Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits

Glam · 12.04.2013, 00:42

Hallo, liebes Trojaner-Board,

wie schnell zwei Jahre vergehen … ich habe diesmal ein paar Probleme:

1. Windows Update deaktiviert sich von selbst. Das erste Mal bemerkte ich dies vor wenigen Tagen und stellte da auch fest, dass seit einem Monat nicht mehr aktualisiert wurde – dies holte ich dann manuell nach. Seit gestern kann ich über Windows Update nichts mehr aktualisieren; Virendefinitionen nur direkt über MSE.

2. Es kommt irgendwann am Tag vor, dass das Internet nicht mehr funktioniert. Für etwa 20 bis 30 Minuten. Die Windows-Diagnose berichtet lediglich davon, dass keine Verbindung zu www.microsoft.com hergestellt werden kann, aber alles ordnungsgemäß konfiguriert sei.

3. Ich erhielt gestern eine dubiose Droh-E-Mail (eindeutig Scam). Das hat mich dazu veranlasst einen Virencheck durchzuführen. MSE fand zwei Java Exploits, die ich dann entfernte. Ein 2012 und ein 2013er-Exploit, wovon das EVC-2012-1723 nebenan im Thread auch genannt wird.

Antonio

Hier anbei die gebrauchten Logfiles:

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:44 on 12/04/2013 (Anwender)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL

Code:

ATTFilter

OTL logfile created on: 12.04.2013 00:59:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 56,25% Memory free
3,93 Gb Paging File | 2,73 Gb Available in Paging File | 69,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 325,04 Gb Free Space | 69,80% Space Free | Partition Type: NTFS
 
Computer Name: FUTURES | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 00:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe
PRC - [2013.03.26 03:31:57 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.26 03:32:02 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 00:53:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 22:16:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.02 12:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 12:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.21 01:45:22 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.27 15:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012.11.13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2011.06.02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 70 0E 3B C1 C0 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8BF0409F-3F37-4D7F-9403-9B7FAAE69AE7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8BF0409F-3F37-4D7F-9403-9B7FAAE69AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.1.0.23
FF - prefs.js..extensions.enabledAddons: %7B99e34760-2754-11e0-91fa-0800200c9a66%7D:5.5
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.09 11:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 16:14:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 16:14:16 | 000,000,000 | ---D | M]
 
[2012.08.14 19:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2013.04.11 00:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions
[2013.02.21 02:35:03 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.11.01 02:55:21 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.04.02 11:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\ynmmgqpj.23\extensions
[2013.02.25 21:16:51 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\ynmmgqpj.23\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.11.24 14:45:05 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.11.21 18:27:01 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2012.11.24 14:44:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 06:07:17 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013.04.02 11:27:23 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2013.02.25 21:59:13 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 00:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.09 11:46:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9RZ8XP09.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9RZ8XP09.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2013.04.12 00:53:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.13 02:38:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.13 02:38:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.13 02:38:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.13 02:38:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.13 02:38:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.13 02:38:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: Turn Off the Lights = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.35_0\
CHR - Extension: Audiotool = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Stylish = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: AdBlock = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Futhead FIFA Ultimate Team Search = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpobadmlgbdpiiegjfaoimffjngaminj\1.1.2_0\
CHR - Extension: Northern Lights = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef\1.1_0\
CHR - Extension: Google Mail = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AviraSpeedup] C:\Program Files (x86)\Avira\AviraSpeedup\AviraSpeedup.exe (Avira)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B54AD02-1AD6-449E-B711-CB3A63C346C9}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c745d19c-b2ab-11e0-9462-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c745d19c-b2ab-11e0-9462-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 00:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 23:41:08 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Local\AviraSpeedup
[2013.04.11 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
[2013.04.11 23:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.04.11 23:35:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.04.11 21:05:41 | 002,118,144 | ---- | C] (Geek Uninstaller Software) -- C:\Users\Anwender\Desktop\geek.exe
[2013.04.06 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\FileZilla
[2013.04.02 17:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.03.27 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\Anwender\cityguide
[2013.03.18 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS
[2013.03.18 06:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
[2013.03.14 01:37:16 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\.mono
[2013.03.14 01:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2013.03.14 01:34:21 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
[2013.03.13 02:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BSW
[2013.03.13 02:18:14 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\BSW
[2012.12.18 07:56:02 | 000,364,424 | ---- | C] (Bitsum Technologies) -- C:\Users\Anwender\AppData\Roaming\ProcessLassopl_rsrc_temp.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Anwender\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Anwender\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Anwender\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Anwender\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 00:43:49 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2013.04.12 00:30:04 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001UA.job
[2013.04.12 00:16:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 23:41:08 | 000,001,167 | ---- | M] () -- C:\Users\Anwender\Desktop\Avira System Speedup.lnk
[2013.04.11 23:30:46 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001Core.job
[2013.04.11 23:23:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 20:49:14 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe
[2013.04.11 20:47:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 20:47:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 20:44:33 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 20:44:33 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 20:44:33 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 20:44:33 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 20:44:33 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 20:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 20:39:53 | 1583,177,728 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 06:31:57 | 000,002,345 | ---- | M] () -- C:\Users\Anwender\Desktop\Google Chrome.lnk
[2013.04.11 01:02:31 | 000,359,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 12:45:43 | 002,118,144 | ---- | M] (Geek Uninstaller Software) -- C:\Users\Anwender\Desktop\geek.exe
[2013.04.08 16:39:03 | 000,001,063 | ---- | M] () -- C:\Users\Anwender\Desktop\Notepad++.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 12:45:58 | 000,001,105 | ---- | M] () -- C:\Users\Anwender\Desktop\ColorMania.lnk
[2013.03.18 06:41:57 | 000,002,230 | ---- | M] () -- C:\Users\Anwender\Desktop\FIFA 13 CAREER MODE EDITOR 1.0 by Doctor+.lnk
[2013.03.18 06:39:20 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2013.03.15 22:35:13 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.15 21:42:15 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013.04.12 00:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2013.04.11 23:41:08 | 000,001,167 | ---- | C] () -- C:\Users\Anwender\Desktop\Avira System Speedup.lnk
[2013.04.08 18:45:23 | 002,987,168 | ---- | C] () -- C:\Users\Anwender\Desktop\Squads 20121206102542#Squads 1
[2013.03.18 06:41:57 | 000,002,230 | ---- | C] () -- C:\Users\Anwender\Desktop\FIFA 13 CAREER MODE EDITOR 1.0 by Doctor+.lnk
[2013.03.18 06:39:20 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2012.12.05 20:23:38 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.09.09 23:53:08 | 000,002,677 | ---- | C] () -- C:\Users\Anwender\AppData\Local\recently-used.xbel
[2012.09.09 21:42:27 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.06.02 17:37:22 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.03.18 13:46:38 | 000,007,598 | ---- | C] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
[2011.10.19 18:48:08 | 000,001,600 | ---- | C] () -- C:\Users\Anwender\AppData\Local\RecConfig.xml
[2011.07.20 10:51:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.07.20 10:51:51 | 000,022,587 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Anwender\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Anwender\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Anwender\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Anwender\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Anwender\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Anwender\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.14 01:37:16 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\.mono
[2012.12.05 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Apowersoft
[2013.03.18 09:16:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\BSW
[2012.11.17 13:37:52 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Dropbox
[2012.09.17 07:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Electronic Arts
[2013.04.07 05:35:58 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FileZilla
[2012.09.14 08:51:37 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Foxit Software
[2012.06.10 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Geek Uninstaller
[2011.10.20 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mp3DirectCut
[2013.04.11 22:49:02 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\MusicBee
[2012.10.19 03:28:58 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Need for Speed World
[2013.04.08 16:39:03 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Notepad++
[2011.10.07 07:49:17 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OCS
[2012.09.08 07:55:18 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.12.01 02:16:28 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Origin
[2013.03.14 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
[2012.12.10 03:24:05 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Steganos
[2012.09.07 19:42:35 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\SumatraPDF
[2011.09.29 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Thunderbird
[2013.04.11 01:07:04 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\uTorrent
[2013.04.11 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wise Care 365
[2013.02.01 01:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wise Game Booster
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 12.04.2013 00:59:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 56,25% Memory free
3,93 Gb Paging File | 2,73 Gb Available in Paging File | 69,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 325,04 Gb Free Space | 69,80% Space Free | Partition Type: NTFS
 
