Mehrere PUP.Blabbers Funde

Fonix · 13.01.2013, 22:29

Hallo,

Ich habe heute von Avira Free Antivirus auf Malwarebytes Anti-Malware gewechselt, weil ich dies für die Lösung eines anderen Problemes brauchte. Ein weiterer Grund war, dass mir Avira Free Antivirus keine schädlichen Dateien im Scan anzeigte.
Ich führte wie einfach mal einen vollständigen Scan mit Malwarebytes Anit-Malware durch, und erhielt als Info, dass ich mehr als 100Infizierte Dateien in C:\Program Files (x86)\\BrowserCompanion und in C:\\Users\Besitzer\AppData\LocalLow habe. Da ich in einem anderen Forum gelesen habe, dass ich die Daten aus C:\\Users\Besitzer\AppData nicht einfach so löschen sollte, wollte ich hier einfach mal um Hilfe beten, und euch fragen, was ich nun machen soll.

Habe mal den kompletten Malwarebytes Anti-Malware log vom Scan eingefügt, damit ihr mal einen Überblick habt.

Ich bin über jegliche Hilfe glücklich

cosinus · 13.01.2013, 22:42

Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Fonix · 14.01.2013, 14:07

Hallo,

Entschuldigung, habe nicht gelesen, dass ich das so machen soll.
Hier mein Anhang:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Besitzer :: FLO [Administrator]

13.01.2013 18:38:03
MBAM-log-2013-01-13 (20-33-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 396953
Laufzeit: 1 Stunde(n), 33 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 121
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)

Nochmal zu meiner Frage. Welche der Infizierten Dateien kann ich einfach so löschen, und welche nicht?

cosinus · 14.01.2013, 14:09

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Fonix · 14.01.2013, 14:14

Ja,
Ich habe noch einen Quickscan von Malwarebytes Anti-Malware.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Besitzer :: FLO [Administrator]

13.01.2013 18:03:07
mbam-log-2013-01-13 (18-03-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229267
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 25
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 5
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 125
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Windows\Installer\AMDEx3.msi (Malware.Generic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\atixxx.tmp (Trojan.GamesThief) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\Plug\Dd.tmp (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\AppData\Roaming\dclogs\2012-11-16-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 14.01.2013, 14:14

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Fonix · 14.01.2013, 14:51

So, hier ist die Logfile. Ich habe dannach noch einen weiteren Scan durchgeführt, jedoch wurde keine weitere Malware gefunden.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Besitzer :: FLO [administrator]

14.01.2013 14:37:21
mbar-log-2013-01-14 (14-37-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30395
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 38
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 6
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
c:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.

Files Detected: 121
c:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Besitzer\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Delete on reboot.

(end)

cosinus · 14.01.2013, 15:33

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Fonix · 14.01.2013, 15:58

Hier der aswMBR Log

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 15:40:25
-----------------------------
15:40:25.208    OS Version: Windows x64 6.1.7601 Service Pack 1
15:40:25.208    Number of processors: 2 586 0x4B02
15:40:25.209    ComputerName: FLO  UserName: 
15:40:28.326    Initialize success
15:42:50.023    AVAST engine defs: 13011400
15:44:32.583    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:44:32.586    Disk 0 Vendor: Maxtor_6E030L0 NAR61590 Size: 29324MB BusType: 3
15:44:32.589    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000005d
15:44:32.591    Disk 1 Vendor: SAMSUNG_ VM10 Size: 190782MB BusType: 3
15:44:32.599    Disk 1 MBR read successfully
15:44:32.603    Disk 1 MBR scan
15:44:32.608    Disk 1 Windows 7 default MBR code
15:44:32.615    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:44:32.629    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       190680 MB offset 206848
15:44:32.653    Disk 1 scanning C:\Windows\system32\drivers
15:44:41.172    Service scanning
15:45:09.310    Modules scanning
15:45:09.319    Disk 1 trace - called modules:
15:45:09.681    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003cc22c0]<<sptd.sys storport.sys hal.dll nvstor.sys 
15:45:09.687    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8003ee5060]
15:45:09.696    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003cc0b90]
15:45:09.703    5 ACPI.sys[fffff88000f757a1] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8003dbd060]
15:45:09.712    \Driver\nvstor[0xfffffa8003353e70] -> IRP_MJ_CREATE -> 0xfffffa8003cc22c0
15:45:11.939    AVAST engine scan C:\Windows
15:45:14.403    AVAST engine scan C:\Windows\system32
15:48:52.002    AVAST engine scan C:\Windows\system32\drivers
15:49:03.335    AVAST engine scan C:\Users\Besitzer
15:53:15.923    AVAST engine scan C:\ProgramData
15:54:40.668    Scan finished successfully
15:56:48.187    Disk 1 MBR has been saved successfully to "C:\Users\Besitzer\Desktop\MBR.dat"
15:56:48.208    The log file has been saved successfully to "C:\Users\Besitzer\Desktop\aswMBR Log14.01.2013.txt"

Und hier das Log von TDSS-Killer.

Code:

