W32/Patched.UC

Inspheres · 15.03.2013, 03:17

Hallo,

Bitte kann mir Jemand helfen diesen Trojaner zu entfernen... Wisst Ihr vllt. wie gefährlich bzw. schädlich dieser ist?

OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 15.03.2013 02:39:20 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,86% Memory free
15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 513,80 Gb Free Space | 55,16% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.14 17:36:58 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.06 21:50:48 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.03.06 21:50:48 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.02.08 15:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 17:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 20:10:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.09 15:06:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 15:06:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 15:06:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 15:06:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 15:06:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.21 07:49:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010.11.21 04:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.20 03:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 22:01:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.10 13:51:02 | 000,815,560 | ---- | M] (MooSoft Development LLC) [Auto | Stopped] -- C:\Program Files (x86)\The Cleaner\mhelper.exe -- (moohelp)
SRV - [2013.03.08 02:43:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 13:08:31 | 006,370,680 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.27 11:39:44 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 00:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 00:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.08 21:37:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.15 02:24:09 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.03.06 12:25:02 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.03.06 12:25:02 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.03.06 12:25:02 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.07.07 11:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011.07.07 11:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2011.04.20 03:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.04.20 02:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 03:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 03:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 11:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 11:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 11:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 11:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 11:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.05.27 04:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 11:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114874&tt=4812_4&babsrc=HP_ss&mntrId=6cae971d0000000000003085a9b306e2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BF 44 DE BD CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114874&tt=4812_4&babsrc=SP_ss&mntrId=6cae971d0000000000003085a9b306e2
IE - HKCU\..\SearchScopes\{635848A3-D1A7-46BC-8420-67486A9326AA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d726b3b0-14b9-4002-b7e1-0715b1463e1c&apn_sauid=C0E071B3-258A-4A79-BCAB-93EBEBD4F6E0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7B30E08C68-889E-11E0-95EF-DA7E4824019B%7D:0.8
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.3.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.08 18:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 22:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 02:43:19 | 000,000,000 | ---D | M]
 
[2012.11.08 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.03.13 23:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.24 23:21:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.22 17:54:30 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\fastdial@telega.phpnet.us
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Broowse2usavE) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
[2013.03.07 22:31:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
[2013.03.14 00:06:37 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
[2013.03.02 18:53:46 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.10 18:37:02 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.05 23:14:15 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.11.10 18:38:22 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2012.11.18 19:12:07 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013.02.14 14:26:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.14 00:06:38 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.15 01:08:31 | 000,002,413 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\searchplugins\askcom.xml
[2013.03.13 22:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (onetab) -- C:\Program Files (x86)\mozilla firefox\extensions\onetab@onetab.net
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 18:47:39 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Broowse2usavE = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid\1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\User\AppData\Roaming\OneTab\OneTab.dll (OnPageAds)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe (MooSoft Development LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44F588EC-AE07-4195-B687-558D15AF45C5}: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F269A833-C7A2-4185-B543-B9400327C755}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 01:51:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.03.14 22:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.14 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.03.14 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\thecleaner
[2013.03.14 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
[2013.03.14 18:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner
[2013.03.14 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2013.03.14 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.03.14 18:02:27 | 012,185,136 | ---- | C] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 00:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013.03.14 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.13 23:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.03.13 23:59:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.13 23:59:29 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.13 23:59:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.13 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2013
[2013.03.13 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2013.03.13 21:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.13 20:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.13 20:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.03.13 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.03.13 20:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft
[2013.03.13 20:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013.03.13 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013.03.13 20:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broowse2usavE
[2013.03.13 20:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Broowse2usavE
[2013.03.13 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.03.13 19:17:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.03.13 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2013.03.13 19:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2013.03.13 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics
[2013.03.13 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2013.03.13 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
[2013.03.13 00:36:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
[2013.03.13 00:36:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Sounds
[2013.03.13 00:36:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
[2013.03.13 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Library
[2013.03.12 22:28:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013.03.12 15:46:40 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.03.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.03.12 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\User\Local Settings
[2013.03.12 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2013.03.12 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013.03.12 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013.03.12 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.03.08 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yontoo
[2013.03.07 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.03.07 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.03.07 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.28 15:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.02.28 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.02.28 15:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013.02.28 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013.02.26 20:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
[2013.02.26 20:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
[2013.02.26 20:57:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
[2013.02.26 20:56:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
[2013.02.26 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Samples
[2013.02.25 11:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.21 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\User\dubtrack
[2013.02.19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Cubase Projekte
[2013.02.15 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VTrain
[2013.02.15 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VTrain
[2013.02.15 07:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTrain
[2013.02.15 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTrain
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.15 02:35:57 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 02:35:57 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 02:28:05 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.15 02:27:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 02:27:52 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 02:05:53 | 000,000,168 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:25 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:10 | 000,377,856 | ---- | M] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.15 02:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 23:42:03 | 001,499,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.14 23:42:03 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.14 23:42:03 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.14 23:42:03 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.14 23:42:03 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 22:27:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:02:52 | 012,185,136 | ---- | M] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.12 23:13:44 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 16:23:07 | 343,905,537 | ---- | M] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.12 15:16:21 | 000,270,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.27 17:26:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
[2013.02.15 07:57:48 | 000,000,924 | ---- | M] () -- C:\Users\User\Desktop\VTrain.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.15 02:05:53 | 000,000,168 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:24 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:09 | 000,377,856 | ---- | C] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.14 22:27:15 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:03:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2013.03.14 18:03:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.03.13 22:15:26 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.12 23:13:44 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 15:46:39 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.03.12 15:46:39 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.03.12 15:46:39 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.03.12 15:44:53 | 343,905,537 | ---- | C] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.11 22:42:48 | 005,097,142 | ---- | C] () -- C:\Users\User\Desktop\GoldLine.Presentation.2.2.de.pdf
[2013.03.08 13:14:54 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013.03.07 22:31:25 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.07 22:31:25 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.07 22:31:25 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.27 17:26:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2013.02.15 07:57:48 | 000,000,924 | ---- | C] () -- C:\Users\User\Desktop\VTrain.lnk
[2012.12.03 15:11:47 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.25 21:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,021,036 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2013.03.15 01:13:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.03.15 02:27:56 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.03.15 02:27:56 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.27 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.11.28 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012.11.29 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.03.07 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.01.20 11:51:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2013.03.13 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.08 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013.01.08 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.15 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ERS Game Studios
[2013.03.12 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.02.06 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iZotope
[2013.01.15 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts
[2012.11.28 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2012.11.29 18:47:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OneTab
[2013.03.13 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.14 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.13 20:55:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.11.21 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steinberg
[2013.03.14 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\thecleaner
[2012.12.03 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2013.03.13 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.02.25 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.15 08:00:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VTrain
[2013.03.15 01:42:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

--- --- ---

--- --- ---OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2013 01:52:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,98% Memory free
15,96 Gb Paging File | 13,84 Gb Available in Paging File | 86,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 514,01 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 7,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{02ee9304-c7a4-49c8-9654-b53c19702ea9}" = Native Instruments Drop Squad Sounds
"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer
"{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{291BF86D-585D-47bb-BB79-86DE9D35A8BA}" = Native Instruments Maschine Controller MK2 Driver
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5D1224E0-6777-4536-9D72-B0E151ED8C99}" = Native Instruments Battery Library Importer for Maschine
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81387FD1-8CDD-4C1B-A2CB-BF06772092FE}" = Native Instruments Komplete 8
"{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.04.1
"{88E45461-E8D2-4BCA-BDEC-0405E6FB4817}" = Native Instruments Transient Master
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AFAAEAF-7256-793D-AE2B-B4B2C5B3A807}" = AMD Catalyst Install Manager
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{cddf30cf-0b33-4080-99fa-092a5bc1988f}" = Native Instruments Drop Squad
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}" = Vizzed Retro Game Room
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89286F5B-4B78-41DE-9982-B7AD010DE01B}" = *tmx englisch
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B1F7B1-9721-D228-F591-2C2A4695302C}" = Catalyst Control Center InstallProxy
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = 
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Doxillion" = Doxillion Document Converter
"ExpressBurn" = Express Burn
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"G-Force" = G-Force
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"iZotope Ozone 5 Advanced_is1" = iZotope Ozone 5 Advanced
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MixPad" = MixPad
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multi Virus Cleaner 2013_is1" = Multi Virus Cleaner 2013
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Battery Library Importer for Maschine" = Native Instruments Battery Library Importer for Maschine
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Drop Squad" = Native Instruments Drop Squad
"Native Instruments Drop Squad Sounds" = Native Instruments Drop Squad Sounds
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Komplete 8" = Native Instruments Komplete 8
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller" = Native Instruments Maschine Controller
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Maschine Controller MK2 Driver" = Native Instruments Maschine Controller MK2 Driver
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Studio Drummer" = Native Instruments Studio Drummer
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Transient Master" = Native Instruments Transient Master
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"Native Instruments West Africa" = Native Instruments West Africa
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OneTab" = OneTab
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Prism" = Prism Video File Converter
"SP_f2a323db" = 
"The Cleaner_is1" = The Cleaner version 9
"Trojan Remover_is1" = Trojan Remover 6.8.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"VTrain_is1" = VTrain (Vokabeltrainer) 5.2
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Bitcoin" = Bitcoin
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2013 16:16:41 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x2a0  Startzeit der fehlerhaften Anwendung: 0x01ce20f0d758d65d  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 150c855e-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:17:41 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0xf00  Startzeit der fehlerhaften Anwendung: 0x01ce20f0fb339075  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 38e4de16-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:18:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x12dc  Startzeit der fehlerhaften Anwendung: 0x01ce20f11f0e4a8e  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 5cc1f98f-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:19:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x1244  Startzeit der fehlerhaften Anwendung: 0x01ce20f142edc768  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 80a3d7c9-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:20:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x10f0  Startzeit der fehlerhaften Anwendung: 0x01ce20f166c91abf  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: a47a6860-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:21:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x13c0  Startzeit der fehlerhaften Anwendung: 0x01ce20f18aa3d4d8  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: c85783d9-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:22:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x107c  Startzeit der fehlerhaften Anwendung: 0x01ce20f1ae7f1b91  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: ec306932-8ce4-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:23:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x13bc  Startzeit der fehlerhaften Anwendung: 0x01ce20f1d259d5aa  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 100d84ab-8ce5-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:24:43 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x1060  Startzeit der fehlerhaften Anwendung: 0x01ce20f1f6371834  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 33eac735-8ce5-11e2-a389-3085a9b306e2
 
Error - 14.03.2013 16:25:43 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74dfc9f1  ID des fehlerhaften
 Prozesses: 0x1104  Startzeit der fehlerhaften Anwendung: 0x01ce20f21a1433ad  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 57ca440e-8ce5-11e2-a389-3085a9b306e2
 
[ System Events ]
Error - 14.03.2013 20:15:14 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.03.2013 20:16:23 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 14.03.2013 20:16:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 14.03.2013 20:16:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 14.03.2013 20:16:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 14.03.2013 20:40:04 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.03.2013 20:41:22 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 14.03.2013 20:41:22 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 14.03.2013 20:41:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 14.03.2013 20:41:38 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >

--- --- ---

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-15 02:38:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 WDC_WD10EARS-32MVWB0 rev.51.0AB51 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\kwtdapoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                            0000000076831465 2 bytes [83, 76]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                           00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                          0000000076831465 2 bytes [83, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                         00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                      0000000076831465 2 bytes [83, 76]
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                     00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                                     0000000076831465 2 bytes [83, 76]
.text    C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                                    00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000076831465 2 bytes [83, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                 00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
.text    C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                  0000000076831465 2 bytes [83, 76]
.text    C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                 00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                    0000000076831465 2 bytes [83, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                   00000000768314bb 2 bytes [83, 76]
.text    ...                                                                                                                                                                                                                                                   * 2
---- Processes - GMER 2.1 ----

Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [484] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                        000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [556] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                          000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [872] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                        000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [996] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                        000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [416] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                        000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1116] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                       000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1236] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                       000007fefdb80000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [2144] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09)                          0000000070250000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2352] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                000007fefdb80000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IELowutil.exe [2832] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09)                0000000070250000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [3252] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09)             0000000070250000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe [4928] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09)                0000000070250000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4428] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09)  0000000070250000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4024] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                    000007fefdb80000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4132] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00)                                       000007fefdb80000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832c1d2e                                                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832c1d2e (not active ControlSet)                                                                                                                                                       

---- EOF - GMER 2.1 ----

--- --- ---

aharonov · 15.03.2013, 20:05

Hallo Inspheres und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Zitat:

Wisst Ihr vllt. wie gefährlich bzw. schädlich dieser ist?

Das ist das ZeroAccess-Rootkit, das würd ich schon weghaben wollen.

Schritt 1

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.

Starte die TDSSKiller.exe.
Drücke Start Scan.
Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von TDSSKiller

Inspheres · 15.03.2013, 20:42

Hallo und erstmal danke für die schnelle Hilfe!