Computer Name: FUTURES | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151BFAE9-7338-4FF5-ACC7-F53E171E547B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17F0B222-9AE7-447C-BE3A-3F82CC4BD33A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{18EA56CF-5DD3-4481-92E1-9545E1B3620B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{24E83A96-EE3F-4CAC-81A3-384BE50998E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{30FCB2FB-C446-4C7A-ACB7-77A91C9036E6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4EC63EAF-1445-4487-BA58-495B7A6C91F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5EB44455-F92C-4A93-83FF-43AF08B7F69D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{61645462-82A0-476B-954C-7433599D6195}" = lport=445 | protocol=6 | dir=in | app=system | 
"{74652655-4128-4695-8DBD-2E82F309BA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F12D987-3E40-4E85-B89A-989FBD1AC10E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{84A22CF3-C915-4452-934B-F1D731623908}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{863CD106-5979-4542-AB42-4E9AD76E9127}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C0E1928-F2F6-4D9D-BC09-94EFE1848BDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D450547-DF46-49EA-8521-ECE90EC8A45D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{94C86489-0E7B-4454-8760-5C5F487AEC47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AC897D03-A5F4-483D-82D0-7E94477B677F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ACEB5E87-14DD-4AEF-8C09-41F03AB8DD7C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD75323E-461D-4226-BC0C-415E58B6A4B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ADD1C1A4-4EB9-45D7-9730-F89BED03B242}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D53E1702-03CD-401D-BFA5-3F6A92D29525}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DB6E29BF-397E-4DD8-B720-34BD3B8D02F4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F6AC944B-B14A-4534-85B5-33F0AF7FE146}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D4025A-F0B8-4355-B9A5-A9A626E06932}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{19302FB8-77FC-471E-B21A-98740D7CCB0B}" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{24F87131-2E4F-4B2F-A8E0-63BED3382262}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{26BFA46A-55F4-44F2-B2C6-EA4B414DEE30}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{27E6445C-73DE-4B28-B7B6-B1EE32CECA6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{313B270E-6C68-4573-B526-399B77483A87}" = protocol=58 | dir=in | app=system | 
"{40CD2539-9B33-4356-A304-E988DC15D6A9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{45592A79-0A1D-4D4C-A172-3B8839B1E537}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{4B48FC9A-74F3-4253-B36D-A2AB21302825}" = protocol=17 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4DA5D1DF-B722-4126-B504-4B3FE784DA68}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{52644687-2A2A-4E3D-8FE5-1B1423353D65}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{577787B7-38DA-48CA-B18E-ED50BCF080A9}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{5F8C0E19-F27B-4E60-B7ED-70DBE1F7B13F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{621AB6D7-3468-4A46-B7F9-7090F02113D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6E11377E-BF73-45C4-8A4A-E13A042928C3}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{7E9C6EF1-E1EC-4397-A429-EA819B5AA5BA}" = protocol=17 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8418B646-88B0-49A5-9254-21B17DEEAF00}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{8BFE3C3A-809A-4FB4-AAA6-B804C1E064B7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed world\gamelauncher.exe | 
"{8CFFB4C0-F5C6-4A53-9667-324701B51C8E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B16DAFE7-0AAA-4E1E-B305-B263E812C882}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B2A1445A-B990-4606-B9ED-6FA3A974B84D}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{BA9CCFEF-A49C-4121-B8CB-867A17EFE1FA}" = dir=in | app=c:\users\anwender\appdata\local\microsoft\skydrive\skydrive.exe | 
"{BE5B0486-2379-4C26-8D61-1C9FB7694AEE}" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{C520E0D0-0E07-43D7-9A0E-9D8C33E165B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C7661CE0-DFF1-4C00-8AC6-C4B09446791B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D5F58EF8-ADF4-4387-9023-154F4D55E89E}" = protocol=6 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D8702464-CFAF-4F51-B430-9EA940D81E68}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{DB3CC916-68B4-430B-AEB9-CA1619E66C96}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed world\gamelauncher.exe | 
"{F17E5882-2371-4ECF-A8E3-2ECC79E89D7B}" = protocol=6 | dir=in | app=c:\users\anwender\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F5B05575-D03C-46EE-9CC7-178E6FE0D843}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{227D9A52-8B07-4105-9022-4DED088400E8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2530AB4C-4C5D-46FC-AF6C-2CB5820A7E8A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{A48F3A59-1454-479F-BA1E-8E23D7E592A9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{E7155A27-F44F-427A-895A-4F4642E93CF1}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{0E770CD9-AD98-44AE-9677-C46BCC4C1435}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{8582C45F-8D85-44B0-95C4-B4DAAC1153A5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{9B818C52-93E0-49D8-AAF6-B46EC9402D8E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{A8B0DE73-6F5E-4E53-8CD3-01366231BEF9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"camcodec" = CamStudio Lossless Codec
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"Speccy" = Speccy
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}" = Need For Speed™ World
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A8CC1D58-532C-4AAE-9A22-69FEA8CFCCA4}" = MusicBee
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.13
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AviraSpeedup" = Avira System Speedup
"BrettspielWelt" = BrettspielWelt
"ColorMania_is1" = ColorMania 4.0
"DivX Setup" = DivX-Setup
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Origin" = Origin
"SopCast" = SopCast 3.5.0
"SumatraPDF" = SumatraPDF
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Wise Game Booster_is1" = Wise Game Booster 1.09
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS" = FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS
"FIFA13 SPECIAL FAST START BY DOCTOR+ PRODUCTIONS" = FIFA13 SPECIAL FAST START BY DOCTOR+ PRODUCTIONS
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2013 16:47:21 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:26 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:28 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:30 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:44 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:45 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:46 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 08.03.2013 16:47:51 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
Error - 10.03.2013 05:12:39 | Computer Name = Futures | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a0ed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00172818  ID des fehlerhaften
 Prozesses: 0xa10c  Startzeit der fehlerhaften Anwendung: 0x01ce1cadca0ad1ff  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 a7a17e5f-8962-11e2-9161-e06995cbe3ee
 
Error - 11.03.2013 13:21:07 | Computer Name = Futures | Source = RasClient | ID = 20227
Description = 
 
[ System Events ]
Error - 12.09.2012 02:49:13 | Computer Name = Futures | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2012 um 08:47:36 unerwartet heruntergefahren.
 