ATTFilter

16:02:16.0311 4196  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:02:16.0590 4196  ============================================================
16:02:16.0590 4196  Current date / time: 2013/01/14 16:02:16.0590
16:02:16.0590 4196  SystemInfo:
16:02:16.0590 4196  
16:02:16.0590 4196  OS Version: 6.1.7601 ServicePack: 1.0
16:02:16.0590 4196  Product type: Workstation
16:02:16.0590 4196  ComputerName: FLO
16:02:16.0591 4196  UserName: Besitzer
16:02:16.0591 4196  Windows directory: C:\Windows
16:02:16.0591 4196  System windows directory: C:\Windows
16:02:16.0591 4196  Running under WOW64
16:02:16.0591 4196  Processor architecture: Intel x64
16:02:16.0591 4196  Number of processors: 2
16:02:16.0591 4196  Page size: 0x1000
16:02:16.0591 4196  Boot type: Normal boot
16:02:16.0591 4196  ============================================================
16:02:17.0537 4196  Drive \Device\Harddisk0\DR0 - Size: 0x728C7BE00 (28.64 Gb), SectorSize: 0x200, Cylinders: 0xE9A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:02:17.0544 4196  Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x1669C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:02:17.0547 4196  ============================================================
16:02:17.0547 4196  \Device\Harddisk0\DR0:
16:02:17.0547 4196  MBR partitions:
16:02:17.0547 4196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3945000
16:02:17.0547 4196  \Device\Harddisk1\DR1:
16:02:17.0548 4196  MBR partitions:
16:02:17.0548 4196  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:02:17.0548 4196  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000
16:02:17.0548 4196  ============================================================
16:02:17.0585 4196  C: <-> \Device\Harddisk1\DR1\Partition2
16:02:17.0618 4196  D: <-> \Device\Harddisk0\DR0\Partition1
16:02:17.0619 4196  ============================================================
16:02:17.0619 4196  Initialize success
16:02:17.0619 4196  ============================================================
16:02:57.0536 2516  ============================================================
16:02:57.0536 2516  Scan started
16:02:57.0536 2516  Mode: Manual; SigCheck; TDLFS; 
16:02:57.0536 2516  ============================================================
16:02:58.0200 2516  ================ Scan system memory ========================
16:02:58.0200 2516  System memory - ok
16:02:58.0201 2516  ================ Scan services =============================
16:02:58.0354 2516  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:02:58.0430 2516  1394ohci - ok
16:02:58.0520 2516  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
16:02:58.0548 2516  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
16:02:58.0574 2516  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:02:58.0592 2516  ACPI - ok
16:02:58.0613 2516  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:02:58.0680 2516  AcpiPmi - ok
16:02:58.0820 2516  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:02:58.0835 2516  AdobeFlashPlayerUpdateSvc - ok
16:02:58.0872 2516  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:02:58.0893 2516  adp94xx - ok
16:02:58.0931 2516  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:02:58.0949 2516  adpahci - ok
16:02:58.0958 2516  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:02:58.0973 2516  adpu320 - ok
16:02:59.0004 2516  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:02:59.0137 2516  AeLookupSvc - ok
16:02:59.0185 2516  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:02:59.0250 2516  AFD - ok
16:02:59.0294 2516  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:02:59.0307 2516  agp440 - ok
16:02:59.0509 2516  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
16:02:59.0509 2516  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
16:02:59.0523 2516  Akamai ( HiddenFile.Multi.Generic ) - warning
16:02:59.0523 2516  Akamai - detected HiddenFile.Multi.Generic (1)
16:02:59.0571 2516  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:02:59.0621 2516  ALG - ok
16:02:59.0652 2516  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:02:59.0664 2516  aliide - ok
16:02:59.0670 2516  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:02:59.0683 2516  amdide - ok
16:02:59.0713 2516  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:02:59.0743 2516  AmdK8 - ok
16:02:59.0755 2516  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:02:59.0784 2516  AmdPPM - ok
16:02:59.0816 2516  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:02:59.0830 2516  amdsata - ok
16:02:59.0849 2516  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:02:59.0865 2516  amdsbs - ok
16:02:59.0895 2516  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:02:59.0907 2516  amdxata - ok
16:02:59.0972 2516  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
16:03:00.0019 2516  AppHostSvc - ok
16:03:00.0034 2516  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:03:00.0160 2516  AppID - ok
16:03:00.0179 2516  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:03:00.0228 2516  AppIDSvc - ok
16:03:00.0258 2516  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:03:00.0325 2516  Appinfo - ok
16:03:00.0402 2516  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:03:00.0415 2516  Apple Mobile Device - ok
16:03:00.0468 2516  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:03:00.0483 2516  arc - ok
16:03:00.0493 2516  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:03:00.0508 2516  arcsas - ok
16:03:00.0618 2516  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:03:00.0630 2516  aspnet_state - ok
16:03:00.0660 2516  AsrCDDrv - ok
16:03:00.0679 2516  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:03:00.0736 2516  AsyncMac - ok
16:03:00.0756 2516  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:03:00.0769 2516  atapi - ok
16:03:00.0833 2516  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
16:03:00.0856 2516  atksgt - ok
16:03:00.0900 2516  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:03:00.0972 2516  AudioEndpointBuilder - ok
16:03:00.0986 2516  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:03:01.0033 2516  AudioSrv - ok
16:03:01.0078 2516  [ 8DFA2EC772F97ED02B384DB88641B367 ] AVM IGD CTRL Service C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
16:03:01.0095 2516  AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning
16:03:01.0095 2516  AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1)
16:03:01.0156 2516  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
16:03:01.0195 2516  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
16:03:01.0195 2516  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
16:03:01.0217 2516  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
16:03:01.0228 2516  avmeject - ok
16:03:01.0263 2516  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:03:01.0366 2516  AxInstSV - ok
16:03:01.0415 2516  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:03:01.0458 2516  b06bdrv - ok
16:03:01.0492 2516  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:03:01.0518 2516  b57nd60a - ok
16:03:01.0535 2516  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:03:01.0579 2516  BDESVC - ok
16:03:01.0592 2516  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:03:01.0640 2516  Beep - ok
16:03:01.0683 2516  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:03:01.0749 2516  BFE - ok
16:03:01.0803 2516  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:03:01.0868 2516  BITS - ok
16:03:01.0895 2516  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:03:01.0917 2516  blbdrive - ok
16:03:02.0026 2516  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:03:02.0046 2516  Bonjour Service - ok
16:03:02.0084 2516  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:03:02.0124 2516  bowser - ok
16:03:02.0141 2516  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:03:02.0166 2516  BrFiltLo - ok
16:03:02.0172 2516  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:03:02.0188 2516  BrFiltUp - ok
16:03:02.0223 2516  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:03:02.0250 2516  Browser - ok
16:03:02.0273 2516  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:03:02.0325 2516  Brserid - ok
16:03:02.0332 2516  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:03:02.0360 2516  BrSerWdm - ok
16:03:02.0367 2516  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:03:02.0387 2516  BrUsbMdm - ok
16:03:02.0394 2516  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:03:02.0414 2516  BrUsbSer - ok
16:03:02.0422 2516  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:03:02.0450 2516  BTHMODEM - ok
16:03:02.0485 2516  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:03:02.0527 2516  bthserv - ok
16:03:02.0541 2516  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:03:02.0588 2516  cdfs - ok
16:03:02.0626 2516  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:03:02.0665 2516  cdrom - ok
16:03:02.0697 2516  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:03:02.0759 2516  CertPropSvc - ok
16:03:02.0783 2516  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:03:02.0806 2516  circlass - ok
16:03:02.0830 2516  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:03:02.0851 2516  CLFS - ok
16:03:02.0908 2516  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:02.0920 2516  clr_optimization_v2.0.50727_32 - ok
16:03:02.0960 2516  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:03:02.0975 2516  clr_optimization_v2.0.50727_64 - ok
16:03:03.0036 2516  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:03.0048 2516  clr_optimization_v4.0.30319_32 - ok
16:03:03.0069 2516  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:03:03.0093 2516  clr_optimization_v4.0.30319_64 - ok
16:03:03.0125 2516  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:03:03.0143 2516  CmBatt - ok
16:03:03.0159 2516  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:03:03.0171 2516  cmdide - ok
16:03:03.0206 2516  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:03:03.0232 2516  CNG - ok
16:03:03.0250 2516  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:03:03.0262 2516  Compbatt - ok
16:03:03.0287 2516  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:03:03.0315 2516  CompositeBus - ok
16:03:03.0331 2516  COMSysApp - ok
16:03:03.0338 2516  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:03:03.0351 2516  crcdisk - ok
16:03:03.0397 2516  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:03:03.0442 2516  CryptSvc - ok
16:03:03.0487 2516  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:03:03.0546 2516  DcomLaunch - ok
16:03:03.0583 2516  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:03:03.0628 2516  defragsvc - ok
16:03:03.0680 2516  [ 1523251B9D8A5D84DE0CD23418847824 ] de_serv         C:\Program Files (x86)\Common Files\AVM\de_serv.exe
16:03:03.0706 2516  de_serv ( UnsignedFile.Multi.Generic ) - warning
16:03:03.0706 2516  de_serv - detected UnsignedFile.Multi.Generic (1)
16:03:03.0730 2516  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:03:03.0775 2516  DfsC - ok
16:03:03.0811 2516  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:03:03.0880 2516  Dhcp - ok
16:03:03.0893 2516  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:03:03.0945 2516  discache - ok
16:03:03.0973 2516  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:03:03.0986 2516  Disk - ok
16:03:04.0015 2516  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:03:04.0063 2516  Dnscache - ok
16:03:04.0089 2516  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:03:04.0138 2516  dot3svc - ok
16:03:04.0156 2516  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:03:04.0207 2516  DPS - ok
16:03:04.0242 2516  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:03:04.0266 2516  drmkaud - ok
16:03:04.0301 2516  dump_wmimmc - ok
16:03:04.0348 2516  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:03:04.0382 2516  DXGKrnl - ok
16:03:04.0424 2516  EagleX64 - ok
16:03:04.0443 2516  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:03:04.0494 2516  EapHost - ok
16:03:04.0579 2516  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:03:04.0639 2516  ebdrv - ok
16:03:04.0666 2516  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:03:04.0715 2516  EFS - ok
16:03:04.0777 2516  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:03:04.0840 2516  ehRecvr - ok
16:03:04.0861 2516  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:03:04.0890 2516  ehSched - ok
16:03:04.0931 2516  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:03:04.0953 2516  elxstor - ok
16:03:04.0959 2516  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:03:04.0976 2516  ErrDev - ok
16:03:05.0025 2516  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:03:05.0085 2516  EventSystem - ok
16:03:05.0105 2516  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:03:05.0148 2516  exfat - ok
16:03:05.0161 2516  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:03:05.0209 2516  fastfat - ok
16:03:05.0269 2516  FastUserSwitchingCompatibility - ok
16:03:05.0316 2516  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:03:05.0375 2516  Fax - ok
16:03:05.0382 2516  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:03:05.0405 2516  fdc - ok
16:03:05.0435 2516  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:03:05.0488 2516  fdPHost - ok
16:03:05.0505 2516  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:03:05.0559 2516  FDResPub - ok
16:03:05.0588 2516  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:03:05.0602 2516  FileInfo - ok
16:03:05.0617 2516  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:03:05.0671 2516  Filetrace - ok
16:03:05.0678 2516  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:03:05.0691 2516  flpydisk - ok
16:03:05.0719 2516  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:03:05.0737 2516  FltMgr - ok
16:03:05.0785 2516  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:03:05.0849 2516  FontCache - ok
16:03:05.0890 2516  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:03:05.0901 2516  FontCache3.0.0.0 - ok
16:03:05.0918 2516  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:03:05.0931 2516  FsDepends - ok
16:03:05.0956 2516  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:03:05.0967 2516  Fs_Rec - ok
16:03:06.0042 2516  [ B02A5B784B9F5E3F230C7463562B3D6B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
16:03:06.0056 2516  Futuremark SystemInfo Service - ok
16:03:06.0103 2516  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:03:06.0122 2516  fvevol - ok
16:03:06.0162 2516  [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
16:03:06.0208 2516  FWLANUSB - ok
16:03:06.0229 2516  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:03:06.0244 2516  gagp30kx - ok
16:03:06.0289 2516  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:03:06.0341 2516  gpsvc - ok
16:03:06.0409 2516  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:06.0421 2516  gupdate - ok
16:03:06.0442 2516  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:06.0454 2516  gupdatem - ok
16:03:06.0481 2516  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
16:03:06.0492 2516  hamachi - ok
16:03:06.0605 2516  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:03:06.0670 2516  Hamachi2Svc - ok
16:03:06.0703 2516  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:03:06.0734 2516  hcw85cir - ok
16:03:06.0782 2516  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:03:06.0807 2516  HdAudAddService - ok
16:03:06.0831 2516  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:03:06.0856 2516  HDAudBus - ok
16:03:06.0873 2516  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:03:06.0891 2516  HidBatt - ok
16:03:06.0898 2516  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:03:06.0925 2516  HidBth - ok
16:03:06.0938 2516  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:03:06.0956 2516  HidIr - ok
16:03:06.0983 2516  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:03:07.0032 2516  hidserv - ok
16:03:07.0065 2516  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:03:07.0078 2516  HidUsb - ok
16:03:07.0106 2516  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:03:07.0152 2516  hkmsvc - ok
16:03:07.0172 2516  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:03:07.0205 2516  HomeGroupListener - ok