Habe nun einen scan durchgeführt und auf skip umgestellt, doch das Programm erstellt kein logfile! Wie speichere ich das logfile?

Das ist jetz einfach mal der report des scans:

Code:

ATTFilter

20:46:26.0802 1208  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:46:27.0036 1208  ============================================================
20:46:27.0036 1208  Current date / time: 2013/03/15 20:46:27.0036
20:46:27.0036 1208  SystemInfo:
20:46:27.0036 1208  
20:46:27.0036 1208  OS Version: 6.1.7601 ServicePack: 1.0
20:46:27.0036 1208  Product type: Workstation
20:46:27.0036 1208  ComputerName: USER-PC
20:46:27.0036 1208  UserName: User
20:46:27.0036 1208  Windows directory: C:\Windows
20:46:27.0036 1208  System windows directory: C:\Windows
20:46:27.0036 1208  Running under WOW64
20:46:27.0036 1208  Processor architecture: Intel x64
20:46:27.0036 1208  Number of processors: 6
20:46:27.0036 1208  Page size: 0x1000
20:46:27.0036 1208  Boot type: Normal boot
20:46:27.0036 1208  ============================================================
20:46:28.0253 1208  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:28.0300 1208  ============================================================
20:46:28.0300 1208  \Device\Harddisk0\DR0:
20:46:28.0300 1208  MBR partitions:
20:46:28.0300 1208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:46:28.0300 1208  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D4000
20:46:28.0300 1208  ============================================================
20:46:28.0315 1208  C: <-> \Device\Harddisk0\DR0\Partition2
20:46:28.0315 1208  ============================================================
20:46:28.0315 1208  Initialize success
20:46:28.0315 1208  ============================================================
20:46:31.0591 1120  ============================================================
20:46:31.0591 1120  Scan started
20:46:31.0591 1120  Mode: Manual; 
20:46:31.0591 1120  ============================================================
20:46:32.0621 1120  ================ Scan system memory ========================
20:46:32.0621 1120  System memory - ok
20:46:32.0621 1120  ================ Scan services =============================
20:46:32.0761 1120  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:46:32.0777 1120  1394ohci - ok
20:46:32.0792 1120  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:46:32.0792 1120  ACPI - ok
20:46:32.0808 1120  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:46:32.0808 1120  AcpiPmi - ok
20:46:32.0964 1120  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:32.0964 1120  AdobeARMservice - ok
20:46:33.0120 1120  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:33.0120 1120  AdobeFlashPlayerUpdateSvc - ok
20:46:33.0167 1120  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:46:33.0167 1120  adp94xx - ok
20:46:33.0182 1120  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:46:33.0182 1120  adpahci - ok
20:46:33.0198 1120  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:46:33.0198 1120  adpu320 - ok
20:46:33.0214 1120  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:46:33.0214 1120  AeLookupSvc - ok
20:46:33.0276 1120  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:46:33.0276 1120  AFD - ok
20:46:33.0292 1120  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:46:33.0292 1120  agp440 - ok
20:46:33.0307 1120  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:46:33.0307 1120  ALG - ok
20:46:33.0323 1120  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:46:33.0323 1120  aliide - ok
20:46:33.0370 1120  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:46:33.0385 1120  AMD External Events Utility - ok
20:46:33.0416 1120  [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
20:46:33.0416 1120  amdhub30 - ok
20:46:33.0432 1120  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:46:33.0432 1120  amdide - ok
20:46:33.0432 1120  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:46:33.0432 1120  AmdK8 - ok
20:46:33.0682 1120  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:46:33.0728 1120  amdkmdag - ok
20:46:33.0822 1120  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:46:33.0822 1120  amdkmdap - ok
20:46:33.0916 1120  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:46:33.0916 1120  AmdPPM - ok
20:46:33.0994 1120  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:46:33.0994 1120  amdsata - ok
20:46:33.0994 1120  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:46:34.0009 1120  amdsbs - ok
20:46:34.0025 1120  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:46:34.0025 1120  amdxata - ok
20:46:34.0056 1120  [ 321533578132C811EC834A1B741C994C ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
20:46:34.0072 1120  amdxhc - ok
20:46:34.0228 1120  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:46:34.0228 1120  AntiVirSchedulerService - ok
20:46:34.0290 1120  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:46:34.0290 1120  AntiVirService - ok
20:46:34.0321 1120  [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:46:34.0337 1120  AntiVirWebService - ok
20:46:34.0352 1120  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:46:34.0352 1120  AppID - ok
20:46:34.0368 1120  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:46:34.0384 1120  AppIDSvc - ok
20:46:34.0384 1120  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:46:34.0384 1120  Appinfo - ok
20:46:34.0399 1120  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:46:34.0399 1120  arc - ok
20:46:34.0415 1120  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:46:34.0415 1120  arcsas - ok
20:46:34.0462 1120  [ 718692FFF22D6AF47EBA0A741A924921 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:46:34.0462 1120  asmthub3 - ok
20:46:34.0508 1120  [ BAD70A5AC534C108F680A33C654BC626 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:46:34.0508 1120  asmtxhci - ok
20:46:34.0555 1120  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:34.0555 1120  AsyncMac - ok
20:46:34.0571 1120  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:46:34.0571 1120  atapi - ok
20:46:34.0618 1120  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
20:46:34.0618 1120  AthBTPort - ok
20:46:34.0680 1120  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
20:46:34.0680 1120  ATHDFU - ok
20:46:34.0742 1120  [ FB3FF3DB34CB86F2B936B24D96F21F6F ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:46:34.0742 1120  AtherosSvc - ok
20:46:34.0820 1120  [ 2D82B4044C531A7789E10EC3EF6DD1BF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:46:34.0836 1120  athr - ok
20:46:34.0930 1120  [ EA0AF9B866DF07E8FE6C2342585788B0 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
20:46:34.0945 1120  athur - ok
20:46:34.0976 1120  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:46:34.0976 1120  AtiHDAudioService - ok
20:46:34.0992 1120  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:46:35.0008 1120  AudioEndpointBuilder - ok
20:46:35.0008 1120  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:46:35.0008 1120  AudioSrv - ok
20:46:35.0023 1120  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:46:35.0023 1120  avgntflt - ok
20:46:35.0054 1120  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:46:35.0054 1120  avipbb - ok
20:46:35.0070 1120  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:46:35.0070 1120  avkmgr - ok
20:46:35.0132 1120  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:46:35.0132 1120  AxInstSV - ok
20:46:35.0164 1120  [ 9F4320BA8E7CE2342517B182A2F2C0E6 ] azvusb          C:\Windows\system32\DRIVERS\azvusb.sys
20:46:35.0164 1120  azvusb - ok
20:46:35.0210 1120  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:46:35.0210 1120  b06bdrv - ok
20:46:35.0257 1120  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:35.0257 1120  b57nd60a - ok
20:46:35.0288 1120  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:46:35.0288 1120  BDESVC - ok
20:46:35.0304 1120  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:46:35.0304 1120  Beep - ok
20:46:35.0320 1120  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:35.0320 1120  blbdrive - ok
20:46:35.0366 1120  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:46:35.0366 1120  bowser - ok
20:46:35.0366 1120  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:46:35.0366 1120  BrFiltLo - ok
20:46:35.0382 1120  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:46:35.0382 1120  BrFiltUp - ok
20:46:35.0398 1120  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:46:35.0398 1120  Browser - ok
20:46:35.0413 1120  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:46:35.0413 1120  Brserid - ok
20:46:35.0413 1120  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:35.0429 1120  BrSerWdm - ok
20:46:35.0429 1120  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:35.0429 1120  BrUsbMdm - ok
20:46:35.0429 1120  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:35.0429 1120  BrUsbSer - ok
20:46:35.0460 1120  [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
20:46:35.0460 1120  BTATH_A2DP - ok
20:46:35.0476 1120  [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
20:46:35.0476 1120  BTATH_BUS - ok
20:46:35.0491 1120  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:46:35.0491 1120  BTATH_HCRP - ok
20:46:35.0507 1120  [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:46:35.0507 1120  BTATH_LWFLT - ok
20:46:35.0538 1120  [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
20:46:35.0538 1120  BTATH_RCP - ok
20:46:35.0569 1120  [ E24FBEFF8FD3BD997AA5E9BD68BD7C74 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
20:46:35.0569 1120  BtFilter - ok
20:46:35.0600 1120  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:46:35.0600 1120  BthEnum - ok
20:46:35.0616 1120  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:46:35.0616 1120  BTHMODEM - ok
20:46:35.0647 1120  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:46:35.0647 1120  BthPan - ok
20:46:35.0663 1120  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:46:35.0663 1120  BTHPORT - ok
20:46:35.0678 1120  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:46:35.0678 1120  bthserv - ok
20:46:35.0694 1120  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:46:35.0710 1120  BTHUSB - ok
20:46:35.0725 1120  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:46:35.0725 1120  cdfs - ok
20:46:35.0741 1120  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:46:35.0741 1120  cdrom - ok
20:46:35.0772 1120  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:46:35.0788 1120  CertPropSvc - ok
20:46:35.0819 1120  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:46:35.0819 1120  circlass - ok
20:46:35.0834 1120  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:46:35.0834 1120  CLFS - ok
20:46:35.0897 1120  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:35.0897 1120  clr_optimization_v2.0.50727_32 - ok
20:46:35.0928 1120  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:35.0928 1120  clr_optimization_v2.0.50727_64 - ok
20:46:36.0022 1120  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:36.0022 1120  clr_optimization_v4.0.30319_32 - ok
20:46:36.0037 1120  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:36.0053 1120  clr_optimization_v4.0.30319_64 - ok
20:46:36.0053 1120  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:46:36.0053 1120  CmBatt - ok
20:46:36.0053 1120  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:46:36.0053 1120  cmdide - ok
20:46:36.0084 1120  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:46:36.0084 1120  CNG - ok
20:46:36.0100 1120  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:46:36.0100 1120  Compbatt - ok
20:46:36.0115 1120  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:46:36.0115 1120  CompositeBus - ok
20:46:36.0115 1120  COMSysApp - ok
20:46:36.0131 1120  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:46:36.0131 1120  crcdisk - ok
20:46:36.0162 1120  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:46:36.0162 1120  CryptSvc - ok
20:46:36.0240 1120  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:46:36.0256 1120  cvhsvc - ok
20:46:36.0287 1120  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:46:36.0302 1120  DcomLaunch - ok
20:46:36.0334 1120  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:46:36.0334 1120  defragsvc - ok
20:46:36.0396 1120  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:46:36.0412 1120  DfsC - ok
20:46:36.0427 1120  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:46:36.0427 1120  Dhcp - ok
20:46:36.0443 1120  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:46:36.0443 1120  discache - ok
20:46:36.0458 1120  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:46:36.0458 1120  Disk - ok
20:46:36.0505 1120  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:46:36.0505 1120  Dnscache - ok
20:46:36.0521 1120  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:46:36.0536 1120  dot3svc - ok
20:46:36.0552 1120  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:46:36.0552 1120  DPS - ok
20:46:36.0583 1120  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:46:36.0583 1120  drmkaud - ok
20:46:36.0646 1120  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:46:36.0646 1120  dtsoftbus01 - ok
20:46:36.0692 1120  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:46:36.0708 1120  DXGKrnl - ok
20:46:36.0724 1120  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:46:36.0724 1120  EapHost - ok
20:46:36.0817 1120  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:46:36.0833 1120  ebdrv - ok
20:46:36.0880 1120  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:46:36.0880 1120  EFS - ok
20:46:36.0926 1120  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:46:36.0942 1120  ehRecvr - ok
20:46:36.0958 1120  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:46:36.0958 1120  ehSched - ok
20:46:36.0989 1120  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:46:36.0989 1120  elxstor - ok
20:46:37.0004 1120  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:46:37.0004 1120  ErrDev - ok
20:46:37.0036 1120  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:46:37.0036 1120  EventSystem - ok
20:46:37.0036 1120  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:46:37.0036 1120  exfat - ok
20:46:37.0051 1120  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:46:37.0051 1120  fastfat - ok
20:46:37.0082 1120  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:46:37.0098 1120  Fax - ok
20:46:37.0098 1120  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:46:37.0098 1120  fdc - ok
20:46:37.0114 1120  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:46:37.0114 1120  fdPHost - ok
20:46:37.0129 1120  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:46:37.0129 1120  FDResPub - ok
20:46:37.0145 1120  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:46:37.0145 1120  FileInfo - ok
20:46:37.0160 1120  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:46:37.0160 1120  Filetrace - ok
20:46:37.0160 1120  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:46:37.0160 1120  flpydisk - ok
20:46:37.0176 1120  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:46:37.0176 1120  FltMgr - ok
20:46:37.0238 1120  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:46:37.0254 1120  FontCache - ok
20:46:37.0301 1120  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:37.0301 1120  FontCache3.0.0.0 - ok
20:46:37.0410 1120  [ 76FCBFD0C78DE110468B356F85EC6DB3 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
20:46:37.0426 1120  ForceWare Intelligent Application Manager (IAM) - ok
20:46:37.0441 1120  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:46:37.0441 1120  FsDepends - ok
20:46:37.0457 1120  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:46:37.0457 1120  Fs_Rec - ok
20:46:37.0488 1120  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:46:37.0488 1120  fvevol - ok
20:46:37.0504 1120  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:46:37.0504 1120  gagp30kx - ok
20:46:37.0550 1120  [ A05CA8FECCD58256FD0B964DEBD8858F ] gbxavs          C:\Windows\system32\Drivers\gbxavs.sys
20:46:37.0550 1120  gbxavs - ok
20:46:37.0582 1120  [ D7A02665FDC5D48E779C166466FA0849 ] gbxusb_svc      C:\Windows\system32\Drivers\gbxusb.sys
20:46:37.0582 1120  gbxusb_svc - ok
20:46:37.0613 1120  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:46:37.0628 1120  gpsvc - ok
20:46:37.0644 1120  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:46:37.0644 1120  hcw85cir - ok
20:46:37.0691 1120  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:46:37.0706 1120  HdAudAddService - ok
20:46:37.0738 1120  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:46:37.0738 1120  HDAudBus - ok
20:46:37.0753 1120  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:46:37.0753 1120  HidBatt - ok
20:46:37.0753 1120  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:46:37.0769 1120  HidBth - ok
20:46:37.0784 1120  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:46:37.0784 1120  HidIr - ok
