unbekannt
HTC Driver Installer HTC Corporation 28.07.2012 2,05MB 3.0.0.023 notwendig
HTC Sync Manager HTC 28.07.2012 256MB 1.0.39.1 notwendig
iCloud Apple Inc. 19.03.2012 24,2MB 1.1.0.40 notwendig
ICQ7.6 ICQ 13.10.2011 7.6 notwendig
Intel® Matrix Storage Manager Intel Corporation 24.12.2010 notwendig
iTunes Apple Inc. 17.09.2012 180MB 10.7.0.21 notwendig
Java(TM) 6 Update 37 Oracle 22.10.2012 95,7MB 6.0.370 notwendig
KeePass Password Safe 1.05 Dominik Reichl 24.12.2010 1.05 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 03.01.2013 18,4MB 1.70.0.1100 notwendig
McAfee Security Scan Plus McAfee, Inc. 07.10.2011 8,30MB 2.0.181.2 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.12.2010 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.12.2010 2,93MB 4.0.30319 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 notwendig
Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 508KB 2.0.4024.1 notwendig
Microsoft Office Professional Edition 2003 Microsoft Corporation 08.01.2013 1,44GB 11.0.8173.0 notwendig
Microsoft Silverlight Microsoft Corporation 09.05.2012 288MB 5.1.10411.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.06.2009 1,74MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.08.2009 251KB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2011 300KB 8.0.59193 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 27.08.2009 199KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 598KB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10.02.2011 598KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.08.2009 590KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 28.07.2012 224KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 600KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 31.10.2011 16,5MB 10.0.40219 notwendig
Microsoft Works Microsoft Corporation 11.10.2012 1,18GB 9.7.0621 notwendig
MobileMe Control Panel Apple Inc. 30.11.2011 12,2MB 3.1.8.0 notwendig
Mozilla Firefox 17.0.1 (x86 de) Mozilla 03.12.2012 48,7MB 17.0.1 notwendig
Mozilla Maintenance Service Mozilla 03.12.2012 329KB 17.0.1 notwendig
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 10.06.2009 34,0KB 4.20.9841.0 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.06.2009 1,27MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.11.2009 1,33MB 4.20.9876.0 notwendig
Nero 8 Essentials Nero AG 10.06.2009 1,89GB 8.3.124 notwendig
Nokia Connectivity Cable Driver Nokia 31.05.2012 3,35MB 7.1.78.0 notwendig
Nokia Ovi Player Nokia Ovi Player 17.05.2010 5,66MB 2.1.10304 notwendig
Nokia Suite Nokia 31.05.2012 3.4.49.0 notwendig
Nokia_Multimedia_Common_Components_2_5 Nokia 17.05.2010 33,5MB 2.6.86 notwendig
NVIDIA Drivers NVIDIA Corporation 24.12.2010 1.3 notwendig
PC Connectivity Solution Nokia 31.05.2012 14,8MB 12.0.17.0 notwendig
QuickTime Apple Inc. 30.11.2011 73,2MB 7.71.80.42 notwendig
Realtek 8136 8168 8169 Ethernet Driver Realtek 17.06.2009 1.00.0005 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.12.2010 notwendig
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 10.06.2009 6.0.6000.20111 notwendig
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 04.02.2011 1.00.0145 notwendig
Skype™ 6.0 Skype Technologies S.A. 03.12.2012 20,3MB 6.0.126 notwendig
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 06.10.2009 29,6MB 9.0.0 unbekannt
VoiceOver Kit Apple Inc. 30.11.2011 41,7MB 1.42.128.0 notwendig
vShare.tv plugin 1.3 vShare.tv, Inc. 18.09.2011 1.3 unbekannt
Winamp Nullsoft, Inc 24.12.2010 5.572 notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 23.03.2010 125KB 1.0.0.1 notwendig
Windows Live Essentials Microsoft Corporation 24.06.2012 15.4.3555.0308 notwendig
Windows Live Sync Microsoft Corporation 21.02.2011 2,79MB 14.0.8117.416 notwendig
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 31.05.2012 08/22/2008 7.0.0.0 notwendig

markusg · 11.01.2013, 18:55

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Badaboom
Google Toolbar
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
McAfee : kann weg
Spelling
vShare

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

hesse1986 · 12.01.2013, 10:58

Moin,

habe alles wie beschrieben bisher gemacht: hier die Logfile

# AdwCleaner v2.105 - Datei am 12/01/2013 um 10:55:57 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Christopher - ICH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christopher\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\Startsear.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\Conduit
Ordner Gefunden : C:\Users\Christopher\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Christopher\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-33569901-2919875-1445580196-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKU\S-1-5-21-33569901-2919875-1445580196-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\prefs.js

Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "11-2-2011");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CT2269050.FirstServerDate", "29-6-2010");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Tue Jun 29 2010 20:13:03 GMT+0200");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Feb 10 2011 22:57:50 GMT+0100");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.0.14", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CT2269050.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Thu Feb 10 2011 22:57:48 GMT+0100");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1292533007");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1277823092");
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gefunden : user_pref("CT2269050.UserID", "UN43217619852354894");
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Thu Feb 10 2011 22:57:50 GMT+0100");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{2c3a9025-9432-4ab3-b624-d0cc1b6837d2}");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gefunden : user_pref("browser.search.defaultengine", "Web Search");
Gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Gefunden : user_pref("browser.search.order.1", "Web Search");

*************************

AdwCleaner[R1].txt - [10697 octets] - [12/01/2013 10:55:57]

########## EOF - C:\AdwCleaner[R1].txt - [10758 octets] ##########

markusg · 14.01.2013, 16:27

Hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe
alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein
Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den
Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten bitte, testen, wie PC + Programme wie Browser laufen.

hesse1986 · 14.01.2013, 19:39

Hallo,

hier die log datei:

So wie es aussieht, laufen alle Programme. Das einzige was mir komisch vorkommt ist, dass die Ladeakku Anzeige sich nicht mehr "bewegt" - also nicht stetig steigt beim laden via Netzteil...

Gruß

# AdwCleaner v2.105 - Datei am 14/01/2013 um 19:27:04 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Christopher - ICH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christopher\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\searchplugins\Startsear.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\Conduit
Ordner Gelöscht : C:\Users\Christopher\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Christopher\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pcnr4deh.default\prefs.js

Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "11-2-2011");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "29-6-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Tue Jun 29 2010 20:13:03 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Feb 10 2011 22:57:50 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Thu Feb 10 2011 22:57:48 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1292533007");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1277823092");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2269050.UserID", "UN43217619852354894");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Thu Feb 10 2011 22:57:50 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{2c3a9025-9432-4ab3-b624-d0cc1b6837d2}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Feb 10 2011 22:57:47 GMT+0100");
Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.order.1", "Web Search");

*************************

AdwCleaner[R1].txt - [10828 octets] - [12/01/2013 10:55:57]
AdwCleaner[S1].txt - [10482 octets] - [14/01/2013 19:27:04]

########## EOF - C:\AdwCleaner[S1].txt - [10543 octets] ##########