16:03:07.0239 2516  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:03:07.0270 2516  HomeGroupProvider - ok
16:03:07.0284 2516  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:03:07.0297 2516  HpSAMD - ok
16:03:07.0331 2516  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:03:07.0389 2516  HTTP - ok
16:03:07.0407 2516  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:03:07.0419 2516  hwpolicy - ok
16:03:07.0437 2516  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:03:07.0452 2516  i8042prt - ok
16:03:07.0493 2516  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:03:07.0512 2516  iaStorV - ok
16:03:07.0574 2516  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:03:07.0604 2516  idsvc - ok
16:03:07.0621 2516  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:03:07.0633 2516  iirsp - ok
16:03:07.0677 2516  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:03:07.0739 2516  IKEEXT - ok
16:03:07.0753 2516  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:03:07.0765 2516  intelide - ok
16:03:07.0783 2516  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:03:07.0807 2516  intelppm - ok
16:03:07.0821 2516  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:03:07.0868 2516  IPBusEnum - ok
16:03:07.0875 2516  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:03:07.0915 2516  IpFilterDriver - ok
16:03:07.0946 2516  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:03:08.0007 2516  iphlpsvc - ok
16:03:08.0027 2516  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:03:08.0046 2516  IPMIDRV - ok
16:03:08.0054 2516  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:03:08.0104 2516  IPNAT - ok
16:03:08.0133 2516  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:03:08.0160 2516  IRENUM - ok
16:03:08.0171 2516  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:03:08.0184 2516  isapnp - ok
16:03:08.0217 2516  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:03:08.0234 2516  iScsiPrt - ok
16:03:08.0316 2516  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:03:08.0330 2516  kbdclass - ok
16:03:08.0343 2516  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:03:08.0366 2516  kbdhid - ok
16:03:08.0382 2516  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:03:08.0396 2516  KeyIso - ok
16:03:08.0437 2516  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:03:08.0451 2516  KSecDD - ok
16:03:08.0471 2516  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:03:08.0486 2516  KSecPkg - ok
16:03:08.0500 2516  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:03:08.0552 2516  ksthunk - ok
16:03:08.0582 2516  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:03:08.0640 2516  KtmRm - ok
16:03:08.0695 2516  [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2       C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
16:03:08.0705 2516  LADF_DHP2 - ok
16:03:08.0730 2516  [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM       C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
16:03:08.0747 2516  LADF_SBVM - ok
16:03:08.0790 2516  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:03:08.0843 2516  LanmanServer - ok
16:03:08.0873 2516  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:03:08.0934 2516  LanmanWorkstation - ok
16:03:08.0973 2516  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
16:03:08.0985 2516  lirsgt - ok
16:03:09.0010 2516  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:03:09.0060 2516  lltdio - ok
16:03:09.0078 2516  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:03:09.0129 2516  lltdsvc - ok
16:03:09.0153 2516  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:03:09.0203 2516  lmhosts - ok
16:03:09.0242 2516  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:03:09.0255 2516  LSI_FC - ok
16:03:09.0263 2516  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:03:09.0277 2516  LSI_SAS - ok
16:03:09.0288 2516  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:03:09.0301 2516  LSI_SAS2 - ok
16:03:09.0309 2516  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:03:09.0323 2516  LSI_SCSI - ok
16:03:09.0356 2516  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:03:09.0406 2516  luafv - ok
16:03:09.0479 2516  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:03:09.0489 2516  MBAMProtector - ok
16:03:09.0591 2516  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:03:09.0611 2516  MBAMScheduler - ok
16:03:09.0661 2516  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:03:09.0686 2516  MBAMService - ok
16:03:09.0720 2516  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:03:09.0748 2516  Mcx2Svc - ok
16:03:09.0770 2516  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:03:09.0782 2516  megasas - ok
16:03:09.0830 2516  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:03:09.0847 2516  MegaSR - ok
16:03:09.0880 2516  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:03:09.0940 2516  MMCSS - ok
16:03:09.0947 2516  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:03:10.0000 2516  Modem - ok
16:03:10.0029 2516  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:03:10.0055 2516  monitor - ok
16:03:10.0111 2516  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
16:03:10.0123 2516  MotioninJoyXFilter - ok
16:03:10.0147 2516  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:03:10.0160 2516  mouclass - ok
16:03:10.0188 2516  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:03:10.0203 2516  mouhid - ok
16:03:10.0214 2516  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:03:10.0228 2516  mountmgr - ok
16:03:10.0279 2516  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:03:10.0292 2516  MozillaMaintenance - ok
16:03:10.0316 2516  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:03:10.0331 2516  mpio - ok
16:03:10.0347 2516  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:03:10.0387 2516  mpsdrv - ok
16:03:10.0428 2516  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:03:10.0481 2516  MpsSvc - ok
16:03:10.0490 2516  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:03:10.0524 2516  MRxDAV - ok
16:03:10.0558 2516  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:03:10.0587 2516  mrxsmb - ok
16:03:10.0613 2516  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:03:10.0628 2516  mrxsmb10 - ok
16:03:10.0648 2516  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:03:10.0662 2516  mrxsmb20 - ok
16:03:10.0680 2516  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:03:10.0693 2516  msahci - ok
16:03:10.0703 2516  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:03:10.0717 2516  msdsm - ok
16:03:10.0732 2516  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:03:10.0762 2516  MSDTC - ok
16:03:10.0791 2516  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:03:10.0850 2516  Msfs - ok
16:03:10.0869 2516  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:03:10.0913 2516  mshidkmdf - ok
16:03:10.0932 2516  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:03:10.0944 2516  msisadrv - ok
16:03:10.0979 2516  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:03:11.0029 2516  MSiSCSI - ok
16:03:11.0036 2516  msiserver - ok
16:03:11.0061 2516  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:03:11.0117 2516  MSKSSRV - ok
16:03:11.0124 2516  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:03:11.0177 2516  MSPCLOCK - ok
16:03:11.0188 2516  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:03:11.0240 2516  MSPQM - ok
16:03:11.0266 2516  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:03:11.0290 2516  MsRPC - ok
16:03:11.0310 2516  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:03:11.0323 2516  mssmbios - ok
16:03:11.0339 2516  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:03:11.0396 2516  MSTEE - ok
16:03:11.0404 2516  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:03:11.0419 2516  MTConfig - ok
16:03:11.0442 2516  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:03:11.0455 2516  Mup - ok
16:03:11.0496 2516  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:03:11.0554 2516  napagent - ok
16:03:11.0598 2516  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:03:11.0636 2516  NativeWifiP - ok
16:03:11.0682 2516  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:03:11.0709 2516  NDIS - ok
16:03:11.0730 2516  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:03:11.0780 2516  NdisCap - ok
16:03:11.0801 2516  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:03:11.0840 2516  NdisTapi - ok
16:03:11.0857 2516  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:03:11.0907 2516  Ndisuio - ok
16:03:11.0926 2516  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:03:11.0980 2516  NdisWan - ok
16:03:11.0997 2516  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:03:12.0041 2516  NDProxy - ok
16:03:12.0068 2516  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:03:12.0119 2516  NetBIOS - ok
16:03:12.0146 2516  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:03:12.0186 2516  NetBT - ok
16:03:12.0198 2516  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:03:12.0211 2516  Netlogon - ok
16:03:12.0253 2516  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:03:12.0301 2516  Netman - ok
16:03:12.0342 2516  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:12.0358 2516  NetMsmqActivator - ok
16:03:12.0365 2516  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:12.0378 2516  NetPipeActivator - ok
16:03:12.0403 2516  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:03:12.0462 2516  netprofm - ok
16:03:12.0471 2516  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:12.0484 2516  NetTcpActivator - ok
16:03:12.0491 2516  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:12.0503 2516  NetTcpPortSharing - ok
16:03:12.0526 2516  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:03:12.0539 2516  nfrd960 - ok
16:03:12.0564 2516  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:03:12.0621 2516  NlaSvc - ok
16:03:12.0640 2516  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:03:12.0681 2516  Npfs - ok
16:03:12.0704 2516  npggsvc - ok
16:03:12.0713 2516  NPPTNT2 - ok
16:03:12.0742 2516  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:03:12.0793 2516  nsi - ok
16:03:12.0809 2516  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:03:12.0866 2516  nsiproxy - ok
16:03:12.0933 2516  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:03:12.0982 2516  Ntfs - ok
16:03:13.0000 2516  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:03:13.0052 2516  Null - ok
16:03:13.0106 2516  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
16:03:13.0128 2516  NVENETFD - ok
16:03:13.0196 2516  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:03:13.0211 2516  NVHDA - ok
16:03:13.0623 2516  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:03:14.0164 2516  nvlddmkm - ok
16:03:14.0268 2516  [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
16:03:14.0352 2516  NVNET - ok
16:03:14.0383 2516  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:03:14.0398 2516  nvraid - ok
16:03:14.0416 2516  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:03:14.0432 2516  nvstor - ok
16:03:14.0493 2516  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:03:14.0526 2516  nvsvc - ok
16:03:14.0621 2516  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:03:14.0662 2516  nvUpdatusService - ok
16:03:14.0703 2516  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:03:14.0717 2516  nv_agp - ok
16:03:14.0735 2516  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:03:14.0756 2516  ohci1394 - ok
16:03:14.0812 2516  [ B786ACFD9BAC6C609FA03BA2597437A5 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe
16:03:14.0824 2516  OverwolfUpdaterService - ok
16:03:14.0857 2516  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:03:14.0906 2516  p2pimsvc - ok
16:03:14.0938 2516  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:03:14.0966 2516  p2psvc - ok
16:03:14.0991 2516  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:03:15.0016 2516  Parport - ok
16:03:15.0048 2516  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:03:15.0064 2516  partmgr - ok
16:03:15.0083 2516  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:03:15.0117 2516  PcaSvc - ok
16:03:15.0137 2516  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:03:15.0156 2516  pci - ok
16:03:15.0172 2516  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:03:15.0185 2516  pciide - ok
16:03:15.0210 2516  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:03:15.0231 2516  pcmcia - ok
16:03:15.0251 2516  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:03:15.0291 2516  pcw - ok
16:03:15.0323 2516  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:03:15.0392 2516  PEAUTH - ok
16:03:15.0475 2516  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:03:15.0490 2516  PerfHost - ok
16:03:15.0567 2516  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:03:15.0652 2516  pla - ok
16:03:15.0708 2516  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:03:15.0766 2516  PlugPlay - ok
16:03:15.0799 2516  PnkBstrA - ok
16:03:15.0816 2516  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:03:15.0840 2516  PNRPAutoReg - ok
16:03:15.0876 2516  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:03:15.0904 2516  PNRPsvc - ok
16:03:15.0941 2516  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:03:16.0054 2516  PolicyAgent - ok
16:03:16.0098 2516  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:03:16.0167 2516  Power - ok
16:03:16.0200 2516  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:03:16.0258 2516  PptpMiniport - ok
16:03:16.0276 2516  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:03:16.0304 2516  Processor - ok
16:03:16.0353 2516  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:03:16.0408 2516  ProfSvc - ok
16:03:16.0427 2516  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:03:16.0445 2516  ProtectedStorage - ok
16:03:16.0483 2516  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:03:16.0541 2516  Psched - ok
16:03:16.0715 2516  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:03:16.0762 2516  ql2300 - ok
16:03:16.0809 2516  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:03:16.0826 2516  ql40xx - ok
16:03:16.0860 2516  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:03:16.0886 2516  QWAVE - ok
16:03:16.0907 2516  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:03:16.0937 2516  QWAVEdrv - ok
16:03:16.0943 2516  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:03:16.0991 2516  RasAcd - ok
16:03:17.0027 2516  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:03:17.0067 2516  RasAgileVpn - ok
16:03:17.0085 2516  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:03:17.0135 2516  RasAuto - ok
16:03:17.0154 2516  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:17.0203 2516  Rasl2tp - ok
16:03:17.0222 2516  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:03:17.0282 2516  RasMan - ok
16:03:17.0300 2516  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:17.0353 2516  RasPppoe - ok
16:03:17.0382 2516  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:03:17.0438 2516  RasSstp - ok
16:03:17.0464 2516  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:03:17.0519 2516  rdbss - ok
16:03:17.0530 2516  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:03:17.0553 2516  rdpbus - ok
16:03:17.0566 2516  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:17.0605 2516  RDPCDD - ok
16:03:17.0630 2516  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:03:17.0684 2516  RDPENCDD - ok
16:03:17.0701 2516  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:03:17.0740 2516  RDPREFMP - ok
16:03:17.0775 2516  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:03:17.0803 2516  RDPWD - ok
16:03:17.0817 2516  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:03:17.0833 2516  rdyboost - ok
16:03:17.0862 2516  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:03:17.0905 2516  RemoteAccess - ok
16:03:17.0941 2516  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:03:17.0995 2516  RemoteRegistry - ok
16:03:18.0020 2516  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:03:18.0076 2516  RpcEptMapper - ok
16:03:18.0140 2516  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:03:18.0166 2516  RpcLocator - ok
16:03:18.0192 2516  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:03:18.0239 2516  RpcSs - ok