20:46:37.0800 1120  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:46:37.0800 1120  hidserv - ok
20:46:37.0816 1120  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:46:37.0816 1120  HidUsb - ok
20:46:37.0847 1120  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:46:37.0847 1120  hkmsvc - ok
20:46:37.0878 1120  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:46:37.0894 1120  HomeGroupListener - ok
20:46:37.0909 1120  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:46:37.0909 1120  HomeGroupProvider - ok
20:46:37.0909 1120  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:46:37.0925 1120  HpSAMD - ok
20:46:37.0956 1120  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:46:37.0956 1120  HTTP - ok
20:46:37.0972 1120  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:46:37.0972 1120  hwpolicy - ok
20:46:37.0987 1120  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:46:37.0987 1120  i8042prt - ok
20:46:38.0034 1120  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:46:38.0034 1120  iaStorV - ok
20:46:38.0081 1120  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:38.0096 1120  idsvc - ok
20:46:38.0346 1120  [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:46:38.0408 1120  igfx - ok
20:46:38.0440 1120  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:46:38.0440 1120  iirsp - ok
20:46:38.0502 1120  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:46:38.0502 1120  IKEEXT - ok
20:46:38.0533 1120  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:46:38.0533 1120  intelide - ok
20:46:38.0564 1120  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:46:38.0564 1120  intelppm - ok
20:46:38.0580 1120  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:46:38.0580 1120  IPBusEnum - ok
20:46:38.0596 1120  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:38.0611 1120  IpFilterDriver - ok
20:46:38.0611 1120  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:46:38.0611 1120  IPMIDRV - ok
20:46:38.0627 1120  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:46:38.0627 1120  IPNAT - ok
20:46:38.0627 1120  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:46:38.0627 1120  IRENUM - ok
20:46:38.0642 1120  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:46:38.0642 1120  isapnp - ok
20:46:38.0658 1120  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:46:38.0658 1120  iScsiPrt - ok
20:46:38.0689 1120  [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
20:46:38.0689 1120  itecir - ok
20:46:38.0720 1120  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:38.0720 1120  kbdclass - ok
20:46:38.0736 1120  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:38.0736 1120  kbdhid - ok
20:46:38.0752 1120  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:46:38.0752 1120  KeyIso - ok
20:46:38.0783 1120  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:46:38.0783 1120  KSecDD - ok
20:46:38.0798 1120  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:46:38.0798 1120  KSecPkg - ok
20:46:38.0798 1120  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:46:38.0814 1120  ksthunk - ok
20:46:38.0830 1120  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:46:38.0830 1120  KtmRm - ok
20:46:38.0876 1120  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:46:38.0876 1120  L1C - ok
20:46:38.0923 1120  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:46:38.0923 1120  LanmanServer - ok
20:46:38.0954 1120  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:46:38.0954 1120  LanmanWorkstation - ok
20:46:39.0032 1120  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:46:39.0032 1120  lltdio - ok
20:46:39.0048 1120  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:46:39.0064 1120  lltdsvc - ok
20:46:39.0079 1120  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:46:39.0079 1120  lmhosts - ok
20:46:39.0095 1120  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:46:39.0095 1120  LSI_FC - ok
20:46:39.0110 1120  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:46:39.0110 1120  LSI_SAS - ok
20:46:39.0110 1120  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:46:39.0110 1120  LSI_SAS2 - ok
20:46:39.0110 1120  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:46:39.0110 1120  LSI_SCSI - ok
20:46:39.0157 1120  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:46:39.0157 1120  luafv - ok
20:46:39.0204 1120  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:46:39.0204 1120  MBAMProtector - ok
20:46:39.0282 1120  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:46:39.0282 1120  MBAMScheduler - ok
20:46:39.0313 1120  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:39.0313 1120  MBAMService - ok
20:46:39.0391 1120  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
20:46:39.0391 1120  McComponentHostService - ok
20:46:39.0454 1120  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:46:39.0454 1120  Mcx2Svc - ok
20:46:39.0454 1120  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:46:39.0454 1120  megasas - ok
20:46:39.0469 1120  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:46:39.0469 1120  MegaSR - ok
20:46:39.0516 1120  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:46:39.0516 1120  MEIx64 - ok
20:46:39.0532 1120  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:46:39.0547 1120  MMCSS - ok
20:46:39.0547 1120  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:46:39.0547 1120  Modem - ok
20:46:39.0563 1120  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:46:39.0563 1120  monitor - ok
20:46:39.0625 1120  [ 44CA9C84BEAF56F707C22B3E1586F798 ] moohelp         C:\Program Files (x86)\The Cleaner\mhelper.exe
20:46:39.0641 1120  moohelp - ok
20:46:39.0641 1120  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:46:39.0641 1120  mouclass - ok
20:46:39.0656 1120  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:46:39.0656 1120  mouhid - ok
20:46:39.0672 1120  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:46:39.0672 1120  mountmgr - ok
20:46:39.0750 1120  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:39.0750 1120  MozillaMaintenance - ok
20:46:39.0766 1120  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:46:39.0781 1120  mpio - ok
20:46:39.0781 1120  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:46:39.0781 1120  mpsdrv - ok
20:46:39.0797 1120  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:46:39.0797 1120  MRxDAV - ok
20:46:39.0828 1120  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:39.0844 1120  mrxsmb - ok
20:46:39.0859 1120  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:39.0875 1120  mrxsmb10 - ok
20:46:39.0890 1120  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:39.0890 1120  mrxsmb20 - ok
20:46:39.0906 1120  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:46:39.0906 1120  msahci - ok
20:46:39.0922 1120  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:46:39.0922 1120  msdsm - ok
20:46:39.0937 1120  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:46:39.0937 1120  MSDTC - ok
20:46:39.0953 1120  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:46:39.0953 1120  Msfs - ok
20:46:39.0968 1120  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:46:39.0968 1120  mshidkmdf - ok
20:46:39.0968 1120  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:46:39.0968 1120  msisadrv - ok
20:46:40.0000 1120  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:46:40.0000 1120  MSiSCSI - ok
20:46:40.0000 1120  msiserver - ok
20:46:40.0031 1120  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:46:40.0031 1120  MSKSSRV - ok
20:46:40.0078 1120  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:40.0078 1120  MSPCLOCK - ok
20:46:40.0093 1120  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:46:40.0093 1120  MSPQM - ok
20:46:40.0124 1120  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:46:40.0124 1120  MsRPC - ok
20:46:40.0156 1120  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:46:40.0156 1120  mssmbios - ok
20:46:40.0156 1120  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:46:40.0156 1120  MSTEE - ok
20:46:40.0187 1120  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:46:40.0187 1120  MTConfig - ok
20:46:40.0218 1120  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:46:40.0218 1120  MTsensor - ok
20:46:40.0234 1120  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:46:40.0234 1120  Mup - ok
20:46:40.0265 1120  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:46:40.0265 1120  napagent - ok
20:46:40.0296 1120  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:46:40.0296 1120  NativeWifiP - ok
20:46:40.0343 1120  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:46:40.0358 1120  NDIS - ok
20:46:40.0390 1120  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:40.0390 1120  NdisCap - ok
20:46:40.0405 1120  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:40.0405 1120  NdisTapi - ok
20:46:40.0421 1120  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:40.0421 1120  Ndisuio - ok
20:46:40.0436 1120  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:40.0436 1120  NdisWan - ok
20:46:40.0483 1120  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:46:40.0483 1120  NDProxy - ok
20:46:40.0499 1120  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:46:40.0499 1120  NetBIOS - ok
20:46:40.0514 1120  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:46:40.0514 1120  NetBT - ok
20:46:40.0514 1120  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:46:40.0514 1120  Netlogon - ok
20:46:40.0561 1120  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:46:40.0577 1120  Netman - ok
20:46:40.0577 1120  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:46:40.0577 1120  netprofm - ok
20:46:40.0670 1120  [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
20:46:40.0686 1120  netr28x - ok
20:46:40.0702 1120  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:46:40.0717 1120  NetTcpPortSharing - ok
20:46:40.0717 1120  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:46:40.0733 1120  nfrd960 - ok
20:46:40.0951 1120  [ 934B270F30B2373FF5B0F16BC19ECA30 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
20:46:40.0982 1120  NIHardwareService - ok
20:46:41.0029 1120  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:46:41.0045 1120  NlaSvc - ok
20:46:41.0060 1120  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:46:41.0060 1120  Npfs - ok
20:46:41.0076 1120  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:46:41.0076 1120  nsi - ok
20:46:41.0092 1120  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:46:41.0092 1120  nsiproxy - ok
20:46:41.0123 1120  [ 13C0D9CBA38FFA6D0C9E721B5E7212A0 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
20:46:41.0123 1120  nSvcIp - ok
20:46:41.0170 1120  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:46:41.0185 1120  Ntfs - ok
20:46:41.0216 1120  NTIOLib_1_0_C - ok
20:46:41.0232 1120  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:46:41.0232 1120  Null - ok
20:46:41.0294 1120  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
20:46:41.0294 1120  nusb3hub - ok
20:46:41.0341 1120  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:46:41.0341 1120  nusb3xhc - ok
20:46:41.0404 1120  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
20:46:41.0419 1120  NVENETFD - ok
20:46:41.0466 1120  [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:46:41.0466 1120  NVHDA - ok
20:46:41.0778 1120  [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:46:41.0840 1120  nvlddmkm - ok
20:46:41.0856 1120  [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
20:46:41.0872 1120  NVNET - ok
20:46:41.0887 1120  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:46:41.0887 1120  nvraid - ok
20:46:41.0903 1120  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:46:41.0903 1120  nvstor - ok
20:46:41.0950 1120  [ 71B6ECD3C56FBF12FB1968DA3953B703 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
20:46:41.0950 1120  nvstor64 - ok
20:46:42.0043 1120  [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] NVSvc           C:\Windows\system32\nvvsvc.exe
20:46:42.0059 1120  NVSvc - ok
20:46:42.0168 1120  [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:46:42.0184 1120  nvUpdatusService - ok
20:46:42.0199 1120  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:46:42.0215 1120  nv_agp - ok
20:46:42.0215 1120  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:46:42.0215 1120  ohci1394 - ok
20:46:42.0293 1120  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:42.0293 1120  ose - ok
20:46:42.0449 1120  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:42.0464 1120  osppsvc - ok
20:46:42.0511 1120  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:46:42.0511 1120  p2pimsvc - ok
20:46:42.0527 1120  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:46:42.0542 1120  p2psvc - ok
20:46:42.0574 1120  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:46:42.0574 1120  Parport - ok
20:46:42.0589 1120  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:46:42.0589 1120  partmgr - ok
20:46:42.0605 1120  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:46:42.0605 1120  PcaSvc - ok
20:46:42.0636 1120  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:46:42.0636 1120  pci - ok
20:46:42.0636 1120  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:46:42.0636 1120  pciide - ok
20:46:42.0652 1120  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:46:42.0652 1120  pcmcia - ok
20:46:42.0667 1120  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:46:42.0667 1120  pcw - ok
20:46:42.0683 1120  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:46:42.0698 1120  PEAUTH - ok
20:46:42.0761 1120  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:46:42.0761 1120  PerfHost - ok
20:46:42.0823 1120  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:46:42.0839 1120  pla - ok
20:46:42.0886 1120  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:46:42.0886 1120  PlugPlay - ok
20:46:42.0901 1120  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:46:42.0901 1120  PNRPAutoReg - ok
20:46:42.0917 1120  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:46:42.0932 1120  PNRPsvc - ok
20:46:42.0948 1120  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:46:42.0948 1120  PolicyAgent - ok
20:46:42.0979 1120  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:46:42.0979 1120  Power - ok
20:46:43.0010 1120  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:46:43.0026 1120  PptpMiniport - ok
20:46:43.0026 1120  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:46:43.0042 1120  Processor - ok
20:46:43.0073 1120  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:46:43.0073 1120  ProfSvc - ok
20:46:43.0088 1120  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:46:43.0088 1120  ProtectedStorage - ok
20:46:43.0104 1120  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:46:43.0104 1120  Psched - ok
20:46:43.0135 1120  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:46:43.0151 1120  ql2300 - ok
20:46:43.0151 1120  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:46:43.0151 1120  ql40xx - ok
20:46:43.0166 1120  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:46:43.0166 1120  QWAVE - ok
20:46:43.0182 1120  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:46:43.0182 1120  QWAVEdrv - ok
20:46:43.0182 1120  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:46:43.0182 1120  RasAcd - ok
20:46:43.0198 1120  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:43.0198 1120  RasAgileVpn - ok
20:46:43.0213 1120  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:46:43.0229 1120  RasAuto - ok
20:46:43.0244 1120  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:43.0244 1120  Rasl2tp - ok
20:46:43.0276 1120  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:46:43.0276 1120  RasMan - ok
20:46:43.0291 1120  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:43.0291 1120  RasPppoe - ok
20:46:43.0322 1120  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:46:43.0322 1120  RasSstp - ok
20:46:43.0338 1120  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:46:43.0338 1120  rdbss - ok
20:46:43.0354 1120  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:46:43.0354 1120  rdpbus - ok
20:46:43.0369 1120  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:43.0369 1120  RDPCDD - ok
20:46:43.0385 1120  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:46:43.0385 1120  RDPENCDD - ok
20:46:43.0400 1120  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:46:43.0400 1120  RDPREFMP - ok
20:46:43.0416 1120  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:46:43.0432 1120  RDPWD - ok
20:46:43.0447 1120  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:46:43.0447 1120  rdyboost - ok
20:46:43.0478 1120  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:46:43.0478 1120  RemoteAccess - ok
20:46:43.0510 1120  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:46:43.0510 1120  RemoteRegistry - ok