Error - 12.09.2012 07:09:45 | Computer Name = Futures | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12.09.2012 15:55:59 | Computer Name = Futures | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12.09.2012 19:49:57 | Computer Name = Futures | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 13.09.2012 00:57:43 | Computer Name = Futures | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 13.09.2012 00:57:43 | Computer Name = Futures | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 14.09.2012 06:05:15 | Computer Name = Futures | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 19.09.2012 13:45:35 | Computer Name = Futures | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 19.09.2012 13:45:35 | Computer Name = Futures | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 20.09.2012 11:37:34 | Computer Name = Futures | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

aharonov · 12.04.2013, 02:55

Ciao Antonio,

schauen wir noch etwas an:

Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.

Starte die aswMBR.exe.
Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte, bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere die Datei auf dem Desktop.

Poste mir diese aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung.

Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.

Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.

Starte die TDSSKiller.exe.
Drücke Start Scan.
Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von aswMBR
Log von TDSSKiller

Glam · 12.04.2013, 03:57

Hey, Leo,

hier das Logfile von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-12 04:00:37
-----------------------------
04:00:37.471    OS Version: Windows x64 6.1.7601 Service Pack 1
04:00:37.471    Number of processors: 2 586 0x170A
04:00:37.472    ComputerName: FUTURES  UserName: 
04:00:40.517    Initialize success
04:00:48.636    AVAST engine defs: 13041101
04:01:03.464    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
04:01:03.466    Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
04:01:03.593    Disk 0 MBR read successfully
04:01:03.596    Disk 0 MBR scan
04:01:03.600    Disk 0 Windows 7 default MBR code
04:01:03.607    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
04:01:03.638    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
04:01:03.702    Disk 0 scanning C:\Windows\system32\drivers
04:01:17.634    Service scanning
04:01:43.101    Modules scanning
04:01:43.108    Disk 0 trace - called modules:
04:01:43.127    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
04:01:43.131    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002763060]
04:01:43.136    3 CLASSPNP.SYS[fffff8800193b43f] -> nt!IofCallDriver -> [0xfffffa800264c520]
04:01:43.149    5 ACPI.sys[fffff880011137a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800263d060]
04:01:45.399    AVAST engine scan C:\Windows
04:01:48.478    AVAST engine scan C:\Windows\system32
04:06:01.165    AVAST engine scan C:\Windows\system32\drivers
04:06:17.754    AVAST engine scan C:\Users\Anwender
04:45:59.728    AVAST engine scan C:\ProgramData
04:50:35.138    Scan finished successfully
04:51:49.898    Disk 0 MBR has been saved successfully to "C:\Users\Anwender\Desktop\MBR.dat"
04:51:49.948    The log file has been saved successfully to "C:\Users\Anwender\Desktop\aswMBR.txt"

Und das Logfile von TDSSKiller:

Code:

ATTFilter

04:52:14.0914 0936  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
04:52:15.0158 0936  ============================================================
04:52:15.0158 0936  Current date / time: 2013/04/12 04:52:15.0158
04:52:15.0158 0936  SystemInfo:
04:52:15.0158 0936  
04:52:15.0158 0936  OS Version: 6.1.7601 ServicePack: 1.0
04:52:15.0158 0936  Product type: Workstation
04:52:15.0159 0936  ComputerName: FUTURES
04:52:15.0159 0936  UserName: Anwender
04:52:15.0159 0936  Windows directory: C:\Windows
04:52:15.0159 0936  System windows directory: C:\Windows
04:52:15.0159 0936  Running under WOW64
04:52:15.0159 0936  Processor architecture: Intel x64
04:52:15.0159 0936  Number of processors: 2
04:52:15.0159 0936  Page size: 0x1000
04:52:15.0159 0936  Boot type: Normal boot
04:52:15.0159 0936  ============================================================
04:52:16.0606 0936  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
04:52:16.0654 0936  ============================================================
04:52:16.0654 0936  \Device\Harddisk0\DR0:
04:52:16.0654 0936  MBR partitions:
04:52:16.0654 0936  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:52:16.0654 0936  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
04:52:16.0654 0936  ============================================================
04:52:16.0696 0936  C: <-> \Device\Harddisk0\DR0\Partition2
04:52:16.0709 0936  ============================================================
04:52:16.0710 0936  Initialize success
04:52:16.0710 0936  ============================================================
04:52:30.0590 1708  ============================================================
04:52:30.0590 1708  Scan started
04:52:30.0590 1708  Mode: Manual; 
04:52:30.0590 1708  ============================================================
04:52:30.0740 1708  ================ Scan system memory ========================
04:52:30.0741 1708  System memory - ok
04:52:30.0741 1708  ================ Scan services =============================
04:52:30.0828 1708  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
04:52:30.0831 1708  1394ohci - ok
04:52:30.0860 1708  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
04:52:30.0864 1708  ACPI - ok
04:52:30.0883 1708  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
04:52:30.0885 1708  AcpiPmi - ok
04:52:31.0008 1708  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:52:31.0026 1708  AdobeFlashPlayerUpdateSvc - ok
04:52:31.0076 1708  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
04:52:31.0081 1708  adp94xx - ok
04:52:31.0114 1708  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
04:52:31.0118 1708  adpahci - ok
04:52:31.0152 1708  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
04:52:31.0154 1708  adpu320 - ok
04:52:31.0188 1708  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
04:52:31.0189 1708  AeLookupSvc - ok
04:52:31.0222 1708  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
04:52:31.0228 1708  AFD - ok
04:52:31.0253 1708  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
04:52:31.0255 1708  agp440 - ok
04:52:31.0273 1708  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
04:52:31.0275 1708  ALG - ok
04:52:31.0298 1708  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
04:52:31.0300 1708  aliide - ok
04:52:31.0315 1708  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
04:52:31.0316 1708  amdide - ok
04:52:31.0339 1708  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
04:52:31.0341 1708  AmdK8 - ok
04:52:31.0354 1708  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
04:52:31.0356 1708  AmdPPM - ok
04:52:31.0380 1708  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
04:52:31.0382 1708  amdsata - ok
04:52:31.0403 1708  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
04:52:31.0406 1708  amdsbs - ok
04:52:31.0422 1708  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
04:52:31.0424 1708  amdxata - ok
04:52:31.0454 1708  [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
04:52:31.0456 1708  Apowersoft_AudioDevice - ok
04:52:31.0483 1708  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
04:52:31.0485 1708  AppID - ok
04:52:31.0508 1708  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
04:52:31.0510 1708  AppIDSvc - ok
04:52:31.0523 1708  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
04:52:31.0525 1708  Appinfo - ok
04:52:31.0546 1708  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
04:52:31.0548 1708  arc - ok
04:52:31.0564 1708  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
04:52:31.0566 1708  arcsas - ok
04:52:31.0651 1708  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:52:31.0673 1708  aspnet_state - ok
04:52:31.0697 1708  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
04:52:31.0699 1708  AsyncMac - ok
04:52:31.0731 1708  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
04:52:31.0731 1708  atapi - ok
04:52:31.0771 1708  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:52:31.0778 1708  AudioEndpointBuilder - ok
04:52:31.0790 1708  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
04:52:31.0794 1708  AudioSrv - ok
04:52:31.0816 1708  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
04:52:31.0818 1708  AxInstSV - ok
04:52:31.0856 1708  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
04:52:31.0861 1708  b06bdrv - ok
04:52:31.0898 1708  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
04:52:31.0902 1708  b57nd60a - ok
04:52:31.0926 1708  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
04:52:31.0928 1708  BDESVC - ok
04:52:31.0943 1708  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
04:52:31.0944 1708  Beep - ok
04:52:31.0971 1708  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
04:52:31.0978 1708  BFE - ok
04:52:32.0004 1708  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
04:52:32.0053 1708  BITS - ok
04:52:32.0076 1708  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
04:52:32.0078 1708  blbdrive - ok
04:52:32.0097 1708  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
04:52:32.0099 1708  bowser - ok
04:52:32.0124 1708  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
04:52:32.0125 1708  BrFiltLo - ok
04:52:32.0136 1708  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
04:52:32.0137 1708  BrFiltUp - ok
04:52:32.0164 1708  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
04:52:32.0166 1708  Browser - ok
04:52:32.0190 1708  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
04:52:32.0193 1708  Brserid - ok
04:52:32.0207 1708  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
04:52:32.0209 1708  BrSerWdm - ok
04:52:32.0236 1708  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
04:52:32.0238 1708  BrUsbMdm - ok
04:52:32.0255 1708  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
04:52:32.0257 1708  BrUsbSer - ok
04:52:32.0271 1708  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
04:52:32.0275 1708  BTHMODEM - ok
04:52:32.0303 1708  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
04:52:32.0306 1708  bthserv - ok
04:52:32.0347 1708  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
04:52:32.0349 1708  cdfs - ok
04:52:32.0389 1708  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
04:52:32.0391 1708  cdrom - ok
04:52:32.0413 1708  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
04:52:32.0415 1708  CertPropSvc - ok
04:52:32.0444 1708  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
04:52:32.0445 1708  circlass - ok
04:52:32.0468 1708  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
04:52:32.0472 1708  CLFS - ok
04:52:32.0513 1708  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:52:32.0516 1708  clr_optimization_v2.0.50727_32 - ok
04:52:32.0542 1708  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:52:32.0545 1708  clr_optimization_v2.0.50727_64 - ok
04:52:32.0605 1708  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:52:32.0672 1708  clr_optimization_v4.0.30319_32 - ok
04:52:32.0683 1708  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:52:32.0707 1708  clr_optimization_v4.0.30319_64 - ok
04:52:32.0755 1708  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
04:52:32.0756 1708  CmBatt - ok
04:52:32.0782 1708  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
04:52:32.0783 1708  cmdide - ok
04:52:32.0812 1708  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
04:52:32.0817 1708  CNG - ok
04:52:32.0842 1708  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
04:52:32.0844 1708  Compbatt - ok
04:52:32.0864 1708  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
04:52:32.0865 1708  CompositeBus - ok
04:52:32.0878 1708  COMSysApp - ok
04:52:32.0937 1708  [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
04:52:32.0939 1708  cpudrv64 - ok
04:52:32.0967 1708  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
04:52:32.0968 1708  crcdisk - ok
04:52:32.0999 1708  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
04:52:33.0002 1708  CryptSvc - ok
04:52:33.0038 1708  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
04:52:33.0044 1708  DcomLaunch - ok
04:52:33.0069 1708  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
04:52:33.0073 1708  defragsvc - ok
04:52:33.0092 1708  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
04:52:33.0094 1708  DfsC - ok
04:52:33.0112 1708  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
04:52:33.0115 1708  Dhcp - ok
04:52:33.0124 1708  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
04:52:33.0125 1708  discache - ok
04:52:33.0158 1708  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
04:52:33.0159 1708  Disk - ok
04:52:33.0181 1708  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
04:52:33.0183 1708  Dnscache - ok
04:52:33.0205 1708  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
04:52:33.0210 1708  dot3svc - ok
04:52:33.0226 1708  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
04:52:33.0229 1708  DPS - ok
04:52:33.0254 1708  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
04:52:33.0255 1708  drmkaud - ok
04:52:33.0284 1708  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
04:52:33.0294 1708  DXGKrnl - ok
04:52:33.0317 1708  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
04:52:33.0319 1708  EapHost - ok
04:52:33.0389 1708  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
04:52:33.0432 1708  ebdrv - ok
04:52:33.0460 1708  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
04:52:33.0462 1708  EFS - ok
04:52:33.0497 1708  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
04:52:33.0506 1708  ehRecvr - ok
04:52:33.0531 1708  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
04:52:33.0534 1708  ehSched - ok
04:52:33.0564 1708  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
04:52:33.0569 1708  elxstor - ok
04:52:33.0582 1708  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
04:52:33.0584 1708  ErrDev - ok
04:52:33.0627 1708  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
04:52:33.0632 1708  EventSystem - ok
04:52:33.0653 1708  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
04:52:33.0655 1708  exfat - ok
04:52:33.0675 1708  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
04:52:33.0677 1708  fastfat - ok
04:52:33.0708 1708  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