16:03:18.0269 2516  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:03:18.0309 2516  rspndr - ok
16:03:18.0327 2516  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:03:18.0342 2516  SamSs - ok
16:03:18.0378 2516  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:03:18.0392 2516  sbp2port - ok
16:03:18.0417 2516  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:03:18.0461 2516  SCardSvr - ok
16:03:18.0480 2516  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:03:18.0529 2516  scfilter - ok
16:03:18.0569 2516  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:03:18.0637 2516  Schedule - ok
16:03:18.0663 2516  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:03:18.0702 2516  SCPolicySvc - ok
16:03:18.0719 2516  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:03:18.0769 2516  SDRSVC - ok
16:03:18.0794 2516  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:03:18.0844 2516  secdrv - ok
16:03:18.0862 2516  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:03:18.0901 2516  seclogon - ok
16:03:18.0919 2516  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:03:18.0963 2516  SENS - ok
16:03:18.0981 2516  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:03:19.0033 2516  SensrSvc - ok
16:03:19.0054 2516  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:03:19.0078 2516  Serenum - ok
16:03:19.0099 2516  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:03:19.0122 2516  Serial - ok
16:03:19.0136 2516  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:03:19.0155 2516  sermouse - ok
16:03:19.0181 2516  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:03:19.0229 2516  SessionEnv - ok
16:03:19.0254 2516  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:03:19.0270 2516  sffdisk - ok
16:03:19.0283 2516  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:03:19.0305 2516  sffp_mmc - ok
16:03:19.0311 2516  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:03:19.0333 2516  sffp_sd - ok
16:03:19.0339 2516  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:03:19.0363 2516  sfloppy - ok
16:03:19.0453 2516  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:03:19.0547 2516  SharedAccess - ok
16:03:19.0573 2516  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:03:19.0620 2516  ShellHWDetection - ok
16:03:19.0626 2516  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:03:19.0639 2516  SiSRaid2 - ok
16:03:19.0666 2516  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:03:19.0679 2516  SiSRaid4 - ok
16:03:19.0852 2516  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:03:19.0948 2516  Skype C2C Service - ok
16:03:20.0028 2516  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:03:20.0041 2516  SkypeUpdate - ok
16:03:20.0066 2516  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:03:20.0118 2516  Smb - ok
16:03:20.0160 2516  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:03:20.0186 2516  SNMPTRAP - ok
16:03:20.0211 2516  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:03:20.0224 2516  spldr - ok
16:03:20.0264 2516  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:03:20.0305 2516  Spooler - ok
16:03:20.0407 2516  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:03:20.0517 2516  sppsvc - ok
16:03:20.0534 2516  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:03:20.0575 2516  sppuinotify - ok
16:03:20.0655 2516  [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd            C:\Windows\System32\Drivers\sptd.sys
16:03:20.0655 2516  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2
16:03:20.0664 2516  sptd ( LockedFile.Multi.Generic ) - warning
16:03:20.0664 2516  sptd - detected LockedFile.Multi.Generic (1)
16:03:20.0699 2516  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:03:20.0745 2516  srv - ok
16:03:20.0770 2516  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:03:20.0796 2516  srv2 - ok
16:03:20.0821 2516  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:03:20.0834 2516  srvnet - ok
16:03:20.0883 2516  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:03:20.0929 2516  SSDPSRV - ok
16:03:20.0946 2516  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:03:20.0989 2516  SstpSvc - ok
16:03:21.0034 2516  Steam Client Service - ok
16:03:21.0137 2516  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:03:21.0155 2516  Stereo Service - ok
16:03:21.0201 2516  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:03:21.0213 2516  stexstor - ok
16:03:21.0263 2516  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:03:21.0308 2516  stisvc - ok
16:03:21.0328 2516  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:03:21.0339 2516  swenum - ok
16:03:21.0376 2516  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:03:21.0442 2516  swprv - ok
16:03:21.0503 2516  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:03:21.0582 2516  SysMain - ok
16:03:21.0604 2516  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:03:21.0634 2516  TabletInputService - ok
16:03:21.0656 2516  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:03:21.0711 2516  TapiSrv - ok
16:03:21.0733 2516  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:03:21.0778 2516  TBS - ok
16:03:21.0933 2516  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:03:21.0977 2516  Tcpip - ok
16:03:22.0010 2516  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:03:22.0054 2516  TCPIP6 - ok
16:03:22.0081 2516  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:03:22.0131 2516  tcpipreg - ok
16:03:22.0150 2516  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:03:22.0193 2516  TDPIPE - ok
16:03:22.0222 2516  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:03:22.0244 2516  TDTCP - ok
16:03:22.0276 2516  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:03:22.0319 2516  tdx - ok
16:03:22.0338 2516  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:03:22.0352 2516  TermDD - ok
16:03:22.0392 2516  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:03:22.0452 2516  TermService - ok
16:03:22.0471 2516  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:03:22.0492 2516  Themes - ok
16:03:22.0520 2516  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:03:22.0563 2516  THREADORDER - ok
16:03:22.0577 2516  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:03:22.0633 2516  TrkWks - ok
16:03:22.0685 2516  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:03:22.0738 2516  TrustedInstaller - ok
16:03:22.0754 2516  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:22.0801 2516  tssecsrv - ok
16:03:22.0826 2516  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:03:22.0851 2516  TsUsbFlt - ok
16:03:22.0880 2516  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:03:22.0904 2516  TsUsbGD - ok
16:03:22.0940 2516  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:03:22.0988 2516  tunnel - ok
16:03:23.0002 2516  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:03:23.0016 2516  uagp35 - ok
16:03:23.0041 2516  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:03:23.0096 2516  udfs - ok
16:03:23.0126 2516  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:03:23.0156 2516  UI0Detect - ok
16:03:23.0182 2516  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:03:23.0197 2516  uliagpkx - ok
16:03:23.0228 2516  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:03:23.0252 2516  umbus - ok
16:03:23.0260 2516  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:03:23.0278 2516  UmPass - ok
16:03:23.0307 2516  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:03:23.0364 2516  upnphost - ok
16:03:23.0400 2516  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:03:23.0429 2516  usbaudio - ok
16:03:23.0462 2516  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:23.0487 2516  usbccgp - ok
16:03:23.0515 2516  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:03:23.0545 2516  usbcir - ok
16:03:23.0559 2516  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:03:23.0580 2516  usbehci - ok
16:03:23.0609 2516  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:03:23.0640 2516  usbhub - ok
16:03:23.0661 2516  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:03:23.0686 2516  usbohci - ok
16:03:23.0711 2516  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:03:23.0736 2516  usbprint - ok
16:03:23.0779 2516  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:03:23.0795 2516  usbscan - ok
16:03:23.0816 2516  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:03:23.0853 2516  USBSTOR - ok
16:03:23.0874 2516  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:03:23.0899 2516  usbuhci - ok
16:03:23.0933 2516  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:03:23.0992 2516  UxSms - ok
16:03:24.0008 2516  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:03:24.0026 2516  VaultSvc - ok
16:03:24.0052 2516  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:03:24.0067 2516  vdrvroot - ok
16:03:24.0105 2516  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:03:24.0178 2516  vds - ok
16:03:24.0192 2516  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:24.0208 2516  vga - ok
16:03:24.0223 2516  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:03:24.0279 2516  VgaSave - ok
16:03:24.0299 2516  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:03:24.0316 2516  vhdmp - ok
16:03:24.0394 2516  [ 7999B714275315DA05A2EC3C0F80D9D2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:03:24.0541 2516  VIAHdAudAddService - ok
16:03:24.0589 2516  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:03:24.0602 2516  viaide - ok
16:03:24.0625 2516  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:03:24.0643 2516  volmgr - ok
16:03:24.0664 2516  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:03:24.0689 2516  volmgrx - ok
16:03:24.0717 2516  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:03:24.0744 2516  volsnap - ok
16:03:24.0838 2516  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:03:24.0897 2516  vsmraid - ok
16:03:24.0961 2516  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:03:25.0056 2516  VSS - ok
16:03:25.0073 2516  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:03:25.0177 2516  vwifibus - ok
16:03:25.0332 2516  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:03:25.0420 2516  W32Time - ok
16:03:25.0492 2516  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
16:03:25.0527 2516  W3SVC - ok
16:03:25.0534 2516  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:03:25.0558 2516  WacomPen - ok
16:03:25.0593 2516  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:03:25.0669 2516  WANARP - ok
16:03:25.0678 2516  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:03:25.0736 2516  Wanarpv6 - ok
16:03:25.0771 2516  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
16:03:25.0806 2516  WAS - ok
16:03:25.0875 2516  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:03:25.0952 2516  wbengine - ok
16:03:25.0986 2516  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:03:26.0046 2516  WbioSrvc - ok
16:03:26.0076 2516  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:03:26.0166 2516  wcncsvc - ok
16:03:26.0181 2516  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:03:26.0226 2516  WcsPlugInService - ok
16:03:26.0263 2516  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:03:26.0277 2516  Wd - ok
16:03:26.0310 2516  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:03:26.0336 2516  Wdf01000 - ok
16:03:26.0356 2516  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:03:26.0445 2516  WdiServiceHost - ok
16:03:26.0450 2516  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:03:26.0472 2516  WdiSystemHost - ok
16:03:26.0496 2516  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:03:26.0535 2516  WebClient - ok
16:03:26.0555 2516  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:03:26.0616 2516  Wecsvc - ok
16:03:26.0639 2516  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:03:26.0738 2516  wercplsupport - ok
16:03:26.0771 2516  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:03:26.0819 2516  WerSvc - ok
16:03:26.0838 2516  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:03:26.0882 2516  WfpLwf - ok
16:03:26.0914 2516  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:03:26.0928 2516  WIMMount - ok
16:03:26.0943 2516  WinDefend - ok
16:03:26.0955 2516  WinHttpAutoProxySvc - ok
16:03:27.0003 2516  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:03:27.0052 2516  Winmgmt - ok
16:03:27.0204 2516  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
16:03:27.0217 2516  WinRing0_1_2_0 - ok
16:03:27.0301 2516  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:03:27.0386 2516  WinRM - ok
16:03:27.0449 2516  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:03:27.0501 2516  Wlansvc - ok
16:03:27.0520 2516  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:03:27.0544 2516  WmiAcpi - ok
16:03:27.0580 2516  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:03:27.0616 2516  wmiApSrv - ok
16:03:27.0640 2516  WMPNetworkSvc - ok
16:03:27.0658 2516  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:03:27.0692 2516  WPCSvc - ok
16:03:27.0709 2516  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:03:27.0746 2516  WPDBusEnum - ok
16:03:27.0775 2516  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:03:27.0821 2516  ws2ifsl - ok
16:03:27.0841 2516  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:03:27.0879 2516  wscsvc - ok
16:03:27.0886 2516  WSearch - ok
16:03:27.0978 2516  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:03:28.0063 2516  wuauserv - ok
16:03:28.0083 2516  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:03:28.0135 2516  WudfPf - ok
16:03:28.0174 2516  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:03:28.0227 2516  WUDFRd - ok
16:03:28.0244 2516  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:03:28.0284 2516  wudfsvc - ok
16:03:28.0305 2516  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:03:28.0341 2516  WwanSvc - ok
16:03:28.0429 2516  X6va005 - ok
16:03:28.0535 2516  X6va008 - ok
16:03:28.0581 2516  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:03:28.0592 2516  xusb21 - ok
16:03:28.0614 2516  ================ Scan global ===============================
16:03:28.0645 2516  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:03:28.0674 2516  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:03:28.0685 2516  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:03:28.0715 2516  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:03:28.0735 2516  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:03:28.0741 2516  [Global] - ok
16:03:28.0742 2516  ================ Scan MBR ==================================
16:03:28.0746 2516  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
16:03:28.0806 2516  \Device\Harddisk0\DR0 - ok
16:03:28.0821 2516  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:03:29.0112 2516  \Device\Harddisk1\DR1 - ok
16:03:29.0112 2516  ================ Scan VBR ==================================
16:03:29.0117 2516  [ D58E2FE36D89E7EF8DB9D6B2DBEF5826 ] \Device\Harddisk0\DR0\Partition1
16:03:29.0118 2516  \Device\Harddisk0\DR0\Partition1 - ok
16:03:29.0160 2516  [ CFC61A968840FEBF376BE59D0BFBF807 ] \Device\Harddisk1\DR1\Partition1
16:03:29.0162 2516  \Device\Harddisk1\DR1\Partition1 - ok
16:03:29.0174 2516  [ 7B0E239B9B5494FCB4CD464007F92F18 ] \Device\Harddisk1\DR1\Partition2
16:03:29.0176 2516  \Device\Harddisk1\DR1\Partition2 - ok
16:03:29.0176 2516  ============================================================
16:03:29.0176 2516  Scan finished
16:03:29.0176 2516  ============================================================
16:03:29.0198 2652  Detected object count: 5
16:03:29.0198 2652  Actual detected object count: 5
16:03:46.0124 2652  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:03:46.0124 2652  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
16:03:46.0125 2652  AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:46.0125 2652  AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:46.0128 2652  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:46.0128 2652  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:46.0131 2652  de_serv ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:46.0131 2652  de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:03:46.0134 2652  sptd ( LockedFile.Multi.Generic ) - skipped by user
16:03:46.0134 2652  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus · 14.01.2013, 21:18