20:46:43.0556 1120  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:46:43.0556 1120  RFCOMM - ok
20:46:43.0572 1120  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:46:43.0572 1120  RpcEptMapper - ok
20:46:43.0603 1120  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:46:43.0603 1120  RpcLocator - ok
20:46:43.0619 1120  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:46:43.0634 1120  RpcSs - ok
20:46:43.0634 1120  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:46:43.0634 1120  rspndr - ok
20:46:43.0697 1120  [ 0BC1F83DC9CD93E233D7A5C0DFAB9A12 ] RTL2832UBDA     C:\Windows\system32\drivers\RTL2832UBDA.sys
20:46:43.0712 1120  RTL2832UBDA - ok
20:46:43.0728 1120  [ 06560C03CAC954B02CDDA6AEA1BA530C ] RTL2832UUSB     C:\Windows\system32\Drivers\RTL2832UUSB.sys
20:46:43.0728 1120  RTL2832UUSB - ok
20:46:43.0744 1120  [ ED0504E312CA3DB775BEABD47B49C660 ] RTL2832U_IRHID  C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
20:46:43.0744 1120  RTL2832U_IRHID - ok
20:46:43.0790 1120  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:46:43.0790 1120  RTL8167 - ok
20:46:43.0868 1120  [ 9269EF78A780A3161087DF1BEC117DC8 ] RTL85n64        C:\Windows\system32\DRIVERS\RTL85n64.sys
20:46:43.0868 1120  RTL85n64 - ok
20:46:43.0868 1120  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:46:43.0884 1120  SamSs - ok
20:46:43.0884 1120  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:46:43.0884 1120  sbp2port - ok
20:46:43.0900 1120  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:46:43.0915 1120  SCardSvr - ok
20:46:43.0915 1120  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:46:43.0915 1120  scfilter - ok
20:46:43.0946 1120  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:46:43.0962 1120  Schedule - ok
20:46:43.0993 1120  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:46:43.0993 1120  SCPolicySvc - ok
20:46:44.0040 1120  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:46:44.0040 1120  sdbus - ok
20:46:44.0102 1120  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:46:44.0118 1120  SDRSVC - ok
20:46:44.0196 1120  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:46:44.0212 1120  secdrv - ok
20:46:44.0274 1120  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:46:44.0290 1120  seclogon - ok
20:46:44.0352 1120  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:46:44.0352 1120  SENS - ok
20:46:44.0368 1120  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:46:44.0383 1120  SensrSvc - ok
20:46:44.0399 1120  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:46:44.0399 1120  Serenum - ok
20:46:44.0430 1120  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:46:44.0430 1120  Serial - ok
20:46:44.0430 1120  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:46:44.0430 1120  sermouse - ok
20:46:44.0461 1120  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:46:44.0477 1120  SessionEnv - ok
20:46:44.0477 1120  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:46:44.0477 1120  sffdisk - ok
20:46:44.0492 1120  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:46:44.0492 1120  sffp_mmc - ok
20:46:44.0492 1120  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:46:44.0492 1120  sffp_sd - ok
20:46:44.0508 1120  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:46:44.0508 1120  sfloppy - ok
20:46:44.0539 1120  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:46:44.0539 1120  Sftfs - ok
20:46:44.0617 1120  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:46:44.0633 1120  sftlist - ok
20:46:44.0648 1120  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:46:44.0648 1120  Sftplay - ok
20:46:44.0664 1120  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:46:44.0664 1120  Sftredir - ok
20:46:44.0680 1120  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:46:44.0680 1120  Sftvol - ok
20:46:44.0695 1120  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:46:44.0695 1120  sftvsa - ok
20:46:44.0711 1120  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:46:44.0726 1120  ShellHWDetection - ok
20:46:44.0742 1120  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:46:44.0742 1120  SiSRaid2 - ok
20:46:44.0742 1120  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:46:44.0742 1120  SiSRaid4 - ok
20:46:44.0867 1120  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:46:44.0898 1120  Skype C2C Service - ok
20:46:44.0914 1120  [ 94A221B95F4FB4FAAB6A56A683D6FDF3 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:46:44.0914 1120  SkypeUpdate - ok
20:46:44.0929 1120  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:46:44.0929 1120  Smb - ok
20:46:44.0945 1120  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:46:44.0945 1120  SNMPTRAP - ok
20:46:44.0960 1120  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:46:44.0960 1120  spldr - ok
20:46:44.0992 1120  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:46:44.0992 1120  Spooler - ok
20:46:45.0101 1120  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:46:45.0148 1120  sppsvc - ok
20:46:45.0163 1120  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:46:45.0163 1120  sppuinotify - ok
20:46:45.0210 1120  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:46:45.0226 1120  srv - ok
20:46:45.0241 1120  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:46:45.0257 1120  srv2 - ok
20:46:45.0272 1120  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:46:45.0272 1120  srvnet - ok
20:46:45.0319 1120  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:46:45.0319 1120  SSDPSRV - ok
20:46:45.0335 1120  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:46:45.0350 1120  SstpSvc - ok
20:46:45.0428 1120  [ 6086B60F2E36D06A063CB07ED0524332 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:46:45.0444 1120  Stereo Service - ok
20:46:45.0460 1120  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:46:45.0460 1120  stexstor - ok
20:46:45.0491 1120  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:46:45.0506 1120  stisvc - ok
20:46:45.0522 1120  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:46:45.0522 1120  swenum - ok
20:46:45.0553 1120  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:46:45.0569 1120  swprv - ok
20:46:45.0616 1120  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:46:45.0647 1120  SysMain - ok
20:46:45.0662 1120  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:46:45.0662 1120  TabletInputService - ok
20:46:45.0678 1120  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:46:45.0678 1120  TapiSrv - ok
20:46:45.0694 1120  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:46:45.0694 1120  TBS - ok
20:46:45.0772 1120  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:46:45.0787 1120  Tcpip - ok
20:46:45.0865 1120  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:46:45.0896 1120  TCPIP6 - ok
20:46:45.0928 1120  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:46:45.0928 1120  tcpipreg - ok
20:46:45.0943 1120  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:46:45.0943 1120  TDPIPE - ok
20:46:45.0959 1120  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:46:45.0959 1120  TDTCP - ok
20:46:45.0974 1120  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:46:45.0974 1120  tdx - ok
20:46:45.0974 1120  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:46:45.0974 1120  TermDD - ok
20:46:46.0006 1120  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:46:46.0006 1120  TermService - ok
20:46:46.0021 1120  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:46:46.0021 1120  Themes - ok
20:46:46.0037 1120  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:46:46.0037 1120  THREADORDER - ok
20:46:46.0052 1120  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:46:46.0052 1120  TrkWks - ok
20:46:46.0099 1120  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:46:46.0099 1120  TrustedInstaller - ok
20:46:46.0115 1120  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:46.0130 1120  tssecsrv - ok
20:46:46.0146 1120  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:46:46.0146 1120  TsUsbFlt - ok
20:46:46.0162 1120  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:46:46.0162 1120  TsUsbGD - ok
20:46:46.0193 1120  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:46:46.0208 1120  tunnel - ok
20:46:46.0208 1120  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:46:46.0208 1120  uagp35 - ok
20:46:46.0224 1120  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:46:46.0224 1120  udfs - ok
20:46:46.0240 1120  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:46:46.0240 1120  UI0Detect - ok
20:46:46.0286 1120  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:46:46.0286 1120  uliagpkx - ok
20:46:46.0318 1120  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:46:46.0318 1120  umbus - ok
20:46:46.0349 1120  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:46:46.0349 1120  UmPass - ok
20:46:46.0380 1120  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:46:46.0380 1120  upnphost - ok
20:46:46.0427 1120  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:46:46.0427 1120  usbaudio - ok
20:46:46.0458 1120  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:46.0458 1120  usbccgp - ok
20:46:46.0474 1120  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:46:46.0474 1120  usbcir - ok
20:46:46.0489 1120  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:46:46.0489 1120  usbehci - ok
20:46:46.0520 1120  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:46:46.0520 1120  usbhub - ok
20:46:46.0536 1120  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:46:46.0536 1120  usbohci - ok
20:46:46.0552 1120  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:46:46.0552 1120  usbprint - ok
20:46:46.0567 1120  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:46.0567 1120  USBSTOR - ok
20:46:46.0583 1120  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:46:46.0598 1120  usbuhci - ok
20:46:46.0598 1120  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:46:46.0598 1120  UxSms - ok
20:46:46.0614 1120  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:46:46.0614 1120  VaultSvc - ok
20:46:46.0614 1120  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:46:46.0614 1120  vdrvroot - ok
20:46:46.0645 1120  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:46:46.0661 1120  vds - ok
20:46:46.0661 1120  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:46.0661 1120  vga - ok
20:46:46.0676 1120  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:46:46.0692 1120  VgaSave - ok
20:46:46.0708 1120  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:46:46.0708 1120  vhdmp - ok
20:46:46.0786 1120  [ BA1DA5CD689E9473D99731A2E1FF2FB5 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:46:46.0817 1120  VIAHdAudAddService - ok
20:46:46.0817 1120  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:46:46.0817 1120  viaide - ok
20:46:46.0832 1120  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:46:46.0832 1120  volmgr - ok
20:46:46.0848 1120  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:46:46.0848 1120  volmgrx - ok
20:46:46.0864 1120  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:46:46.0864 1120  volsnap - ok
20:46:46.0895 1120  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:46:46.0895 1120  vsmraid - ok
20:46:46.0973 1120  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:46:46.0988 1120  VSS - ok
20:46:46.0988 1120  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:46:46.0988 1120  vwifibus - ok
20:46:47.0035 1120  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:46:47.0035 1120  vwififlt - ok
20:46:47.0082 1120  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:46:47.0082 1120  vwifimp - ok
20:46:47.0129 1120  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:46:47.0144 1120  W32Time - ok
20:46:47.0160 1120  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:46:47.0160 1120  WacomPen - ok
20:46:47.0207 1120  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:46:47.0207 1120  WANARP - ok
20:46:47.0222 1120  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:46:47.0222 1120  Wanarpv6 - ok
20:46:47.0285 1120  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:46:47.0301 1120  wbengine - ok
20:46:47.0301 1120  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:46:47.0301 1120  WbioSrvc - ok
20:46:47.0316 1120  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:46:47.0316 1120  wcncsvc - ok
20:46:47.0316 1120  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:46:47.0332 1120  WcsPlugInService - ok
20:46:47.0332 1120  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:46:47.0332 1120  Wd - ok
20:46:47.0363 1120  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:46:47.0363 1120  Wdf01000 - ok
20:46:47.0379 1120  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:46:47.0379 1120  WdiServiceHost - ok
20:46:47.0379 1120  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:46:47.0379 1120  WdiSystemHost - ok
20:46:47.0410 1120  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:46:47.0410 1120  WebClient - ok
20:46:47.0410 1120  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:46:47.0425 1120  Wecsvc - ok
20:46:47.0425 1120  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:46:47.0425 1120  wercplsupport - ok
20:46:47.0457 1120  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:46:47.0457 1120  WerSvc - ok
20:46:47.0472 1120  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:47.0472 1120  WfpLwf - ok
20:46:47.0488 1120  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:46:47.0488 1120  WIMMount - ok
20:46:47.0503 1120  WinHttpAutoProxySvc - ok
20:46:47.0566 1120  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:46:47.0566 1120  Winmgmt - ok
20:46:47.0628 1120  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:46:47.0659 1120  WinRM - ok
20:46:47.0722 1120  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:47.0722 1120  WinUsb - ok
20:46:47.0753 1120  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:46:47.0769 1120  Wlansvc - ok
20:46:47.0862 1120  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:47.0878 1120  wlidsvc - ok
20:46:47.0893 1120  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:46:47.0893 1120  WmiAcpi - ok
20:46:47.0925 1120  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:46:47.0925 1120  wmiApSrv - ok
20:46:47.0956 1120  WMPNetworkSvc - ok
20:46:47.0971 1120  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:46:47.0971 1120  WPCSvc - ok
20:46:47.0987 1120  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:46:48.0003 1120  WPDBusEnum - ok
20:46:48.0003 1120  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:46:48.0003 1120  ws2ifsl - ok
20:46:48.0003 1120  WSearch - ok
20:46:48.0034 1120  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:46:48.0034 1120  WudfPf - ok
20:46:48.0096 1120  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:48.0096 1120  WUDFRd - ok
20:46:48.0127 1120  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:46:48.0143 1120  wudfsvc - ok
20:46:48.0159 1120  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:46:48.0174 1120  WwanSvc - ok
20:46:48.0252 1120  [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
20:46:48.0252 1120  Yontoo Desktop Updater - ok
20:46:48.0346 1120  ================ Scan global ===============================
20:46:48.0377 1120  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:46:48.0424 1120  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:46:48.0424 1120  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:46:48.0471 1120  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:46:48.0502 1120  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
20:46:48.0517 1120  Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
20:46:48.0517 1120  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
20:46:48.0517 1120  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
20:46:48.0517 1120  ================ Scan MBR ==================================
20:46:48.0533 1120  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:46:48.0736 1120  \Device\Harddisk0\DR0 - ok
20:46:48.0736 1120  ================ Scan VBR ==================================
20:46:48.0751 1120  [ 54BA4C37D203C2B279E01A9F91269268 ] \Device\Harddisk0\DR0\Partition1
20:46:48.0751 1120  \Device\Harddisk0\DR0\Partition1 - ok
20:46:48.0767 1120  [ BDCA23B5A7298006956EE1F8DEBBE7C8 ] \Device\Harddisk0\DR0\Partition2
20:46:48.0767 1120  \Device\Harddisk0\DR0\Partition2 - ok
20:46:48.0767 1120  ============================================================
20:46:48.0767 1120  Scan finished
20:46:48.0767 1120  ============================================================
20:46:48.0767 1916  Detected object count: 1
20:46:48.0767 1916  Actual detected object count: 1
20:47:15.0412 1916  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
20:47:15.0412 1916  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip

aharonov · 15.03.2013, 20:52

Hi,

Zitat:

Das ist jetz einfach mal der report des scans

Das ist genau das Logfile, welches wir sehen müssen.

Schritt 1

Starte bitte TDSSkiller.exe.
Vista und Win7 User mit Rechtsklick "als Administrator ausführen".

Drücke auf Start Scan.
Mache während des Scans nichts am Rechner!
Gehe sicher, dass bei Virus.Win64.ZAccess.a die Option Cure (default) angehakt ist.
Drücke Continue --> Reboot.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles in deinen Thread.

Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 3

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 4

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von TDSSKiller
Log von AdwCleaner
Log von Combofix
Log von OTL

Inspheres · 16.03.2013, 09:46

Code:

ATTFilter

09:42:07.0362 3956  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:42:07.0705 3956  ============================================================
09:42:07.0705 3956  Current date / time: 2013/03/16 09:42:07.0705
09:42:07.0705 3956  SystemInfo:
09:42:07.0705 3956  
09:42:07.0705 3956  OS Version: 6.1.7601 ServicePack: 1.0
09:42:07.0705 3956  Product type: Workstation
09:42:07.0705 3956  ComputerName: USER-PC
09:42:07.0705 3956  UserName: User
09:42:07.0705 3956  Windows directory: C:\Windows
09:42:07.0705 3956  System windows directory: C:\Windows
09:42:07.0705 3956  Running under WOW64
09:42:07.0705 3956  Processor architecture: Intel x64
09:42:07.0705 3956  Number of processors: 6
09:42:07.0705 3956  Page size: 0x1000
09:42:07.0705 3956  Boot type: Normal boot
09:42:07.0705 3956  ============================================================
09:42:10.0342 3956  BG loaded
09:42:11.0075 3956  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:42:11.0122 3956  ============================================================
09:42:11.0122 3956  \Device\Harddisk0\DR0:
09:42:11.0122 3956  MBR partitions:
09:42:11.0122 3956  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:42:11.0122 3956  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D4000
09:42:11.0122 3956  ============================================================
09:42:11.0153 3956  C: <-> \Device\Harddisk0\DR0\Partition2
09:42:11.0153 3956  ============================================================
09:42:11.0153 3956  Initialize success
09:42:11.0153 3956  ============================================================

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 16/03/2013 um 09:50:48 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BetterSoft
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114874&tt=4812_4&babsrc=HP_ss&mntrId=6cae971d0000000000003085a9b306e2 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[S1].txt - [13585 octets] - [16/03/2013 09:50:48]

########## EOF - C:\AdwCleaner[S1].txt - [13646 octets] ##########

Code:

ATTFilter

ComboFix 13-03-16.02 - User 16.03.2013  10:02:56.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6418 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Broowse2usavE
c:\programdata\Broowse2usavE\5140d87feab07.tlb
c:\programdata\Broowse2usavE\data\Broowse2usavE.dat
c:\programdata\Broowse2usavE\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Broowse2usavE
c:\programdata\Microsoft\Windows\Start Menu\Programs\Broowse2usavE\Broowse2usavE.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Broowse2usavE\Uninstall.lnk
c:\users\User\AppData\Roaming\OneTab\OnETab.dll
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-16 bis 2013-03-16  ))))))))))))))))))))))))))))))
.
.
2013-03-16 09:08 . 2013-03-16 09:08	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-16 09:08 . 2013-03-16 09:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-16 08:39 . 2013-03-16 08:39	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-14 21:27 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\users\User\AppData\Local\Programs
2013-03-14 17:05 . 2013-03-14 17:05	--------	d-----w-	c:\users\User\AppData\Roaming\thecleaner
2013-03-14 17:04 . 2013-03-14 22:34	--------	d-----w-	c:\program files (x86)\The Cleaner
2013-03-14 17:03 . 2003-02-02 19:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2013-03-14 17:03 . 2002-03-06 00:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2013-03-14 17:03 . 2013-03-14 17:03	--------	d-----w-	c:\program files (x86)\Trojan Remover
2013-03-14 17:03 . 2013-03-14 17:03	--------	d-----w-	c:\users\User\AppData\Roaming\Simply Super Software
2013-03-14 17:03 . 2013-03-14 17:03	--------	d-----w-	c:\programdata\Simply Super Software
2013-03-13 23:05 . 2013-03-13 23:05	--------	d-----w-	c:\users\User\AppData\Roaming\Avira
2013-03-13 22:59 . 2013-03-14 16:37	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-13 22:59 . 2013-03-14 16:37	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-13 22:59 . 2013-03-13 23:00	--------	d-----w-	c:\programdata\Avira
2013-03-13 22:59 . 2013-03-13 22:59	--------	d-----w-	c:\program files (x86)\Avira
2013-03-13 22:59 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-13 21:01 . 2013-03-13 21:01	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-13 20:35 . 2013-03-13 20:35	--------	d-----w-	c:\program files (x86)\AxBx
2013-03-13 20:33 . 2013-03-13 20:33	--------	d-----w-	c:\program files\CCleaner
2013-03-13 19:29 . 2013-03-13 19:29	--------	d-----w-	c:\users\User\AppData\Roaming\Optimizer Pro
2013-03-13 19:19 . 2013-03-13 19:19	--------	d-----w-	c:\programdata\SoftSafe
2013-03-13 19:18 . 2013-03-13 19:18	--------	d-----w-	c:\program files (x86)\BrowseToSave
2013-03-13 18:17 . 2013-03-13 18:17	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2013-03-13 18:06 . 2013-03-13 18:06	--------	d-----w-	c:\program files\Cakewalk
2013-03-13 18:06 . 2013-03-13 18:06	--------	d-----w-	c:\programdata\Spectrasonics
2013-03-13 16:10 . 2013-03-13 16:10	--------	d-----w-	c:\program files\Spectrasonics
2013-03-13 16:10 . 2013-03-13 17:48	--------	d-----w-	c:\program files (x86)\Spectrasonics
2013-03-13 15:22 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50B5C66-2081-45B5-A56C-8291B8646012}\mpengine.dll
2013-03-12 23:36 . 2013-03-12 23:36	--------	dc----w-	c:\programdata\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
2013-03-12 23:36 . 2013-03-12 23:36	--------	dc-h--w-	c:\programdata\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
2013-03-12 23:36 . 2013-03-12 23:36	--------	dc-h--w-	c:\programdata\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
2013-03-12 21:28 . 2013-03-12 21:28	--------	dc-h--w-	c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
2013-03-12 21:23 . 2013-03-13 00:26	--------	d-----w-	c:\program files (x86)\Native Instruments
2013-03-12 21:23 . 2013-03-12 21:23	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-03-12 21:23 . 2013-03-12 21:23	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2013-03-12 13:22 . 2013-03-12 13:22	--------	d-----w-	c:\users\User\AppData\Local\Babylon
2013-03-12 13:03 . 2013-03-12 13:03	--------	d-----w-	c:\program files (x86)\VirtualDJ
2013-03-07 21:31 . 2013-03-16 08:42	--------	d-----w-	c:\users\User\AppData\Roaming\Yontoo
2013-03-07 21:31 . 2013-03-12 13:28	--------	d-----w-	c:\program files (x86)\JDownloader
2013-02-28 14:52 . 2013-03-06 23:23	--------	d-----w-	c:\users\User\AppData\Roaming\Bitcoin
2013-02-28 14:52 . 2013-02-28 14:52	--------	d-----w-	c:\program files (x86)\Bitcoin
2013-02-26 19:58 . 2013-02-26 19:58	--------	dc-h--w-	c:\programdata\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
2013-02-26 19:57 . 2013-02-26 19:57	--------	dc-h--w-	c:\programdata\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
2013-02-26 19:57 . 2013-02-26 19:57	--------	dc-h--w-	c:\programdata\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
2013-02-26 19:56 . 2013-02-26 19:56	--------	dc-h--w-	c:\programdata\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
2013-02-25 10:28 . 2013-02-25 10:28	--------	d-----w-	c:\users\User\AppData\Roaming\VST3 Presets
2013-02-21 19:40 . 2013-02-21 19:40	--------	d-----w-	c:\users\User\dubtrack
2013-02-15 06:57 . 2013-02-15 07:00	--------	d-----w-	c:\users\User\AppData\Roaming\VTrain
2013-02-15 06:57 . 2013-02-15 06:57	--------	d-----w-	c:\program files (x86)\VTrain
2013-02-14 18:05 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 18:05 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:01 . 2012-11-08 18:33	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 21:01 . 2012-11-08 18:33	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-05 17:28 . 2013-02-05 17:28	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 17:28 . 2012-12-01 22:00	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 17:28 . 2012-12-01 22:00	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-14 07:01	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 07:01	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 07:01	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 07:01	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 07:01	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 07:01	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 07:01	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 07:01	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 07:01	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 07:01	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 07:01	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 07:01	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 07:01	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-16 17:11 . 2012-12-21 17:06	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 17:06	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 17:06	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 17:06	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17888944]
"tcactive"="c:\program files (x86)\The Cleaner\tcap.exe" [2013-03-10 6151400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-14 385248]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-03-14 1558800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Nach Updates suchen.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 moohelp;The Cleaner Helper Service;c:\program files (x86)\The Cleaner\mhelper.exe [2013-03-10 815560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 125416]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 385512]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-09-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-09-27 55336]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2011-04-20 1930240]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-09-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-09-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-09-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-09-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-09-27 278640]
R3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2011-07-07 357968]
R3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2011-07-07 68688]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 netr28x;netr28x;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-15 620544]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2012-03-06 48488]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2012-03-06 225256]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2012-03-06 39016]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-08 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-14 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-14 565472]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-09-27 52896]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-11-09 6370680]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-09-27 31080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 21:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-09-27 613024]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-09-27 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 83.169.184.225 83.169.184.161
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-03-07 22:31; plugin@yontoo.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-03-13 20:50; ltjvs@uuado.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
FF - ExtSQL: 2013-03-13 23:59; toolbar@ask.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6cae971d0000000000003085a9b306e2&q=
FF - user.js: extensions.BabylonToolbar.id - 6cae971d0000000000003085a9b306e2
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15673
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.818:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extentions.y2layers.installId - 97de8ade-1b50-441f-8edc-028956ef0649
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - c:\users\User\AppData\Roaming\OneTab\OneTab.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-90909359.sys
Toolbar-Locked - (no file)
AddRemove-Native Instruments Maschine Controller - c:\programdata\{7F3144B7-67AA-4DD7-BC11-CBA9A40B430D}\Maschine Controller Setup PC.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-16  10:15:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-16 09:15
.
Vor Suchlauf: 9 Verzeichnis(se), 550.417.227.776 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 550.138.351.616 Bytes frei
.
- - End Of File - - F8457053C33A4A6C1CC744153150C11B