04:52:33.0715 1708  Fax - ok
04:52:33.0729 1708  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
04:52:33.0730 1708  fdc - ok
04:52:33.0748 1708  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
04:52:33.0750 1708  fdPHost - ok
04:52:33.0757 1708  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
04:52:33.0759 1708  FDResPub - ok
04:52:33.0775 1708  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
04:52:33.0777 1708  FileInfo - ok
04:52:33.0786 1708  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
04:52:33.0788 1708  Filetrace - ok
04:52:33.0811 1708  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
04:52:33.0813 1708  flpydisk - ok
04:52:33.0833 1708  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
04:52:33.0836 1708  FltMgr - ok
04:52:33.0878 1708  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
04:52:33.0896 1708  FontCache - ok
04:52:33.0932 1708  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:52:33.0934 1708  FontCache3.0.0.0 - ok
04:52:33.0949 1708  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
04:52:33.0951 1708  FsDepends - ok
04:52:33.0970 1708  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
04:52:33.0971 1708  Fs_Rec - ok
04:52:34.0001 1708  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
04:52:34.0004 1708  fvevol - ok
04:52:34.0023 1708  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
04:52:34.0025 1708  gagp30kx - ok
04:52:34.0055 1708  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
04:52:34.0063 1708  gpsvc - ok
04:52:34.0082 1708  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
04:52:34.0084 1708  hcw85cir - ok
04:52:34.0121 1708  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:52:34.0125 1708  HdAudAddService - ok
04:52:34.0149 1708  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
04:52:34.0152 1708  HDAudBus - ok
04:52:34.0175 1708  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
04:52:34.0177 1708  HidBatt - ok
04:52:34.0194 1708  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
04:52:34.0196 1708  HidBth - ok
04:52:34.0224 1708  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
04:52:34.0226 1708  HidIr - ok
04:52:34.0243 1708  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
04:52:34.0245 1708  hidserv - ok
04:52:34.0270 1708  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
04:52:34.0273 1708  HidUsb - ok
04:52:34.0300 1708  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
04:52:34.0302 1708  hkmsvc - ok
04:52:34.0312 1708  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:52:34.0315 1708  HomeGroupListener - ok
04:52:34.0340 1708  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:52:34.0344 1708  HomeGroupProvider - ok
04:52:34.0356 1708  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
04:52:34.0358 1708  HpSAMD - ok
04:52:34.0395 1708  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
04:52:34.0402 1708  HTTP - ok
04:52:34.0414 1708  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
04:52:34.0416 1708  hwpolicy - ok
04:52:34.0432 1708  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
04:52:34.0434 1708  i8042prt - ok
04:52:34.0466 1708  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
04:52:34.0471 1708  iaStorV - ok
04:52:34.0512 1708  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:52:34.0521 1708  idsvc - ok
04:52:34.0693 1708  [ 4EAA4261E1AD4B860657CADA790B9B38 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
04:52:34.0839 1708  igfx - ok
04:52:34.0873 1708  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
04:52:34.0875 1708  iirsp - ok
04:52:34.0915 1708  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
04:52:34.0924 1708  IKEEXT - ok
04:52:35.0010 1708  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:52:35.0071 1708  IntcAzAudAddService - ok
04:52:35.0082 1708  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
04:52:35.0083 1708  intelide - ok
04:52:35.0101 1708  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
04:52:35.0103 1708  intelppm - ok
04:52:35.0115 1708  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
04:52:35.0117 1708  IPBusEnum - ok
04:52:35.0148 1708  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:52:35.0150 1708  IpFilterDriver - ok
04:52:35.0176 1708  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
04:52:35.0183 1708  iphlpsvc - ok
04:52:35.0203 1708  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
04:52:35.0205 1708  IPMIDRV - ok
04:52:35.0225 1708  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
04:52:35.0227 1708  IPNAT - ok
04:52:35.0255 1708  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
04:52:35.0257 1708  IRENUM - ok
04:52:35.0272 1708  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
04:52:35.0274 1708  isapnp - ok
04:52:35.0301 1708  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
04:52:35.0304 1708  iScsiPrt - ok
04:52:35.0333 1708  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
04:52:35.0335 1708  kbdclass - ok
04:52:35.0356 1708  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
04:52:35.0357 1708  kbdhid - ok
04:52:35.0366 1708  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
04:52:35.0367 1708  KeyIso - ok
04:52:35.0392 1708  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
04:52:35.0395 1708  KSecDD - ok
04:52:35.0415 1708  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
04:52:35.0417 1708  KSecPkg - ok
04:52:35.0430 1708  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
04:52:35.0431 1708  ksthunk - ok
04:52:35.0456 1708  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
04:52:35.0461 1708  KtmRm - ok
04:52:35.0488 1708  [ 2377EC4CC3E356655B996F39B43486B6 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
04:52:35.0489 1708  L1C - ok
04:52:35.0531 1708  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
04:52:35.0534 1708  LanmanServer - ok
04:52:35.0557 1708  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:52:35.0561 1708  LanmanWorkstation - ok
04:52:35.0588 1708  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
04:52:35.0589 1708  lltdio - ok
04:52:35.0610 1708  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
04:52:35.0615 1708  lltdsvc - ok
04:52:35.0632 1708  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
04:52:35.0634 1708  lmhosts - ok
04:52:35.0655 1708  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
04:52:35.0657 1708  LSI_FC - ok
04:52:35.0685 1708  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
04:52:35.0688 1708  LSI_SAS - ok
04:52:35.0711 1708  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
04:52:35.0713 1708  LSI_SAS2 - ok
04:52:35.0729 1708  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
04:52:35.0731 1708  LSI_SCSI - ok
04:52:35.0771 1708  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
04:52:35.0773 1708  luafv - ok
04:52:35.0787 1708  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
04:52:35.0789 1708  Mcx2Svc - ok
04:52:35.0820 1708  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
04:52:35.0821 1708  megasas - ok
04:52:35.0852 1708  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
04:52:35.0856 1708  MegaSR - ok
04:52:35.0877 1708  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
04:52:35.0879 1708  MMCSS - ok
04:52:35.0895 1708  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
04:52:35.0897 1708  Modem - ok
04:52:35.0920 1708  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
04:52:35.0921 1708  monitor - ok
04:52:35.0946 1708  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
04:52:35.0948 1708  mouclass - ok
04:52:35.0971 1708  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
04:52:35.0972 1708  mouhid - ok
04:52:35.0995 1708  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
04:52:35.0997 1708  mountmgr - ok
04:52:36.0040 1708  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:52:36.0042 1708  MozillaMaintenance - ok
04:52:36.0070 1708  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
04:52:36.0073 1708  MpFilter - ok
04:52:36.0094 1708  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
04:52:36.0097 1708  mpio - ok
04:52:36.0115 1708  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
04:52:36.0117 1708  mpsdrv - ok
04:52:36.0153 1708  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
04:52:36.0161 1708  MpsSvc - ok
04:52:36.0176 1708  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
04:52:36.0178 1708  MRxDAV - ok
04:52:36.0204 1708  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
04:52:36.0207 1708  mrxsmb - ok
04:52:36.0232 1708  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:52:36.0236 1708  mrxsmb10 - ok
04:52:36.0250 1708  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:52:36.0252 1708  mrxsmb20 - ok
04:52:36.0270 1708  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
04:52:36.0273 1708  msahci - ok
04:52:36.0299 1708  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
04:52:36.0301 1708  msdsm - ok
04:52:36.0318 1708  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
04:52:36.0321 1708  MSDTC - ok
04:52:36.0345 1708  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
04:52:36.0347 1708  Msfs - ok
04:52:36.0357 1708  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
04:52:36.0358 1708  mshidkmdf - ok
04:52:36.0384 1708  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
04:52:36.0386 1708  msisadrv - ok
04:52:36.0414 1708  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
04:52:36.0416 1708  MSiSCSI - ok
04:52:36.0421 1708  msiserver - ok
04:52:36.0453 1708  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
04:52:36.0454 1708  MSKSSRV - ok
04:52:36.0508 1708  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:52:36.0510 1708  MsMpSvc - ok
04:52:36.0525 1708  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
04:52:36.0527 1708  MSPCLOCK - ok
04:52:36.0544 1708  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
04:52:36.0546 1708  MSPQM - ok
04:52:36.0567 1708  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
04:52:36.0571 1708  MsRPC - ok
04:52:36.0601 1708  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
04:52:36.0603 1708  mssmbios - ok
04:52:36.0619 1708  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
04:52:36.0621 1708  MSTEE - ok
04:52:36.0631 1708  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
04:52:36.0633 1708  MTConfig - ok
04:52:36.0657 1708  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\drivers\ASACPI.sys
04:52:36.0658 1708  MTsensor - ok
04:52:36.0673 1708  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
04:52:36.0675 1708  Mup - ok
04:52:36.0710 1708  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
04:52:36.0716 1708  napagent - ok
04:52:36.0738 1708  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
04:52:36.0741 1708  NativeWifiP - ok
04:52:36.0785 1708  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
04:52:36.0796 1708  NDIS - ok
04:52:36.0814 1708  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
04:52:36.0815 1708  NdisCap - ok
04:52:36.0837 1708  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
04:52:36.0839 1708  NdisTapi - ok
04:52:36.0855 1708  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
04:52:36.0858 1708  Ndisuio - ok
04:52:36.0879 1708  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