Ist unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Fonix · 14.01.2013, 22:13

Hier der verlangte Inhalt der Suche:

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 14/01/2013 um 22:12:24 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Besitzer - FLO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\searchplugins\Plusnetwork.xml
Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\Besitzer\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Besitzer\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Besitzer\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Besitzer\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\BrowserCompanion
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\extensions\bbrs_002@blabbers.com
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\SweetPacksToolbarData
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Blabbers
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={29F0430A-179B-11E2-8180-0025[...]
Gefunden : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gefunden : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={29F0430A-[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={29F0430A-179B-11E2-8180-002522[...]
Gefunden : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gefunden : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gefunden : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Gefunden : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gefunden : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gefunden : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Gefunden : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.returnValue", "disable");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.newtab.created", "true");
Gefunden : user_pref("sweetim.toolbar.newtab.enable", "true");
Gefunden : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Plus! Network");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp[...]
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gefunden : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gefunden : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gefunden : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gefunden : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gefunden : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{29F0430A-179B-11E2-8180-002522718D17}");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={29F0[...]
Gefunden : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.12] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
Gefunden [l.2398] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Besitzer\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22651 octets] - [14/01/2013 22:12:24]

########## EOF - C:\AdwCleaner[R1].txt - [22712 octets] ##########

cosinus · 14.01.2013, 22:58

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Fonix · 15.01.2013, 15:49

adwCleaner Logdatei:

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 15/01/2013 um 15:45:56 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Besitzer - FLO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Desktop\TrojanerBoard\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\searchplugins\Plusnetwork.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Besitzer\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Besitzer\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Besitzer\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Besitzer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\myck6z23.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={29F0430A-179B-11E2-8180-0025[...]
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={29F0430A-[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={29F0430A-179B-11E2-8180-002522[...]
Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "disable");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "true");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Plus! Network");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp[...]
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{29F0430A-179B-11E2-8180-002522718D17}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={29F0[...]
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.12] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
Gelöscht [l.2398] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Besitzer\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22686 octets] - [14/01/2013 22:12:24]
AdwCleaner[S1].txt - [22404 octets] - [15/01/2013 15:45:56]

########## EOF - C:\AdwCleaner[S1].txt - [22465 octets] ##########

Fonix · 15.01.2013, 16:09

Und hier die beiden Logdateien von OTL:

Code:

ATTFilter

OTL logfile created on: 15.01.2013 15:54:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Besitzer\Desktop\TrojanerBoard
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,09% Memory free
8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,21 Gb Total Space | 73,27 Gb Free Space | 39,35% Space Free | Partition Type: NTFS
Drive D: | 28,63 Gb Total Space | 28,40 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
 