Code:

ATTFilter

OTL logfile created on: 16.03.2013 10:29:25 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 76,37% Memory free
15,96 Gb Paging File | 13,95 Gb Available in Paging File | 87,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 511,67 Gb Free Space | 54,93% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.14 17:36:58 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 17:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.20 03:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 22:01:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.10 13:51:02 | 000,815,560 | ---- | M] (MooSoft Development LLC) [Auto | Stopped] -- C:\Program Files (x86)\The Cleaner\mhelper.exe -- (moohelp)
SRV - [2013.03.08 02:43:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 13:08:31 | 006,370,680 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.27 11:39:44 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 00:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 00:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.08 21:37:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.15 02:24:09 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.03.06 12:25:02 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.03.06 12:25:02 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.03.06 12:25:02 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.07.07 11:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011.07.07 11:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2011.04.20 03:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.04.20 02:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 03:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 03:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 11:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 11:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 11:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 11:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 11:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.05.27 04:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 11:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BF 44 DE BD CD 01  [binary data]
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{635848A3-D1A7-46BC-8420-67486A9326AA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d726b3b0-14b9-4002-b7e1-0715b1463e1c&apn_sauid=C0E071B3-258A-4A79-BCAB-93EBEBD4F6E0
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7B30E08C68-889E-11E0-95EF-DA7E4824019B%7D:0.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.3.2
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 22:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 02:43:19 | 000,000,000 | ---D | M]
 
[2012.11.08 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.03.16 09:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.24 23:21:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.16 09:44:05 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\fastdial@telega.phpnet.us
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Broowse2usavE) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
[2013.03.07 22:31:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
[2013.03.14 00:06:37 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
[2013.03.02 18:53:46 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.10 18:37:02 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.05 23:14:15 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.11.10 18:38:22 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2012.11.18 19:12:07 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013.02.14 14:26:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.14 00:06:38 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.16 08:10:30 | 000,002,413 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\searchplugins\askcom.xml
[2013.03.13 22:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (onetab) -- C:\Program Files (x86)\mozilla firefox\extensions\onetab@onetab.net
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Broowse2usavE = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid\1\
 
O1 HOSTS File: ([2013.03.16 10:08:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\User\AppData\Roaming\OneTab\OneTab.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe (MooSoft Development LLC)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44F588EC-AE07-4195-B687-558D15AF45C5}: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F269A833-C7A2-4185-B543-B9400327C755}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.16 10:27:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.16 10:16:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.16 10:11:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.16 09:59:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.16 09:59:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.16 09:59:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.16 09:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.16 09:58:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.16 09:49:38 | 005,040,250 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.03.16 09:39:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.15 20:30:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.03.15 04:00:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.15 01:51:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.03.14 22:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.14 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.03.14 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\thecleaner
[2013.03.14 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
[2013.03.14 18:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner
[2013.03.14 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2013.03.14 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.03.14 18:02:27 | 012,185,136 | ---- | C] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 00:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013.03.14 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.13 23:59:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.13 23:59:29 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.13 23:59:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.13 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2013
[2013.03.13 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2013.03.13 21:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.13 20:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.13 20:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.03.13 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.03.13 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013.03.13 19:17:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.03.13 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2013.03.13 19:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2013.03.13 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics
[2013.03.13 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2013.03.13 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
[2013.03.13 00:36:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
[2013.03.13 00:36:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Sounds
[2013.03.13 00:36:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
[2013.03.13 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Library
[2013.03.12 22:28:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013.03.12 15:46:40 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.03.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.03.12 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\User\Local Settings
[2013.03.12 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2013.03.12 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013.03.12 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013.03.12 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.03.08 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yontoo
[2013.03.07 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.02.28 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.02.28 15:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013.02.28 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013.02.26 20:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
[2013.02.26 20:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
[2013.02.26 20:57:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
[2013.02.26 20:56:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
[2013.02.26 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Samples
[2013.02.25 11:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.21 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\User\dubtrack
[2013.02.19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Cubase Projekte
[2013.02.15 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VTrain
[2013.02.15 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VTrain
[2013.02.15 07:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTrain
[2013.02.15 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTrain
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.16 10:28:47 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 10:28:47 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 10:22:31 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.16 10:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.16 10:19:43 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 10:08:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.16 10:01:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.16 09:49:42 | 005,040,250 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.03.16 09:46:32 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.15 20:30:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.03.15 04:00:31 | 607,879,825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.15 02:05:53 | 000,000,168 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:25 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:10 | 000,377,856 | ---- | M] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 23:42:03 | 001,499,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.14 23:42:03 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.14 23:42:03 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.14 23:42:03 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.14 23:42:03 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 22:27:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:02:52 | 012,185,136 | ---- | M] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.12 23:13:44 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 16:23:07 | 343,905,537 | ---- | M] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.12 15:16:21 | 000,270,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.27 17:26:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
[2013.02.15 07:57:48 | 000,000,924 | ---- | M] () -- C:\Users\User\Desktop\VTrain.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.16 09:59:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.16 09:59:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.16 09:59:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.16 09:59:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.16 09:59:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 09:46:31 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.15 04:00:31 | 607,879,825 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.15 02:05:53 | 000,000,168 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:24 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:09 | 000,377,856 | ---- | C] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.14 22:27:15 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:03:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2013.03.14 18:03:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.03.13 22:15:26 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.12 23:13:44 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 15:46:39 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.03.12 15:46:39 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.03.12 15:46:39 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.03.12 15:44:53 | 343,905,537 | ---- | C] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.11 22:42:48 | 005,097,142 | ---- | C] () -- C:\Users\User\Desktop\GoldLine.Presentation.2.2.de.pdf
[2013.03.08 13:14:54 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013.03.07 22:31:25 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.07 22:31:25 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.07 22:31:25 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.27 17:26:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2013.02.15 07:57:48 | 000,000,924 | ---- | C] () -- C:\Users\User\Desktop\VTrain.lnk
[2012.12.03 15:11:47 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.25 21:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,021,036 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2013.03.15 01:13:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.27 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.11.28 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012.11.29 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.03.07 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.01.20 11:51:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2013.03.13 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.08 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013.01.08 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.15 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ERS Game Studios
[2013.03.12 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.02.06 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iZotope
[2013.01.15 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts
[2012.11.28 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2013.03.16 10:08:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OneTab
[2013.03.13 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.14 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.13 20:55:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.11.21 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steinberg
[2013.03.14 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\thecleaner
[2012.12.03 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2013.03.13 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.02.25 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.15 08:00:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VTrain
[2013.03.16 09:42:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Also Avira findet nun keine infizierte Datei mehr! Ist das Problem nun beseitigt?

aharonov · 16.03.2013, 14:53

Hi,

Zitat:

Ist das Problem nun beseitigt?

Nein, wir sollten noch weiter machen. Dieses Ding gehört zu der hartnäckigeren Sorte.

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall Optimizer Pro v3.0 und CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschliesslich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link.
Speichere es erneut auf den Desktop (wichtig!).
Drücke die {Windows} + R Taste, schreibe notepad in das Ausführen Fenster und drücke OK.
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
```
Folder::
C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}
C:\Windows\SysWow64\%APPDATA%
         
```
Speichere dies als CFScript.txt auf deinen Desktop.
Wichtig: Stelle deine Antiviren-Software temporär ab. Diese kann ComboFix bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Schliesse alle anderen laufenden Programme, damit ComboFix ungehindert arbeiten kann.
Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Wenn ComboFix fertig ist, wird es ein Log erstellen (C:\ComboFix.txt).
Bitte füge den Inhalt dieses Logs in deine Antwort ein.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Combofix
Log von OTL

Inspheres · 17.03.2013, 10:25

Code:

ATTFilter

ComboFix 13-03-16.02 - User 17.03.2013  10:10:02.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6518 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\User\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}
c:\windows\SysWow64\%APPDATA%
c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-17 bis 2013-03-17  ))))))))))))))))))))))))))))))
.
.
2013-03-17 09:14 . 2013-03-17 09:14	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-17 09:14 . 2013-03-17 09:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-17 09:11 . 2013-03-17 09:11	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD510D2B-2452-4218-97B9-8BAD9D1DB977}\offreg.dll
2013-03-16 09:24 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD510D2B-2452-4218-97B9-8BAD9D1DB977}\mpengine.dll
2013-03-16 08:39 . 2013-03-16 08:39	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-14 21:27 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-14 21:27 . 2013-03-14 21:27	--------	d-----w-	c:\users\User\AppData\Local\Programs
2013-03-14 17:05 . 2013-03-14 17:05	--------	d-----w-	c:\users\User\AppData\Roaming\thecleaner
2013-03-14 17:04 . 2013-03-14 22:34	--------	d-----w-	c:\program files (x86)\The Cleaner
2013-03-14 17:03 . 2003-02-02 19:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2013-03-14 17:03 . 2002-03-06 00:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2013-03-14 17:03 . 2013-03-14 17:03	--------	d-----w-	c:\program files (x86)\Trojan Remover
2013-03-14 17:03 . 2013-03-14 17:03	--------	d-----w-	c:\users\User\AppData\Roaming\Simply Super Software
2013-03-14 17:03 . 2013-03-14 17:03	--------	d-----w-	c:\programdata\Simply Super Software
2013-03-13 23:05 . 2013-03-13 23:05	--------	d-----w-	c:\users\User\AppData\Roaming\Avira
2013-03-13 22:59 . 2013-03-14 16:37	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-13 22:59 . 2013-03-14 16:37	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-13 22:59 . 2013-03-13 23:00	--------	d-----w-	c:\programdata\Avira
2013-03-13 22:59 . 2013-03-13 22:59	--------	d-----w-	c:\program files (x86)\Avira
2013-03-13 22:59 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-13 21:01 . 2013-03-13 21:01	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-13 20:35 . 2013-03-13 20:35	--------	d-----w-	c:\program files (x86)\AxBx
2013-03-13 19:29 . 2013-03-13 19:29	--------	d-----w-	c:\users\User\AppData\Roaming\Optimizer Pro
2013-03-13 19:19 . 2013-03-13 19:19	--------	d-----w-	c:\programdata\SoftSafe
2013-03-13 19:18 . 2013-03-13 19:18	--------	d-----w-	c:\program files (x86)\BrowseToSave
2013-03-13 18:06 . 2013-03-13 18:06	--------	d-----w-	c:\program files\Cakewalk
2013-03-13 18:06 . 2013-03-13 18:06	--------	d-----w-	c:\programdata\Spectrasonics
2013-03-13 16:10 . 2013-03-13 16:10	--------	d-----w-	c:\program files\Spectrasonics
2013-03-13 16:10 . 2013-03-13 17:48	--------	d-----w-	c:\program files (x86)\Spectrasonics
2013-03-12 23:36 . 2013-03-12 23:36	--------	dc----w-	c:\programdata\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
2013-03-12 23:36 . 2013-03-12 23:36	--------	dc-h--w-	c:\programdata\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
2013-03-12 23:36 . 2013-03-12 23:36	--------	dc-h--w-	c:\programdata\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
2013-03-12 21:28 . 2013-03-12 21:28	--------	dc-h--w-	c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
2013-03-12 21:23 . 2013-03-13 00:26	--------	d-----w-	c:\program files (x86)\Native Instruments
2013-03-12 21:23 . 2013-03-12 21:23	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-03-12 21:23 . 2013-03-12 21:23	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2013-03-12 13:22 . 2013-03-12 13:22	--------	d-----w-	c:\users\User\AppData\Local\Babylon
2013-03-12 13:03 . 2013-03-12 13:03	--------	d-----w-	c:\program files (x86)\VirtualDJ
2013-03-07 21:31 . 2013-03-16 08:42	--------	d-----w-	c:\users\User\AppData\Roaming\Yontoo
2013-03-07 21:31 . 2013-03-12 13:28	--------	d-----w-	c:\program files (x86)\JDownloader
2013-02-28 14:52 . 2013-03-06 23:23	--------	d-----w-	c:\users\User\AppData\Roaming\Bitcoin
2013-02-28 14:52 . 2013-02-28 14:52	--------	d-----w-	c:\program files (x86)\Bitcoin
2013-02-26 19:58 . 2013-02-26 19:58	--------	dc-h--w-	c:\programdata\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
2013-02-26 19:57 . 2013-02-26 19:57	--------	dc-h--w-	c:\programdata\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
2013-02-26 19:57 . 2013-02-26 19:57	--------	dc-h--w-	c:\programdata\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
2013-02-26 19:56 . 2013-02-26 19:56	--------	dc-h--w-	c:\programdata\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
2013-02-25 10:28 . 2013-02-25 10:28	--------	d-----w-	c:\users\User\AppData\Roaming\VST3 Presets
2013-02-21 19:40 . 2013-02-21 19:40	--------	d-----w-	c:\users\User\dubtrack
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:01 . 2012-11-08 18:33	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 21:01 . 2012-11-08 18:33	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-13 15:15	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 15:15	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 15:15	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 15:15	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 15:15	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 15:15	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-05 17:28 . 2013-02-05 17:28	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 17:28 . 2012-12-01 22:00	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 17:28 . 2012-12-01 22:00	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-14 07:01	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 07:01	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 07:01	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 07:01	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 07:01	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 07:01	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 07:01	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 07:01	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 07:01	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 07:01	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 07:01	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 07:01	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 07:01	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}]
c:\users\User\AppData\Roaming\OneTab\OneTab.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17888944]
"tcactive"="c:\program files (x86)\The Cleaner\tcap.exe" [2013-03-10 6151400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-14 385248]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-03-14 1558800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Nach Updates suchen.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 moohelp;The Cleaner Helper Service;c:\program files (x86)\The Cleaner\mhelper.exe [2013-03-10 815560]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 125416]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 385512]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-09-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-09-27 55336]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2011-04-20 1930240]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-09-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-09-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-09-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-09-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-09-27 278640]
R3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2011-07-07 357968]
R3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2011-07-07 68688]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 netr28x;netr28x;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-15 620544]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2012-03-06 48488]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2012-03-06 225256]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2012-03-06 39016]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-08 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-14 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-14 565472]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-09-27 52896]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-11-09 6370680]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-09-27 31080]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 21:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-09-27 613024]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-09-27 379040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 83.169.184.225 83.169.184.161
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-03-07 22:31; plugin@yontoo.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-03-13 20:50; ltjvs@uuado.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
FF - ExtSQL: 2013-03-13 23:59; toolbar@ask.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6cae971d0000000000003085a9b306e2&q=
FF - user.js: extensions.BabylonToolbar.id - 6cae971d0000000000003085a9b306e2
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15673
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.818:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extentions.y2layers.installId - 97de8ade-1b50-441f-8edc-028956ef0649
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Native Instruments Maschine Controller - c:\programdata\{7F3144B7-67AA-4DD7-BC11-CBA9A40B430D}\Maschine Controller Setup PC.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-17  10:16:44
ComboFix-quarantined-files.txt  2013-03-17 09:16
ComboFix2.txt  2013-03-16 09:16
.
Vor Suchlauf: 12 Verzeichnis(se), 558.245.150.720 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 558.144.417.792 Bytes frei
.
- - End Of File - - 5481E20653257BE9386233C2861A690E