04:52:36.0881 1708  NdisWan - ok
04:52:36.0893 1708  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
04:52:36.0896 1708  NDProxy - ok
04:52:36.0912 1708  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
04:52:36.0915 1708  NetBIOS - ok
04:52:36.0929 1708  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
04:52:36.0933 1708  NetBT - ok
04:52:36.0939 1708  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
04:52:36.0941 1708  Netlogon - ok
04:52:36.0975 1708  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
04:52:36.0979 1708  Netman - ok
04:52:37.0014 1708  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:52:37.0034 1708  NetMsmqActivator - ok
04:52:37.0056 1708  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:52:37.0057 1708  NetPipeActivator - ok
04:52:37.0078 1708  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
04:52:37.0085 1708  netprofm - ok
04:52:37.0100 1708  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:52:37.0102 1708  NetTcpActivator - ok
04:52:37.0106 1708  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:52:37.0108 1708  NetTcpPortSharing - ok
04:52:37.0131 1708  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
04:52:37.0133 1708  nfrd960 - ok
04:52:37.0162 1708  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:52:37.0164 1708  NisDrv - ok
04:52:37.0194 1708  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
04:52:37.0198 1708  NisSrv - ok
04:52:37.0225 1708  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
04:52:37.0229 1708  NlaSvc - ok
04:52:37.0248 1708  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
04:52:37.0250 1708  Npfs - ok
04:52:37.0271 1708  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
04:52:37.0273 1708  nsi - ok
04:52:37.0282 1708  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
04:52:37.0284 1708  nsiproxy - ok
04:52:37.0323 1708  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
04:52:37.0349 1708  Ntfs - ok
04:52:37.0369 1708  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
04:52:37.0370 1708  Null - ok
04:52:37.0388 1708  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
04:52:37.0390 1708  nvraid - ok
04:52:37.0411 1708  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
04:52:37.0413 1708  nvstor - ok
04:52:37.0452 1708  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
04:52:37.0454 1708  nv_agp - ok
04:52:37.0474 1708  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
04:52:37.0476 1708  ohci1394 - ok
04:52:37.0501 1708  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
04:52:37.0506 1708  p2pimsvc - ok
04:52:37.0525 1708  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
04:52:37.0531 1708  p2psvc - ok
04:52:37.0559 1708  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
04:52:37.0562 1708  Parport - ok
04:52:37.0583 1708  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
04:52:37.0585 1708  partmgr - ok
04:52:37.0601 1708  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
04:52:37.0604 1708  PcaSvc - ok
04:52:37.0622 1708  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
04:52:37.0624 1708  pci - ok
04:52:37.0642 1708  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
04:52:37.0643 1708  pciide - ok
04:52:37.0679 1708  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
04:52:37.0682 1708  pcmcia - ok
04:52:37.0707 1708  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
04:52:37.0708 1708  pcw - ok
04:52:37.0728 1708  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
04:52:37.0735 1708  PEAUTH - ok
04:52:37.0787 1708  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
04:52:37.0789 1708  PerfHost - ok
04:52:37.0830 1708  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
04:52:37.0856 1708  pla - ok
04:52:37.0890 1708  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
04:52:37.0895 1708  PlugPlay - ok
04:52:37.0904 1708  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
04:52:37.0907 1708  PNRPAutoReg - ok
04:52:37.0926 1708  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
04:52:37.0928 1708  PNRPsvc - ok
04:52:37.0952 1708  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
04:52:37.0957 1708  PolicyAgent - ok
04:52:37.0979 1708  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
04:52:37.0982 1708  Power - ok
04:52:38.0012 1708  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
04:52:38.0014 1708  PptpMiniport - ok
04:52:38.0025 1708  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
04:52:38.0027 1708  Processor - ok
04:52:38.0060 1708  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
04:52:38.0063 1708  ProfSvc - ok
04:52:38.0072 1708  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:52:38.0073 1708  ProtectedStorage - ok
04:52:38.0090 1708  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
04:52:38.0092 1708  Psched - ok
04:52:38.0125 1708  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
04:52:38.0152 1708  ql2300 - ok
04:52:38.0185 1708  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
04:52:38.0188 1708  ql40xx - ok
04:52:38.0206 1708  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
04:52:38.0209 1708  QWAVE - ok
04:52:38.0224 1708  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
04:52:38.0226 1708  QWAVEdrv - ok
04:52:38.0245 1708  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
04:52:38.0246 1708  RasAcd - ok
04:52:38.0267 1708  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
04:52:38.0269 1708  RasAgileVpn - ok
04:52:38.0285 1708  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
04:52:38.0288 1708  RasAuto - ok
04:52:38.0297 1708  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
04:52:38.0299 1708  Rasl2tp - ok
04:52:38.0322 1708  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
04:52:38.0326 1708  RasMan - ok
04:52:38.0343 1708  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
04:52:38.0345 1708  RasPppoe - ok
04:52:38.0353 1708  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
04:52:38.0355 1708  RasSstp - ok
04:52:38.0371 1708  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
04:52:38.0375 1708  rdbss - ok
04:52:38.0392 1708  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
04:52:38.0393 1708  rdpbus - ok
04:52:38.0409 1708  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
04:52:38.0411 1708  RDPCDD - ok
04:52:38.0433 1708  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
04:52:38.0434 1708  RDPENCDD - ok
04:52:38.0447 1708  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
04:52:38.0448 1708  RDPREFMP - ok
04:52:38.0489 1708  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
04:52:38.0490 1708  RdpVideoMiniport - ok
04:52:38.0514 1708  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
04:52:38.0518 1708  RDPWD - ok
04:52:38.0536 1708  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
04:52:38.0539 1708  rdyboost - ok
04:52:38.0560 1708  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
04:52:38.0577 1708  RemoteAccess - ok
04:52:38.0603 1708  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
04:52:38.0607 1708  RemoteRegistry - ok
04:52:38.0625 1708  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
04:52:38.0628 1708  RpcEptMapper - ok
04:52:38.0636 1708  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
04:52:38.0638 1708  RpcLocator - ok
04:52:38.0656 1708  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
04:52:38.0660 1708  RpcSs - ok
04:52:38.0682 1708  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
04:52:38.0684 1708  rspndr - ok
04:52:38.0712 1708  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
04:52:38.0715 1708  RTL8167 - ok
04:52:38.0738 1708  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
04:52:38.0739 1708  SamSs - ok
04:52:38.0754 1708  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
04:52:38.0757 1708  sbp2port - ok
04:52:38.0769 1708  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
04:52:38.0772 1708  SCardSvr - ok
04:52:38.0785 1708  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
04:52:38.0786 1708  scfilter - ok
04:52:38.0808 1708  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
04:52:38.0827 1708  Schedule - ok
04:52:38.0848 1708  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
04:52:38.0849 1708  SCPolicySvc - ok
04:52:38.0861 1708  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
04:52:38.0865 1708  SDRSVC - ok
04:52:38.0895 1708  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
04:52:38.0896 1708  secdrv - ok
04:52:38.0909 1708  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
04:52:38.0911 1708  seclogon - ok
04:52:38.0924 1708  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
04:52:38.0926 1708  SENS - ok
04:52:38.0944 1708  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
04:52:38.0947 1708  SensrSvc - ok
04:52:38.0957 1708  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
04:52:38.0959 1708  Serenum - ok
04:52:38.0976 1708  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
04:52:38.0978 1708  Serial - ok
04:52:39.0000 1708  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
04:52:39.0002 1708  sermouse - ok
04:52:39.0024 1708  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
04:52:39.0027 1708  SessionEnv - ok
04:52:39.0043 1708  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
04:52:39.0044 1708  sffdisk - ok
04:52:39.0058 1708  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
04:52:39.0059 1708  sffp_mmc - ok
04:52:39.0075 1708  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
04:52:39.0077 1708  sffp_sd - ok
04:52:39.0095 1708  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
04:52:39.0096 1708  sfloppy - ok
04:52:39.0123 1708  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
04:52:39.0128 1708  SharedAccess - ok
04:52:39.0145 1708  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:52:39.0150 1708  ShellHWDetection - ok
04:52:39.0162 1708  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
04:52:39.0163 1708  SiSRaid2 - ok
04:52:39.0183 1708  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
04:52:39.0186 1708  SiSRaid4 - ok
04:52:39.0219 1708  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
04:52:39.0221 1708  Smb - ok
04:52:39.0241 1708  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
04:52:39.0244 1708  SNMPTRAP - ok
04:52:39.0252 1708  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
04:52:39.0254 1708  spldr - ok
04:52:39.0289 1708  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
04:52:39.0296 1708  Spooler - ok
04:52:39.0356 1708  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
04:52:39.0408 1708  sppsvc - ok
04:52:39.0425 1708  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
04:52:39.0427 1708  sppuinotify - ok
04:52:39.0453 1708  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
04:52:39.0458 1708  srv - ok
04:52:39.0479 1708  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
04:52:39.0484 1708  srv2 - ok
04:52:39.0499 1708  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
04:52:39.0501 1708  srvnet - ok
04:52:39.0524 1708  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
04:52:39.0528 1708  SSDPSRV - ok
04:52:39.0544 1708  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
04:52:39.0546 1708  SstpSvc - ok