Computer Name: FLO | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Besitzer\Desktop\TrojanerBoard\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe (ROCCAT GmbH)
PRC - C:\Users\Besitzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ROCCAT\Isku Keyboard\hiddriver.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (AVM IGD CTRL Service) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local;<local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local;<local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://s22.sfgame.de/
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D C8 14 0A 57 6E CC 01  [binary data]
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.0
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Besitzer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Besitzer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Besitzer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.06 15:25:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 17:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.27 10:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2011.12.26 21:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\extensions
[2011.12.26 21:23:40 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2013.01.15 15:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\myck6z23.default\extensions
[2012.06.04 14:06:20 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\myck6z23.default\extensions\clickclean@hotcleaner.com
[2012.11.14 17:59:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\myck6z23.default\extensions\ich@maltegoetz.de
[2013.01.07 20:19:22 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\myck6z23.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.11 17:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 17:44:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\BESITZER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYCK6Z23.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
File not found (No name found) -- C:\USERS\BESITZER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MYCK6Z23.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM
[2013.01.11 17:44:29 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Besitzer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.8_0\
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.7_0\
CHR - Extension: Angry Birds = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield Play4Free = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
CHR - Extension: Click&Clean = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: AdBlock = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: Cut the Rope = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: Battlefield Heroes = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\
CHR - Extension: Don't Starve = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Deezer = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: NotScripts = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Flow Free = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.1_0\
CHR - Extension: Click&Clean App = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Late Night = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Google Mail = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.8_0\
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.7_0\
CHR - Extension: Angry Birds = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield Play4Free = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
CHR - Extension: Click&Clean = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: AdBlock = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: Cut the Rope = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: Battlefield Heroes = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\
CHR - Extension: Don't Starve = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Deezer = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: NotScripts = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Flow Free = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.1_0\
CHR - Extension: Click&Clean App = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Late Night = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Google Mail = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatIsku] C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE (ROCCAT GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000..\Run: [Akamai NetSession Interface] C:\Users\Besitzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S97E1.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1104156866-1664582838-3195057256-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A39ED2-3BDC-4FC8-91F8-22F7AEDB5D9C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0978246-1DD7-46EC-8EFF-1F3DDB963A6D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d7fa468-dbac-11e0-8434-00040ec9a883}\Shell - "" = AutoRun
O33 - MountPoints2\{2d7fa468-dbac-11e0-8434-00040ec9a883}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{359e2645-da28-11e0-9b9b-002522718d17}\Shell - "" = AutoRun
O33 - MountPoints2\{359e2645-da28-11e0-9b9b-002522718d17}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{e0507473-12a8-11e1-bc1b-00040ec9a883}\Shell - "" = AutoRun
O33 - MountPoints2\{e0507473-12a8-11e1-bc1b-00040ec9a883}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.14 22:14:34 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\TrojanerBoard
[2013.01.13 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\League of Legends Support Ticket
[2013.01.13 18:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.13 18:01:42 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.13 18:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.13 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Programs
[2013.01.11 18:21:25 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\BIS Core Engine
[2013.01.11 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.10 10:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.10 10:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.10 10:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.10 10:15:41 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Adobe
[2013.01.10 10:07:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013.01.10 10:07:23 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.01.10 10:07:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013.01.08 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
[2013.01.08 17:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.01.08 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.01.08 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013.01.08 17:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.12.30 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\LOLReplay
[2012.12.30 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2012.12.25 11:44:10 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Sounds
[2012.12.24 14:36:39 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\LootAlert 1.0.6 Meine versuchung
[2012.12.24 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\LootAlert 1.0.6
[2012.12.24 06:25:48 | 000,000,000 | ---D | C] -- C:\dev
[2012.12.24 06:24:42 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Neutrino_inc
[2012.12.24 06:17:01 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\LootAlert
[2012.12.21 17:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT
[2012.12.21 17:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.12.21 17:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2012.12.21 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\ROCCAT_Isku_DRV1.20_FW1.25
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 15:55:12 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 15:55:12 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 15:53:02 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104156866-1664582838-3195057256-1000UA.job
[2013.01.15 15:47:43 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 15:47:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 15:47:25 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.14 21:53:01 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104156866-1664582838-3195057256-1000Core.job
[2013.01.14 21:38:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.14 21:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 18:01:43 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.11 14:17:51 | 000,001,189 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
[2013.01.10 10:09:07 | 001,845,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 10:09:07 | 000,799,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 10:09:07 | 000,729,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 10:09:07 | 000,184,932 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 10:09:07 | 000,151,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.10 10:08:48 | 001,750,180 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 21:27:11 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 21:27:11 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.07 15:40:23 | 000,001,414 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012.12.30 16:49:34 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.12.23 00:07:34 | 000,000,108 | ---- | M] () -- C:\Users\Besitzer\Desktop\10Mash Up Germany - Meine Zeit (Die Young Gangnam... von trmlol.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.13 18:01:43 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.11 14:17:51 | 000,001,189 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
[2012.12.30 16:49:34 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.12.23 00:07:34 | 000,000,108 | ---- | C] () -- C:\Users\Besitzer\Desktop\10Mash Up Germany - Meine Zeit (Die Young Gangnam... von trmlol.url
[2012.04.01 02:47:32 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.03.26 13:11:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.12.08 15:23:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.10.01 12:53:53 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.09.22 16:37:32 | 000,007,600 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\Resmon.ResmonCfg
[2011.09.11 09:42:34 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.11 09:42:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.09 15:04:11 | 001,750,180 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.19 16:22:17 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\.minecraft
[2012.03.29 17:52:32 | 000,000,000 | RHSD | M] -- C:\Users\Besitzer\AppData\Roaming\.share
[2011.10.22 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Azureus
[2012.07.13 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Beat Hazard
[2012.09.09 00:47:47 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\BitTorrent
[2012.01.25 15:16:57 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Lite
[2012.12.19 22:52:51 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft
[2012.03.31 12:40:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson
[2012.06.07 15:21:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FOG Downloader
[2011.09.08 16:59:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ!
[2013.01.08 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
[2011.09.25 13:11:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient
[2012.05.24 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient2
[2011.10.06 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\MoreTerra
[2012.07.26 16:36:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\MotioninJoy
[2011.09.08 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Notepad++
[2012.03.07 15:49:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org
[2011.09.11 09:45:49 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera
[2012.06.13 13:05:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Product_RM
[2012.05.13 00:25:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\RotMG.Production
[2012.07.14 23:43:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\six-zsync
[2012.09.09 00:42:59 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Software Informer
[2013.01.13 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2012.09.14 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ts3overlay
[2012.09.04 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TuneUp Software
[2012.03.18 13:54:40 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
[2011.12.11 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 15.01.2013 15:54:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Besitzer\Desktop\TrojanerBoard
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,09% Memory free
8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,21 Gb Total Space | 73,27 Gb Free Space | 39,35% Space Free | Partition Type: NTFS
Drive D: | 28,63 Gb Total Space | 28,40 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
 