Code:

ATTFilter

OTL logfile created on: 17.03.2013 10:18:26 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,36% Memory free
15,96 Gb Paging File | 14,22 Gb Available in Paging File | 89,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 519,93 Gb Free Space | 55,82% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.14 17:36:58 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 17:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.20 03:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 22:01:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.10 13:51:02 | 000,815,560 | ---- | M] (MooSoft Development LLC) [Auto | Stopped] -- C:\Program Files (x86)\The Cleaner\mhelper.exe -- (moohelp)
SRV - [2013.03.08 02:43:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 13:08:31 | 006,370,680 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.27 11:39:44 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 00:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 00:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.08 21:37:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.15 02:24:09 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.03.06 12:25:02 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.03.06 12:25:02 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.03.06 12:25:02 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.07.07 11:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011.07.07 11:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2011.04.20 03:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.04.20 02:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 03:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 03:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 11:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 11:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 11:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 11:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 11:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.05.27 04:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 11:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BF 44 DE BD CD 01  [binary data]
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{635848A3-D1A7-46BC-8420-67486A9326AA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d726b3b0-14b9-4002-b7e1-0715b1463e1c&apn_sauid=C0E071B3-258A-4A79-BCAB-93EBEBD4F6E0
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7B30E08C68-889E-11E0-95EF-DA7E4824019B%7D:0.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.3.2
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com')%20%7B%20return%20'PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 22:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 02:43:19 | 000,000,000 | ---D | M]
 
[2012.11.08 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.03.16 09:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.24 23:21:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.16 09:44:05 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\fastdial@telega.phpnet.us
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Broowse2usavE) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
[2013.03.07 22:31:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
[2013.03.14 00:06:37 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
[2013.03.02 18:53:46 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.10 18:37:02 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.05 23:14:15 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.11.10 18:38:22 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2012.11.18 19:12:07 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013.02.14 14:26:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.14 00:06:38 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.17 09:50:41 | 000,002,413 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\searchplugins\askcom.xml
[2013.03.13 22:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (onetab) -- C:\Program Files (x86)\mozilla firefox\extensions\onetab@onetab.net
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Broowse2usavE = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid\1\
 
O1 HOSTS File: ([2013.03.17 10:14:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\User\AppData\Roaming\OneTab\OneTab.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe (MooSoft Development LLC)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44F588EC-AE07-4195-B687-558D15AF45C5}: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F269A833-C7A2-4185-B543-B9400327C755}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 10:16:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.17 10:05:07 | 005,040,250 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.03.16 10:27:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.16 09:59:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.16 09:59:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.16 09:59:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.16 09:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.16 09:58:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.16 09:39:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.15 20:30:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.03.15 04:00:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.15 01:51:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.03.14 22:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.14 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.03.14 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\thecleaner
[2013.03.14 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
[2013.03.14 18:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner
[2013.03.14 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2013.03.14 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.03.14 18:02:27 | 012,185,136 | ---- | C] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 00:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013.03.14 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.13 23:59:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.13 23:59:29 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.13 23:59:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.13 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2013
[2013.03.13 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2013.03.13 20:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.13 20:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.03.13 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.03.13 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013.03.13 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2013.03.13 19:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2013.03.13 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics
[2013.03.13 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2013.03.13 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
[2013.03.13 00:36:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
[2013.03.13 00:36:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Sounds
[2013.03.13 00:36:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
[2013.03.13 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Library
[2013.03.12 22:28:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013.03.12 15:46:40 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.03.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.03.12 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\User\Local Settings
[2013.03.12 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2013.03.12 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013.03.12 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013.03.12 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.03.08 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yontoo
[2013.03.07 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.02.28 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.02.28 15:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013.02.28 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013.02.26 20:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
[2013.02.26 20:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
[2013.02.26 20:57:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
[2013.02.26 20:56:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
[2013.02.26 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Samples
[2013.02.25 11:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.21 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\User\dubtrack
[2013.02.19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Cubase Projekte
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 10:14:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.17 10:05:16 | 005,040,250 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.03.17 10:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 09:56:19 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 09:56:19 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 09:48:20 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.17 09:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 09:48:04 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 09:46:32 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.15 20:30:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.03.15 04:00:31 | 607,879,825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.15 02:05:53 | 000,000,168 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:25 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:10 | 000,377,856 | ---- | M] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 23:42:03 | 001,499,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.14 23:42:03 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.14 23:42:03 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.14 23:42:03 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.14 23:42:03 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 22:27:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:02:52 | 012,185,136 | ---- | M] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.12 23:13:44 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 16:23:07 | 343,905,537 | ---- | M] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.12 15:16:21 | 000,270,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.27 17:26:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.16 09:59:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.16 09:59:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.16 09:59:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.16 09:59:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.16 09:59:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 09:46:31 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.15 04:00:31 | 607,879,825 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.15 02:05:53 | 000,000,168 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:24 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:09 | 000,377,856 | ---- | C] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.14 22:27:15 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:03:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2013.03.14 18:03:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.03.13 22:15:26 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.12 23:13:44 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 15:46:39 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.03.12 15:46:39 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.03.12 15:46:39 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.03.12 15:44:53 | 343,905,537 | ---- | C] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.11 22:42:48 | 005,097,142 | ---- | C] () -- C:\Users\User\Desktop\GoldLine.Presentation.2.2.de.pdf
[2013.03.08 13:14:54 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013.03.07 22:31:25 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.07 22:31:25 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.07 22:31:25 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.27 17:26:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2012.12.03 15:11:47 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.25 21:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,021,036 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.27 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.11.28 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012.11.29 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.03.07 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.01.20 11:51:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2013.03.13 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.08 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013.01.08 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.15 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ERS Game Studios
[2013.03.12 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.02.06 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iZotope
[2013.01.15 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts
[2012.11.28 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2013.03.16 10:08:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OneTab
[2013.03.13 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.14 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.13 20:55:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.11.21 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steinberg
[2013.03.14 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\thecleaner
[2012.12.03 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2013.03.13 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.02.25 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.15 08:00:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VTrain
[2013.03.16 09:42:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

aharonov · 17.03.2013, 13:02

Hallo,

ich würde dir empfehlen, die Programme The Cleaner version 9 und Multi Virus Cleaner 2013 zu deinstallieren. Behalte einfach Malwarebytes Antimalware, das reicht vollkommen.

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner und Optimizer Pro v3.0.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Hinweis: Filesharing / P2P

Ich sehe, dass du sogenannte Peer-to-Peer oder Filesharing Programme verwendest.

In deinem Fall ist es µTorrent.

Diese Programme erlauben es dir, Dateien mit anderen Usern auszutauschen.

Leider wird p2p oder Filesharing oft dazu benutzt, infizierte Dateien zu verteilen und ist auch mit ein Grund, warum sich Malware so schnell verbreitet.
Du kannst niemals wissen, woher die heruntergeladenen Dateien stammen und was wirklich drin ist. Auch eine Überprüfung durch ein Antivirenprogramm ist nur bedingt aussagekräftig. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein weiterer Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright-Gesetze verstösst.
Natürlich gibt es auch legale Wege, solche Programme zu nutzen, wie zum Beispiel zum Downloaden von Linux Distributionen oder Open Office.

Dennoch würde ich dir empfehlen, diese Art von Software nicht weiterhin zu verwenden und sie über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL

IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes\{635848A3-D1A7-46BC-8420-67486A9326AA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d726b3b0-14b9-4002-b7e1-0715b1463e1c&apn_sauid=C0E071B3-258A-4A79-BCAB-93EBEBD4F6E0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\User\AppData\Roaming\OneTab\OneTab.dll File not found
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Broowse2usavE) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
[2013.03.07 22:31:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
[2013.03.14 00:06:37 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
[2013.03.14 00:06:38 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.17 09:50:41 | 000,002,413 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\searchplugins\askcom.xml
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720
[2013.03.16 09:42:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yontoo
[2012.11.29 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.

Falls Funde angezeigt werden:

Klicke auf den CleanUp Button und erlaube den Neustart.
Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.

Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAR
Log von OTL

Inspheres · 17.03.2013, 18:21

Hallo,

Danke für die tips! Ich werde die cleaner und qtorrent deinstallieren!

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{635848A3-D1A7-46BC-8420-67486A9326AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{635848A3-D1A7-46BC-8420-67486A9326AA}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: S", "" removed from browser.search.defaultenginename,S
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: S", "" removed from browser.search.order.1,S
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: S", "" removed from browser.search.selectedEngine,S
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: toolbar%40ask.com:3.15.18.100015 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}\ deleted successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\plugins folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-13-Mar-2013-23-06-37-GMT folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\pt folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\nl folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\it folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\fr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\es folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\en folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale\de folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\templates folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\reports folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com folder moved successfully.
File C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js not found.
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\searchplugins\askcom.xml moved successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
C:\Users\User\AppData\Roaming\Yontoo\dat\update folder moved successfully.
C:\Users\User\AppData\Roaming\Yontoo\dat folder moved successfully.
C:\Users\User\AppData\Roaming\Yontoo folder moved successfully.
C:\Users\User\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2238207 bytes
->Java cache emptied: 802987 bytes
->FireFox cache emptied: 440621070 bytes
->Flash cache emptied: 6997 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36097632 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 458,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_174632

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.314000 GHz
Memory total: 8571183104, free: 6718836736

------------ Kernel report ------------
     03/17/2013 17:52:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\azvusb.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008f0c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa80083c8b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008f09060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa80083c6b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008f08060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa80083c4b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008f07060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xfffffa80083c0b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007aa6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-3\
Lower Device Object: 0xfffffa8006b02060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.17.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007aa6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80078e2980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007aa6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006add9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006b02060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e47e9f0, 0xfffffa8007aa6060, 0xfffffa8006f9a790
Lower DeviceData: 0xfffff8a00de27930, 0xfffffa8006b02060, 0xfffffa8006e95490
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2834CF3A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953316864