04:52:39.0566 1708  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
04:52:39.0567 1708  stexstor - ok
04:52:39.0600 1708  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
04:52:39.0607 1708  stisvc - ok
04:52:39.0629 1708  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
04:52:39.0631 1708  swenum - ok
04:52:39.0645 1708  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
04:52:39.0651 1708  swprv - ok
04:52:39.0684 1708  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
04:52:39.0710 1708  SysMain - ok
04:52:39.0728 1708  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:52:39.0731 1708  TabletInputService - ok
04:52:39.0749 1708  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
04:52:39.0754 1708  TapiSrv - ok
04:52:39.0769 1708  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
04:52:39.0771 1708  TBS - ok
04:52:39.0811 1708  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
04:52:39.0845 1708  Tcpip - ok
04:52:39.0886 1708  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
04:52:39.0895 1708  TCPIP6 - ok
04:52:39.0925 1708  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
04:52:39.0927 1708  tcpipreg - ok
04:52:39.0956 1708  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
04:52:39.0958 1708  TDPIPE - ok
04:52:39.0981 1708  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
04:52:39.0982 1708  TDTCP - ok
04:52:40.0008 1708  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
04:52:40.0010 1708  tdx - ok
04:52:40.0040 1708  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
04:52:40.0042 1708  teamviewervpn - ok
04:52:40.0056 1708  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
04:52:40.0058 1708  TermDD - ok
04:52:40.0083 1708  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
04:52:40.0091 1708  TermService - ok
04:52:40.0113 1708  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
04:52:40.0116 1708  Themes - ok
04:52:40.0139 1708  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
04:52:40.0140 1708  THREADORDER - ok
04:52:40.0154 1708  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
04:52:40.0157 1708  TrkWks - ok
04:52:40.0196 1708  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:52:40.0199 1708  TrustedInstaller - ok
04:52:40.0219 1708  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
04:52:40.0221 1708  tssecsrv - ok
04:52:40.0257 1708  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
04:52:40.0259 1708  TsUsbFlt - ok
04:52:40.0291 1708  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
04:52:40.0292 1708  TsUsbGD - ok
04:52:40.0330 1708  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
04:52:40.0333 1708  tunnel - ok
04:52:40.0356 1708  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
04:52:40.0358 1708  uagp35 - ok
04:52:40.0375 1708  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
04:52:40.0379 1708  udfs - ok
04:52:40.0406 1708  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
04:52:40.0409 1708  UI0Detect - ok
04:52:40.0434 1708  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
04:52:40.0437 1708  uliagpkx - ok
04:52:40.0464 1708  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
04:52:40.0466 1708  umbus - ok
04:52:40.0481 1708  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
04:52:40.0482 1708  UmPass - ok
04:52:40.0499 1708  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
04:52:40.0504 1708  upnphost - ok
04:52:40.0531 1708  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
04:52:40.0534 1708  usbaudio - ok
04:52:40.0547 1708  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
04:52:40.0549 1708  usbccgp - ok
04:52:40.0571 1708  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
04:52:40.0573 1708  usbcir - ok
04:52:40.0593 1708  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
04:52:40.0595 1708  usbehci - ok
04:52:40.0617 1708  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
04:52:40.0622 1708  usbhub - ok
04:52:40.0638 1708  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
04:52:40.0639 1708  usbohci - ok
04:52:40.0658 1708  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
04:52:40.0660 1708  usbprint - ok
04:52:40.0685 1708  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:52:40.0688 1708  USBSTOR - ok
04:52:40.0695 1708  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
04:52:40.0697 1708  usbuhci - ok
04:52:40.0713 1708  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
04:52:40.0716 1708  UxSms - ok
04:52:40.0727 1708  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
04:52:40.0728 1708  VaultSvc - ok
04:52:40.0740 1708  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
04:52:40.0742 1708  vdrvroot - ok
04:52:40.0757 1708  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
04:52:40.0763 1708  vds - ok
04:52:40.0786 1708  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
04:52:40.0788 1708  vga - ok
04:52:40.0805 1708  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
04:52:40.0807 1708  VgaSave - ok
04:52:40.0822 1708  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
04:52:40.0825 1708  vhdmp - ok
04:52:40.0842 1708  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
04:52:40.0844 1708  viaide - ok
04:52:40.0873 1708  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
04:52:40.0874 1708  volmgr - ok
04:52:40.0890 1708  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
04:52:40.0894 1708  volmgrx - ok
04:52:40.0911 1708  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
04:52:40.0914 1708  volsnap - ok
04:52:40.0952 1708  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
04:52:40.0955 1708  vsmraid - ok
04:52:40.0998 1708  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
04:52:41.0024 1708  VSS - ok
04:52:41.0045 1708  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
04:52:41.0046 1708  vwifibus - ok
04:52:41.0065 1708  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
04:52:41.0070 1708  W32Time - ok
04:52:41.0092 1708  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
04:52:41.0094 1708  WacomPen - ok
04:52:41.0117 1708  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
04:52:41.0119 1708  WANARP - ok
04:52:41.0126 1708  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
04:52:41.0127 1708  Wanarpv6 - ok
04:52:41.0160 1708  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
04:52:41.0186 1708  wbengine - ok
04:52:41.0202 1708  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
04:52:41.0207 1708  WbioSrvc - ok
04:52:41.0227 1708  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
04:52:41.0232 1708  wcncsvc - ok
04:52:41.0244 1708  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:52:41.0247 1708  WcsPlugInService - ok
04:52:41.0259 1708  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
04:52:41.0261 1708  Wd - ok
04:52:41.0299 1708  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
04:52:41.0306 1708  Wdf01000 - ok
04:52:41.0320 1708  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
04:52:41.0323 1708  WdiServiceHost - ok
04:52:41.0328 1708  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
04:52:41.0330 1708  WdiSystemHost - ok
04:52:41.0355 1708  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
04:52:41.0359 1708  WebClient - ok
04:52:41.0369 1708  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
04:52:41.0373 1708  Wecsvc - ok
04:52:41.0387 1708  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
04:52:41.0390 1708  wercplsupport - ok
04:52:41.0408 1708  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
04:52:41.0411 1708  WerSvc - ok
04:52:41.0446 1708  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
04:52:41.0447 1708  WfpLwf - ok
04:52:41.0463 1708  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
04:52:41.0464 1708  WIMMount - ok
04:52:41.0487 1708  WinDefend - ok
04:52:41.0503 1708  WinHttpAutoProxySvc - ok
04:52:41.0544 1708  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
04:52:41.0548 1708  Winmgmt - ok
04:52:41.0594 1708  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
04:52:41.0634 1708  WinRing0_1_2_0 - ok
04:52:41.0694 1708  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
04:52:41.0728 1708  WinRM - ok
04:52:41.0778 1708  [ F514C1C9D814F3DB46A17C59EA8214B2 ] WiseBootAssistant C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
04:52:41.0980 1708  WiseBootAssistant - ok
04:52:42.0021 1708  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
04:52:42.0031 1708  Wlansvc - ok
04:52:42.0131 1708  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:52:42.0165 1708  wlidsvc - ok
04:52:42.0188 1708  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
04:52:42.0190 1708  WmiAcpi - ok
04:52:42.0212 1708  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
04:52:42.0215 1708  wmiApSrv - ok
04:52:42.0237 1708  WMPNetworkSvc - ok
04:52:42.0257 1708  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
04:52:42.0260 1708  WPCSvc - ok
04:52:42.0269 1708  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
04:52:42.0273 1708  WPDBusEnum - ok
04:52:42.0297 1708  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
04:52:42.0298 1708  ws2ifsl - ok
04:52:42.0308 1708  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
04:52:42.0311 1708  wscsvc - ok
04:52:42.0315 1708  WSearch - ok
04:52:42.0380 1708  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
04:52:42.0422 1708  wuauserv - ok
04:52:42.0448 1708  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
04:52:42.0451 1708  WudfPf - ok
04:52:42.0460 1708  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
04:52:42.0462 1708  WUDFRd - ok
04:52:42.0484 1708  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
04:52:42.0486 1708  wudfsvc - ok
04:52:42.0500 1708  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
04:52:42.0531 1708  WwanSvc - ok
04:52:42.0574 1708  [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
04:52:42.0576 1708  xusb21 - ok
04:52:42.0581 1708  ================ Scan global ===============================
04:52:42.0597 1708  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:52:42.0616 1708  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
04:52:42.0627 1708  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
04:52:42.0650 1708  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:52:42.0664 1708  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:52:42.0668 1708  [Global] - ok
04:52:42.0669 1708  ================ Scan MBR ==================================
04:52:42.0679 1708  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:52:42.0833 1708  \Device\Harddisk0\DR0 - ok
04:52:42.0834 1708  ================ Scan VBR ==================================
04:52:42.0837 1708  [ 78EF61FE0AB78B1C4F22A39FB28E43F9 ] \Device\Harddisk0\DR0\Partition1
04:52:42.0838 1708  \Device\Harddisk0\DR0\Partition1 - ok
04:52:42.0858 1708  [ BF108AE10DB116FD3AC458392196A419 ] \Device\Harddisk0\DR0\Partition2
04:52:42.0860 1708  \Device\Harddisk0\DR0\Partition2 - ok
04:52:42.0860 1708  ============================================================
04:52:42.0860 1708  Scan finished
04:52:42.0860 1708  ============================================================
04:52:42.0871 2988  Detected object count: 0
04:52:42.0871 2988  Actual detected object count: 0