Computer Name: FLO | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050EF3DF-E05C-4997-9B0A-5DFF7611258D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{A2D6DA2A-B583-4D96-8052-B106A066C3AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7BA2987-13D3-4544-9568-744FBD4FEC9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D07B82C5-F3A3-4732-8762-B36AAEA2150B}" = lport=49183 | protocol=6 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F8CB89-9925-4417-8CC1-399280B148E7}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe | 
"{02864FC3-1144-4204-ACB6-64D8783182AE}" = protocol=17 | dir=in | app=d:\rom\rom\runes of magic\client.exe | 
"{03473123-A1F1-4F80-B66B-4782D8E28943}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{03651E07-A13C-4C44-A267-8B1220AAAD7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{0B521217-C22D-4DC3-A481-6711FB88E848}" = protocol=17 | dir=in | app=c:\users\besitzer\desktop\tesserver1.1\terrariaserver.exe | 
"{10568D62-35C0-4F06-A47B-7EC3503F77AB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{11D0B0AE-D34D-455E-B512-4D60BB506E09}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{12D1A474-7E5F-48E1-A9D6-8824E1053D5C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{13EC2B63-3E5C-4A7A-9105-AA4A921FA827}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{162877C7-6743-430A-A313-665A48D40486}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{16A6CCC3-C30F-4161-B3E1-C0A8C5B3BF63}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1727D057-C5EC-4DB7-8A57-0E0F315C9F30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{17CE23D9-7733-417F-9F7E-5066AA132104}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{184849C3-1973-4027-9E64-36265FA6FD82}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{1B1F85DF-3358-46E9-8092-04DD67657F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{1BFDEAB6-9E80-48F4-AE17-98CF92A2E9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1E776AFD-B155-414D-8E4C-D29E3FD37176}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{22429BF1-D7C7-4E6D-B834-1DAB0C94CE61}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{229DA288-5C87-46F6-A0C2-15AE73E79F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{23DC21C0-BCAF-48E2-96C9-D2496C1AC86A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{240C4278-A022-466E-8687-5B1EAF731907}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{25BC14F0-A321-4172-B868-027A57617244}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.0019_5fcfe8195e974fe8\launcher.exe | 
"{28951A55-9D70-4E7B-9173-FE17EE49495F}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{29746B65-65AE-4D6B-87F7-74971E16D5D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2CABD7E6-A4CD-4210-8F6F-074158BBEDE7}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.0019_5fcfe8195e974fe8\launcher.exe | 
"{2DC56185-6422-4515-9E98-56591838C5D5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2F6D0CE4-B5E9-4F8A-A964-E442DF354CE9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{32B0FD17-1B48-494D-9FF3-0DA66591EFF9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{34221481-537B-42E3-B5BB-F16E58AD79E6}" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"{34DBDA55-F2DB-419C-B5BB-480B31032F9C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{37ECFBBA-0FEE-4FDD-A01E-74FCB66E9899}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{38AE461C-0957-42ED-99ED-30050F1A4AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"{3FA41E49-BD51-4613-8B37-E91622DB97EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{403E96EB-057D-4F67-A839-ACD81BFF8C59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{41312D0B-7D99-4464-9306-F5C9BDF57E30}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\akamai\netsession_win.exe | 
"{418B2B59-A14C-48FE-9AC5-74FE1F4FEBA8}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{44993D2F-2B13-4B24-B671-C763FDC6B35D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{4535263F-A96B-441F-AD23-C3AC752BB410}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4595081D-359C-4289-A6B4-098401ACE629}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{4893F081-4A96-48CC-B0AF-B2DFB22EF79E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{4A1EF54A-0C78-4AFD-809A-631767B53C5C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{4AA05F57-FBF9-42AD-8C66-E40B3202D060}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"{4AC41558-D5A4-4BC4-8C6B-E13BCDBC9317}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{4BCF634F-4572-4D0E-A409-611C801940E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"{4DEDA45F-CDE1-4141-BCCF-426A97857982}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{4E4BEF83-AFA3-453A-A9FE-076E77653062}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{5170EB91-3CFA-4513-AB61-FD9E7B07D431}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{5371E77C-EAAB-48FD-8EC5-7A2BCC87C2A7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{549F4F61-D366-498B-9B33-BD2112A16074}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{578E7819-432C-41F3-B36D-BF004E6014D2}" = protocol=17 | dir=in | app=d:\rom\runes_of_magic_4_0_8_2506_slim_eu.exe | 
"{5946423A-BC0E-41C4-B444-136F1247D0C8}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\launcher.exe | 
"{59D7BCE0-D1FD-4763-91AB-0759FB87A16D}" = protocol=58 | dir=in | app=system | 
"{5B658B2F-176C-4816-8394-71C7167BF1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{5CD2AC31-ABB2-47F5-A838-F025A83962E1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{616DD15E-3C50-4626-B3DB-C378337AE3BD}" = protocol=6 | dir=in | app=d:\rom\runes_of_magic_4_0_8_2506_slim_eu.exe | 
"{66B63B6B-D245-4545-9CE5-E2832B30AF2C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"{6CE6E906-84E9-4BB7-8685-73AA02AE2307}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{6DE11DF9-B92C-48C4-8EAA-59B9E7EBB430}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{6DF09CFD-84A7-42AA-8903-AD8216B5B95D}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\roaming\spotify\spotify.exe | 
"{6FA538D2-1339-4038-8955-68C8F46A6B56}" = protocol=6 | dir=in | app=c:\ubisoft\gro\pdc-live\yeti_release.exe | 
"{7010A1F0-3685-4ED3-BBE6-1F0810B86107}" = dir=in | app=d:\brickforce\bflauncher.exe | 
"{73FFE5D1-40B3-48F3-9FD6-ABD92B5F02B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{787C7151-6BFE-4DE0-83BD-1F071F0812CD}" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"{7ACC5310-1BDB-47A8-B2F3-8BFAAFA59304}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{7BF0805D-A667-4275-B520-B476ECD92D12}" = protocol=6 | dir=in | app=d:\rom\rom\runes of magic\client.exe | 
"{7E9BB2F1-92A2-4FD7-9D0F-3CDADB61F044}" = protocol=17 | dir=in | app=c:\ubisoft\gro\pdc-live\yeti_release.exe | 
"{7FABE24D-450C-48A3-A432-FC7E031A4418}" = dir=out | app=d:\ubisoft\related designs\anno 2070\anno5.exe | 
"{804D5DDB-F8AC-4ED6-BDB6-84DF88ECF772}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{821DB28A-033D-4235-A99B-E4F47B06877B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{83D55E87-E121-4E86-918F-FB18ADCCC2F4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{85370A7D-196C-4F45-8D3F-7CCA11EEAFD1}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"{85CD7B7A-8D2B-4501-8BBC-F0CDABD59621}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{86ACF2D5-2D45-4D5B-B47A-E4B09B6A1533}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{8996FDC5-C59E-45C8-9EBC-EC90C918F376}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{89E3B575-77CC-415E-9600-915982D11607}" = protocol=6 | dir=in | app=c:\users\besitzer\desktop\tesserver1.1\terrariaserver.exe | 
"{8AF3BCC0-62A3-48B3-B38E-8CAFE73F135D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8B408FEA-0ACF-4330-B74B-EF124BF2972F}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"{8B426642-3C31-4784-80C4-17E58AB5EEA6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{911217AC-21C6-4C26-8D46-6FD4F6354C7F}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe | 
"{933CB469-EE9A-4171-B9B3-FE5B1B3D5CFF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{94C630D5-65AA-4E1C-BB7F-0F64C08DD4C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"{96FB7D5B-2DE7-4BF4-B308-B507B07570CD}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\roaming\spotify\spotify.exe | 
"{977204B6-D0E3-4CB9-A17A-7E52B98F3F4B}" = protocol=6 | dir=in | app=d:\assasin'screedbrotherhood\assassins creed brotherhood\acbsp.exe | 
"{9A4645C7-556A-4D35-8F1C-AFA2AF960BBA}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{9B2E2FF2-DAA3-49FE-B483-865B70B873F4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{9D7E68AA-73F0-4E43-AD42-79B878A7BA9C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{9F3525F0-4868-4B55-88CF-4FD6D5CE9955}" = protocol=17 | dir=in | app=d:\assasin'screedbrotherhood\assassins creed brotherhood\acbsp.exe | 
"{A0225EA3-DFDA-447E-8BA6-93AF687F53CC}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\temp\gw2.exe | 
"{A053E5CB-76DA-4E03-B0FC-BC00784BC9E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A0A875BB-5452-4576-8D94-09CB0AA28D28}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{A1B6E1F9-21CB-4C1F-8854-48CC9E138AE8}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A4316B93-D0E3-43C4-8C13-5277DB31A5F7}" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"{A4F7F43B-7136-4825-A3FC-C916FE7955E8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A5E340F9-D580-4342-9B73-1FA9F8AB2CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{A99100D2-866A-468C-B23C-697C1B88EC20}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AB0263C5-3AA0-44D8-A84F-81DE4FFDD78D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{AF331745-10B4-4C9D-87C8-78B357A364D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"{AFE9C156-302F-4D06-95D1-DA95551E07AD}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\awesomiumprocess.exe | 
"{B192F951-C148-4933-A927-B7B9A7F95B99}" = protocol=6 | dir=in | app=c:\users\besitzer\guild wars 2\gw2.exe | 
"{B4FA03A6-DE29-4FC0-AC77-3B171549E84D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{B8C5ACDB-CF72-4BA5-912A-B19944E2BEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{B997C918-1126-4357-8612-4E95256BFEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{BBE82C00-ACB0-4529-8CE7-460B052C7D2A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{BCCB2C6F-8D7C-4CFF-803B-FDF42029A346}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{C123E766-BFDE-4CED-BB3C-B676A83E4E35}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"{C188A46E-251A-4D26-A47E-954366247F11}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C4E9AE67-BA62-4086-87AB-A76A9A994031}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C5D435F8-C9B1-4794-BF6A-526F39D097F1}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{C6AA0DE1-5E4C-4A5F-A7F9-7235D534DADC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{C6FFAED2-57AE-4368-BFDB-2D4F7ABECD32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{CA82C701-5DC7-4173-A414-FFDD06B78A07}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{CC368E9F-9947-4338-B10C-4BC1A0343159}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{CC537AC2-AF94-40B2-A85F-3F8D28C42215}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{CCC67F36-B4EA-46E9-83F5-1DCFE8D1C72B}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D0FD572B-97B6-4867-9931-3CFB8CA62D6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{D6904E2C-19A2-42F3-BD36-AA34DB23F72B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{D6B64342-0935-463C-884A-820682543651}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{D8510332-4762-4931-A78B-B8FBD6E665E4}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{DAE53E74-DD18-42B9-A5CA-5A3AE53933C6}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{DE60DE09-5BFF-4607-9075-8A28182F1995}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{DF149FE1-D1DC-467F-9798-DCE37D6858E9}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"{DF2420F4-9D4A-4FA0-8BD2-8359E4B832D2}" = protocol=17 | dir=in | app=c:\users\besitzer\guild wars 2\gw2.exe | 
"{E12D0839-D210-4CA8-A0D3-7902DE29E1B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E8C9394E-30EE-44C1-89F1-C6A8922A6CAF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{ECCD8B2B-8752-44E5-A700-85B0751AABD4}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\temp\gw2.exe | 
"{ECDA7093-0A70-43DE-935A-AFB6BD429EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{EF3DDBF9-B759-4BAC-93A6-C2566086C74B}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\akamai\netsession_win.exe | 