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008f07060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f07b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f07060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80083c0b60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008f08060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f08b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f08060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80083c4b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008f09060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f09b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f09060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80083c6b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008f0c060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f0cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f0c060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80083c8b60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{35B46D49-85E2-40EA-8EC6-43B281EDD8E7}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{544A9B13-F375-4543-8198-54A1542E6015}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{588D017F-D30B-4C08-8A10-1FEF7D039369}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{68233086-CF7D-452D-8519-A7815257EC6B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{6E467D89-1963-440B-84F9-852C8150E323}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{80A0A482-175E-4DE8-9D32-C8C8463D1362}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{82B9F45C-9378-4B6C-B80A-338C197F3791}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{91377244-4B4E-4A81-9F72-FA41DECB3D8F}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{AA5037F8-9B97-456B-847E-A64FEB3E393C}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{AB38F02B-C891-457C-B8C8-DA9D96EFA317}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B53633F4-53A8-4BAA-81BD-2830099F2459}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C5CAF473-C900-4049-BCE5-A93E0EBA7EF2}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CA03436C-933D-4ADA-9E89-2C39CC03E904}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CCE3E562-124D-4D63-8AC7-EC849A579F07}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DE181BBE-2522-484E-A620-BDCFB298DC87}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DFB8047B-FF22-438D-90BD-83E8B78F83D7}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{E0E49B42-E2E2-4F6B-8C1A-73F15B3C71D1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F2026C51-8509-47B4-816D-CCD2DB993FC1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F409EA92-6713-4D2D-AF88-0C51B1CF1D2A}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{35B46D49-85E2-40EA-8EC6-43B281EDD8E7}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{544A9B13-F375-4543-8198-54A1542E6015}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{588D017F-D30B-4C08-8A10-1FEF7D039369}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{68233086-CF7D-452D-8519-A7815257EC6B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{6E467D89-1963-440B-84F9-852C8150E323}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{80A0A482-175E-4DE8-9D32-C8C8463D1362}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{82B9F45C-9378-4B6C-B80A-338C197F3791}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{91377244-4B4E-4A81-9F72-FA41DECB3D8F}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{AA5037F8-9B97-456B-847E-A64FEB3E393C}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{AB38F02B-C891-457C-B8C8-DA9D96EFA317}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B53633F4-53A8-4BAA-81BD-2830099F2459}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C5CAF473-C900-4049-BCE5-A93E0EBA7EF2}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CA03436C-933D-4ADA-9E89-2C39CC03E904}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CCE3E562-124D-4D63-8AC7-EC849A579F07}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DE181BBE-2522-484E-A620-BDCFB298DC87}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DFB8047B-FF22-438D-90BD-83E8B78F83D7}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{E0E49B42-E2E2-4F6B-8C1A-73F15B3C71D1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F2026C51-8509-47B4-816D-CCD2DB993FC1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F409EA92-6713-4D2D-AF88-0C51B1CF1D2A}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{35B46D49-85E2-40EA-8EC6-43B281EDD8E7}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{544A9B13-F375-4543-8198-54A1542E6015}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{588D017F-D30B-4C08-8A10-1FEF7D039369}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{68233086-CF7D-452D-8519-A7815257EC6B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{C5CAF473-C900-4049-BCE5-A93E0EBA7EF2}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CA03436C-933D-4ADA-9E89-2C39CC03E904}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CCE3E562-124D-4D63-8AC7-EC849A579F07}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{6E467D89-1963-440B-84F9-852C8150E323}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B53633F4-53A8-4BAA-81BD-2830099F2459}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{80A0A482-175E-4DE8-9D32-C8C8463D1362}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{82B9F45C-9378-4B6C-B80A-338C197F3791}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{91377244-4B4E-4A81-9F72-FA41DECB3D8F}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{AA5037F8-9B97-456B-847E-A64FEB3E393C}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{AB38F02B-C891-457C-B8C8-DA9D96EFA317}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DE181BBE-2522-484E-A620-BDCFB298DC87}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{DFB8047B-FF22-438D-90BD-83E8B78F83D7}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{E0E49B42-E2E2-4F6B-8C1A-73F15B3C71D1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F2026C51-8509-47B4-816D-CCD2DB993FC1}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F409EA92-6713-4D2D-AF88-0C51B1CF1D2A}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}\instance.dat" is compressed (flags = 1)
Done!
Scan finished
=======================================

mbar schreibt, kein clean up nötig...

Code:

ATTFilter

OTL logfile created on: 17.03.2013 18:21:37 - Run 8
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,36% Memory free
15,96 Gb Paging File | 14,11 Gb Available in Paging File | 88,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 501,91 Gb Free Space | 53,89% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.14 17:36:58 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 17:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.20 03:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 22:01:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.10 13:51:02 | 000,815,560 | ---- | M] (MooSoft Development LLC) [Auto | Stopped] -- C:\Program Files (x86)\The Cleaner\mhelper.exe -- (moohelp)
SRV - [2013.03.08 02:43:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 13:08:31 | 006,370,680 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.27 11:39:44 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 00:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 00:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.08 21:37:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.15 02:24:09 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.03.06 12:25:02 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.03.06 12:25:02 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.03.06 12:25:02 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.07.07 11:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011.07.07 11:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2011.04.20 03:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.04.20 02:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 03:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 03:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 11:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 11:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 11:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 11:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 11:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.05.27 04:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 11:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BF 44 DE BD CD 01  [binary data]
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7B30E08C68-889E-11E0-95EF-DA7E4824019B%7D:0.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com')%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 22:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 02:43:19 | 000,000,000 | ---D | M]
 
[2012.11.08 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.03.17 17:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.24 23:21:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.16 09:44:05 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\fastdial@telega.phpnet.us
[2013.03.02 18:53:46 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.10 18:37:02 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.05 23:14:15 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.11.10 18:38:22 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2012.11.18 19:12:07 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013.02.14 14:26:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.13 22:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (onetab) -- C:\Program Files (x86)\mozilla firefox\extensions\onetab@onetab.net
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Broowse2usavE = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid\1\
 
O1 HOSTS File: ([2013.03.17 10:14:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe (MooSoft Development LLC)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2260964575-2753946872-1401531445-1001\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44F588EC-AE07-4195-B687-558D15AF45C5}: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F269A833-C7A2-4185-B543-B9400327C755}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 17:47:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.17 17:46:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.17 17:40:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar-1.01.0.1021
[2013.03.17 10:16:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.17 10:05:07 | 005,040,250 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.03.16 10:27:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.16 09:59:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.16 09:59:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.16 09:59:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.16 09:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.16 09:58:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.16 09:39:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.15 20:30:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.03.15 04:00:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.15 01:51:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.03.14 22:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.14 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.03.14 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\thecleaner
[2013.03.14 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
[2013.03.14 18:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner
[2013.03.14 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2013.03.14 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.03.14 18:02:27 | 012,185,136 | ---- | C] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 00:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013.03.14 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.13 23:59:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.13 23:59:29 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.13 23:59:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.13 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2013
[2013.03.13 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2013.03.13 20:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.13 20:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.03.13 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.03.13 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013.03.13 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2013.03.13 19:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2013.03.13 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics
[2013.03.13 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2013.03.13 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
[2013.03.13 00:36:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
[2013.03.13 00:36:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Sounds
[2013.03.13 00:36:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
[2013.03.13 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Library
[2013.03.12 22:28:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013.03.12 15:46:40 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.03.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.03.12 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\User\Local Settings
[2013.03.12 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2013.03.12 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013.03.12 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013.03.12 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.03.08 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.02.28 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.02.28 15:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013.02.28 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013.02.26 20:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
[2013.02.26 20:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
[2013.02.26 20:57:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
[2013.02.26 20:56:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
[2013.02.26 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Samples
[2013.02.25 11:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.21 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\User\dubtrack
[2013.02.19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Cubase Projekte
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 18:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 17:56:10 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 17:56:10 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 17:49:40 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.17 17:48:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 17:48:20 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.17 17:37:21 | 013,786,977 | ---- | M] () -- C:\Users\User\Desktop\mbar-1.01.0.1021.zip
[2013.03.17 10:14:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.17 10:05:16 | 005,040,250 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.03.16 09:46:32 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.15 20:30:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.03.15 04:00:31 | 607,879,825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.15 02:05:53 | 000,000,168 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:25 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:10 | 000,377,856 | ---- | M] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 23:42:03 | 001,499,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.14 23:42:03 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.14 23:42:03 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.14 23:42:03 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.14 23:42:03 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 22:27:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:02:52 | 012,185,136 | ---- | M] (Simply Super Software                                       ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.12 23:13:44 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 16:23:07 | 343,905,537 | ---- | M] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.12 15:16:21 | 000,270,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.27 17:26:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.17 17:37:06 | 013,786,977 | ---- | C] () -- C:\Users\User\Desktop\mbar-1.01.0.1021.zip
[2013.03.16 09:59:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.16 09:59:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.16 09:59:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.16 09:59:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.16 09:59:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 09:46:31 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.15 04:00:31 | 607,879,825 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.15 02:05:53 | 000,000,168 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:24 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:09 | 000,377,856 | ---- | C] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.14 22:27:15 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:03:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2013.03.14 18:03:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.03.13 22:15:26 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.12 23:13:44 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 15:46:39 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.03.12 15:46:39 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.03.12 15:46:39 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.03.12 15:44:53 | 343,905,537 | ---- | C] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.11 22:42:48 | 005,097,142 | ---- | C] () -- C:\Users\User\Desktop\GoldLine.Presentation.2.2.de.pdf
[2013.03.08 13:14:54 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013.03.07 22:31:25 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.07 22:31:25 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.07 22:31:25 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.27 17:26:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2012.12.03 15:11:47 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.25 21:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,021,036 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.27 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.11.28 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2013.03.07 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.01.20 11:51:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2013.03.13 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.08 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013.01.08 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.15 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ERS Game Studios
[2013.03.12 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.02.06 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iZotope
[2013.01.15 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts
[2012.11.28 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2013.03.16 10:08:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OneTab
[2013.03.13 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.14 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.13 20:55:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.11.21 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steinberg
[2013.03.14 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\thecleaner
[2012.12.03 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2013.03.13 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.02.25 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.15 08:00:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VTrain
 
========== Purity Check ==========
 
 

< End of report >

aharonov · 17.03.2013, 19:21

Hallo,

sieht schon besser aus.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

Inspheres · 19.03.2013, 00:19

Sorry, dass es ein wenig gedauert hat..

Code:

ATTFilter

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 1734072 bytes
->Temporary Internet Files folder emptied: 3448084 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 373275435 bytes
->Flash cache emptied: 4975 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10574072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 48351 bytes
 
Total Files Cleaned = 371,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03192013_001206

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.18.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

Schutz: Aktiviert

19.03.2013 00:38:55
mbam-log-2013-03-19 (00-38-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231930
Laufzeit: 1 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aharonov · 19.03.2013, 00:37

Hallo,

Zitat:

Sorry, dass es ein wenig gedauert hat..

Überhaupt kein Problem.
Poste einfach die noch verbleibenden Logs zusammen, wenn du sie hast, dann geht's weiter.

Inspheres · 19.03.2013, 02:37

Code:

ATTFilter

C:\TDSSKiller_Quarantine\16.03.2013_09.39.06\zasubsys0000\file0000\tsk0000.dta	Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\16.03.2013_09.39.06\zasubsys0000\zafs0000\tsk0000.dta	Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\16.03.2013_09.39.06\zasubsys0000\zafs0000\tsk0001.dta	Win64/Sirefef.W trojan
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid\1\5140d87fea8ce2.97750833.js	Win32/Adware.MultiPlug.H application
C:\_OTL\MovedFiles\03172013_174632\C_Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com\content\bg.js	Win32/Adware.MultiPlug.H application
C:\_OTL\MovedFiles\03172013_174632\C_Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com\content\overlay.js	Win32/Adware.Yontoo application

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Multi Virus Cleaner 2013  
 The Cleaner version 9  
 Java 7 Update 13  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (19.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

aharonov · 19.03.2013, 02:55

Hallo,

die Funde sind bereits in Quarantäne. Das sieht jetzt wieder besser aus.
Mach noch das Java Update und dann räumen wir auf.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:files
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.

Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 17.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 3

Starte defogger und drücke den Button Re-enable.

Schritt 4

Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme.

Drücke bitte die

+ R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

ATTFilter

Combofix /Uninstall

und drücke OK.
Du kannst die eben deaktivierten Programme nun wieder einschalten.

Schritt 5

Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen.
Falls du ESET aber deinstallieren möchtest, dann:

Drücke bitte die

+ R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

ATTFilter

"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"

und drücke OK.

Schritt 6

Downloade dir bitte delfix auf deinen Desktop.

Schliesse alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Klicke auf Start.
DelFix entfernt alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Inspheres · 20.03.2013, 22:50

So, jetza..

Hallo, und vielen Herzlichen Dank für deine schnelle, kompetente Hilfe, Unterstützung und Tipps! Hab schon geglaubt jetz isses aus... aber passt ja wieder alles und mein Rechner ist auch noch schneller geworden

Bin begeistert von diesem Forum und werde eine kleine Spende beitragen!
Habe mir jetzt mcafee gekauft und hoffe das schützt ein wenig..

Werde mir auch deine Ratschläge zu herzen nehmen damit wir uns eben so bald nicht wieder hier treffen!

Gruß Michael