"{F141439B-087D-4CA3-9D84-DC8B30CF5556}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{F2B85A2E-F6CB-441F-9E61-9716A4EF7919}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{F2F8C2AC-ECD4-414E-ABF0-9B7DCC98C730}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{F32EF293-7C82-403B-9B40-52E02D904BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{F335F56E-DA44-4E1E-B505-28F33FA5BAC8}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F436E3B3-5DF6-4FDD-A7A3-53C6C9160D76}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F47A5ED1-DFF4-4926-97D0-4F0CCD5F9958}" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"{F50770E5-662A-439D-97D1-17BA7BDAB0B4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{F5E94E06-3240-42DB-9BDB-242E2EE4398D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{F67FDB1E-B075-4375-ABE1-07C47AFB6110}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\launcher.exe | 
"{F8085E7E-4235-47A0-A614-9BC03AED6F9D}" = dir=in | app=d:\brickforce\brickforce.exe | 
"{F89F0E60-8FF8-4826-8E27-A07CB7A9ACB0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FC3D8981-B4D6-4F56-BED5-A1E97CEF53C7}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"TCP Query User{0957C0DC-B595-4853-951E-96E5BFDA3F0B}D:\assasin'screedbrotherhood\assassins creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=d:\assasin'screedbrotherhood\assassins creed brotherhood\acbsp.exe | 
"TCP Query User{182FF3C7-7356-4D69-9105-F381C746F0AB}C:\users\besitzer\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\besitzer\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe | 
"TCP Query User{1B25BE73-A3EB-411A-9D45-7BE86BF36783}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{1D329777-A26A-471D-AE02-D9E87E1879FC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{28A6319E-5E65-482B-B32C-1E5ADEC580F3}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{382A0352-12D6-488A-8055-D499B28399E7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{3C7DF3F8-D9C5-4FC7-8E63-4A9E126881C2}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{4675F57B-FB2D-4E41-B5D0-E6C3A98FB14E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{4D2EB836-FFCC-4810-9A71-0203DA869941}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{5D23A988-F566-4739-9195-7DAB09363EF2}C:\users\besitzer\desktop\mw3\krak\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\users\besitzer\desktop\mw3\krak\iw5mp_server.exe | 
"TCP Query User{63A4DBB8-FF61-436F-B50A-1C6CD7E90070}C:\ubisoft\gro\pdc-live\yeti_release.exe" = protocol=6 | dir=in | app=c:\ubisoft\gro\pdc-live\yeti_release.exe | 
"TCP Query User{6C16D04F-35ED-4263-8529-BF48D1BBFC2B}C:\ygopro\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\ygopro\ygopro_vs.exe | 
"TCP Query User{785289EA-B233-46BB-AB7F-B73C2007E18A}C:\program files (x86)\steam\steamapps\fonix171\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fonix171\team fortress 2\hl2.exe | 
"TCP Query User{7A9D1DE4-A661-4B26-8759-4FE43917BFB8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{7E66C294-4D3B-44F4-A139-C59C17B3CA24}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{7F0E3DB1-BCF3-4B93-B85B-E8187C620668}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{8E69382D-D3D4-446C-8F2A-4F7FE3BF1D7B}D:\rom\rom\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\rom\rom\runes of magic\client.exe | 
"TCP Query User{A827E739-B8AE-4BAA-9D13-D56F474A303A}C:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\launcher.exe" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\launcher.exe | 
"TCP Query User{A9FC4DAB-E1DD-4B5B-869D-21ADCC71ACAD}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{AF0E8B8F-6319-4021-B34E-8322CB8281FD}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B041F3F7-7E65-492F-8C98-7A7D87D432A8}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"TCP Query User{C120E62E-9BC5-4BBE-84A2-C20B514035F0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{C7A4D657-31B6-4822-8129-ECFD1A64D36E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{C7E61FBF-0766-4FD2-B2A8-796D4A943ED3}D:\rom\runes_of_magic_4_0_8_2506_slim_eu.exe" = protocol=6 | dir=in | app=d:\rom\runes_of_magic_4_0_8_2506_slim_eu.exe | 
"TCP Query User{D032FAA4-93C6-4959-AD17-80B13DE4CB95}C:\program files (x86)\fritz!dsl\fboxupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | 
"TCP Query User{D6F26465-E331-41A4-BCAF-B10FB17C8412}C:\users\besitzer\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\besitzer\guild wars 2\gw2.exe | 
"TCP Query User{E685CF96-A6A9-4B59-8328-362119C269B9}C:\users\besitzer\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\temp\gw2.exe | 
"TCP Query User{E9B61A54-E918-4CA8-8D27-B0786241DBF1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{EE74F671-A7AC-4935-A2E0-069947AEDB86}C:\users\besitzer\desktop\tesserver1.1\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\besitzer\desktop\tesserver1.1\terrariaserver.exe | 
"TCP Query User{F05BFDAA-35EF-4DD2-85C2-1C0C879A7B69}C:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.0019_5fcfe8195e974fe8\launcher.exe" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.0019_5fcfe8195e974fe8\launcher.exe | 
"TCP Query User{F809CC81-1A4B-464A-A14B-45BE0F8A555F}D:\runesom\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runesom\runes of magic\client.exe | 
"TCP Query User{FE73AFA5-EFD6-4FB7-9045-390B021BDB14}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"UDP Query User{022E16A8-7037-4749-8E8D-ABDB1D02BD16}C:\users\besitzer\desktop\mw3\krak\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\users\besitzer\desktop\mw3\krak\iw5mp_server.exe | 
"UDP Query User{0C6F3C02-6C34-45D6-8965-75A5D3E1C04F}C:\users\besitzer\desktop\tesserver1.1\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\besitzer\desktop\tesserver1.1\terrariaserver.exe | 
"UDP Query User{0DBEDCD7-72DD-4ED5-957A-360594C4AAF1}C:\ubisoft\gro\pdc-live\yeti_release.exe" = protocol=17 | dir=in | app=c:\ubisoft\gro\pdc-live\yeti_release.exe | 
"UDP Query User{12455CB5-E0ED-4253-8BA2-445443BE5A44}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{17DF0768-5617-4062-826A-B62B7A772D79}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{1C3EB2E1-4C16-44CB-A689-BC3D3F8FFD8A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{2123417A-FE4A-4B58-824B-F25CB7444D98}D:\rom\runes_of_magic_4_0_8_2506_slim_eu.exe" = protocol=17 | dir=in | app=d:\rom\runes_of_magic_4_0_8_2506_slim_eu.exe | 
"UDP Query User{23C77277-AE7E-48F1-92D9-C51345676521}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{2832DAA2-675B-410E-BC30-F9E062189E27}D:\runesom\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runesom\runes of magic\client.exe | 
"UDP Query User{2B0DB03D-6D58-4E32-B5CF-1876B5699F89}C:\ygopro\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\ygopro\ygopro_vs.exe | 
"UDP Query User{2C1319C2-79F9-40E7-AEED-4ADA5B6B3C33}D:\rom\rom\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\rom\rom\runes of magic\client.exe | 
"UDP Query User{2C62DE7B-A9DF-4FFA-BD78-55B567C85D27}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | 
"UDP Query User{3553D48C-744A-400D-B320-9D0431551A6F}C:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\launcher.exe" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\launcher.exe | 
"UDP Query User{3D043B19-2405-4CF1-8CC8-FE560FB51B59}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{4A32756D-8DF3-4507-B8BE-C911ECFAC0AE}C:\users\besitzer\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\besitzer\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe | 
"UDP Query User{4CC2194D-1579-46EE-B191-CFB579DED848}C:\program files (x86)\fritz!dsl\fboxupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | 
"UDP Query User{51B5B2C0-E215-4FA6-98C5-7B1E68C3D619}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{604B32E2-9B0A-4399-B143-B847ADF5ACDA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{73CC187F-5298-4BD5-ADB2-B74174F86098}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | 
"UDP Query User{73D15C20-B873-474B-B6C7-CA75E9395AFF}D:\assasin'screedbrotherhood\assassins creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=d:\assasin'screedbrotherhood\assassins creed brotherhood\acbsp.exe | 
"UDP Query User{7C5BA8B9-4668-406F-9B7F-6A58575E1D27}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{83BD82C4-1C2F-4B14-94C3-0FC4D681D920}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{8C3C1305-BE34-48A3-AAC3-542B48B41A37}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{9D44C21E-1561-4801-9506-19FF6373D772}C:\users\besitzer\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\temp\gw2.exe | 
"UDP Query User{AE3390DA-F242-483A-83BF-66932C2E793D}C:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.0019_5fcfe8195e974fe8\launcher.exe" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\apps\2.0\t9yzyzxt.x50\3qt1xg0x.mql\laun...app_59711684aa47878d_0001.0019_5fcfe8195e974fe8\launcher.exe | 
"UDP Query User{B098FADB-3C50-40A3-B23A-B699444D85F8}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{B27A6053-61A5-4204-B8F1-9ACA4D1ECCFF}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{C7268D98-CB46-4F84-96F3-A3354B6BAF9D}C:\users\besitzer\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\besitzer\guild wars 2\gw2.exe | 
"UDP Query User{D5375D92-9AB1-40D7-992E-A6781DF42B51}C:\program files (x86)\steam\steamapps\fonix171\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fonix171\team fortress 2\hl2.exe | 
"UDP Query User{D8CAB247-5FB9-4B7C-BCE4-7310695A0B35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{D9AD2340-54C2-4B92-B64A-B172AB31BE53}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{F2F70D96-39EA-4C1B-981F-C907F279FE4B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{355CAC3F-0788-4117-B401-3CC4F8367E0A}" = Overwolf
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}" = ROCCAT Isku Keyboard Driver
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730CFF48-E755-4B5B-994E-E29232DCF565}_is1" = YGOPro Version 1.02D
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{821018E8-68D9-42F0-84FF-C571876B5D33}" = DayZ Commander
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"Akamai" = Akamai NetSession Interface Service
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVMWLANCLI" = AVM FRITZ!WLAN
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series Manual" = EPSON SX420W Series Handbuch
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Netzwerk-Handbuch
"FRITZ!DSL" = AVM FRITZ!DSL
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Steam App 113200" = The Binding of Isaac
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1104156866-1664582838-3195057256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.08.2012 07:59:06 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.08.2012 14:14:28 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2012 09:44:41 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2012 14:22:36 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 08:58:15 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2012 13:00:03 | Computer Name = Flo | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.08.2012 09:45:17 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2012 07:31:19 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2012 13:51:27 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.08.2012 09:03:43 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.01.2013 08:40:28 | Computer Name = Flo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 14.01.2013 09:42:28 | Computer Name = Flo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "AMD External Events Utility .NET." wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 14.01.2013 09:44:52 | Computer Name = Flo | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 14.01.2013 09:44:52 | Computer Name = Flo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 15.01.2013 10:39:14 | Computer Name = Flo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "AMD External Events Utility .NET." wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 15.01.2013 10:41:37 | Computer Name = Flo | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 15.01.2013 10:41:37 | Computer Name = Flo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 15.01.2013 10:47:44 | Computer Name = Flo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "AMD External Events Utility .NET." wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 15.01.2013 10:50:04 | Computer Name = Flo | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 15.01.2013 10:50:04 | Computer Name = Flo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

Fonix · 15.01.2013, 16:10

Beitrag gelöscht - Doppelpost. Sorry

14.01.2013, 14:09	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mehrere PUP.Blabbers Funde Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! __________________ Logfiles bitte immer in CODE-Tags posten

Mehrere PUP.Blabbers Funde

Plagegeister aller Art und deren Bekämpfung: Mehrere PUP.Blabbers Funde