aharonov · 12.04.2013, 04:01

Hi,

das sieht ok aus.

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von OTL

Glam · 12.04.2013, 04:38

Log von Adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 12/04/2013 um 05:05:17 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Anwender - FUTURES
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Anwender\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Anwender\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Anwender\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\5vm837sv.23\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\9rz8xp09.default\prefs.js

C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\9rz8xp09.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.50bec514aec0f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes");

Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\ynmmgqpj.23\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3283 octets] - [12/04/2013 05:05:17]

########## EOF - C:\AdwCleaner[S1].txt - [3343 octets] ##########

Log von ComboFix:

Code:

ATTFilter

ComboFix 13-04-11.01 - Anwender 12.04.2013   5:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2013.768 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Anwender\AppData\Local\lame_enc.dll
c:\users\Anwender\AppData\Local\no23xwrapper.dll
c:\users\Anwender\AppData\Local\ogg.dll
c:\users\Anwender\AppData\Local\vorbis.dll
c:\users\Anwender\AppData\Local\vorbisenc.dll
c:\users\Anwender\AppData\Local\vorbisfile.dll
c:\users\Anwender\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Anwender\AppData\Roaming\Microsoft\bass.dll
c:\users\Anwender\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Anwender\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Anwender\AppData\Roaming\ProcessLassopl_rsrc_temp.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-12 bis 2013-04-12  ))))))))))))))))))))))))))))))
.
.
2013-04-12 03:24 . 2013-04-12 03:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-11 22:27 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A908968D-DBA5-465A-B682-0FCD6DDF65DA}\mpengine.dll
2013-04-11 21:41 . 2013-04-11 21:48	--------	d-----w-	c:\users\Anwender\AppData\Local\AviraSpeedup
2013-04-11 21:40 . 2013-04-11 21:40	--------	d-----w-	c:\program files (x86)\Avira
2013-04-11 21:35 . 2013-04-11 21:35	--------	d-sh--w-	c:\windows\SysWow64\AI_RecycleBin
2013-04-10 23:06 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-10 23:05 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 23:05 . 2013-03-02 06:04	1655656	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 22:43 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 22:43 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 22:43 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 22:43 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 22:43 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 22:43 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 22:43 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-06 08:56 . 2013-04-07 03:35	--------	d-----w-	c:\users\Anwender\AppData\Roaming\FileZilla
2013-04-02 15:09 . 2013-04-11 21:44	--------	d-----w-	c:\program files\Tracker Software
2013-03-27 15:37 . 2013-03-27 15:37	--------	d-----w-	c:\users\Anwender\cityguide
2013-03-21 20:49 . 2012-11-28 21:46	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F2288A9-3C13-4DC0-B7CD-3D80BBF9DB26}\gapaengine.dll
2013-03-16 07:54 . 2013-03-16 07:54	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 20:09 . 2013-03-15 20:09	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-15 20:05 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-15 19:36 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-03-15 19:36 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-03-15 19:36 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-03-15 19:36 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-03-15 19:26 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-03-15 19:26 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-03-15 19:26 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-03-15 19:26 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-03-15 19:26 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-03-15 19:26 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-03-15 19:26 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-03-15 19:26 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-03-15 19:26 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-03-15 19:26 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-03-15 19:25 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-15 19:25 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-15 19:25 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-03-15 19:25 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-03-15 19:25 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-03-15 19:25 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-03-15 19:25 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-03-13 23:37 . 2013-03-13 23:37	--------	d-----w-	c:\users\Anwender\AppData\Roaming\.mono
2013-03-13 23:37 . 2013-03-13 23:37	--------	d-----w-	c:\programdata\.mono
2013-03-13 23:34 . 2013-03-13 23:34	--------	d-----w-	c:\users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 18:49 . 2012-09-09 19:42	925184	----a-w-	c:\windows\expstart.exe
2013-04-10 22:46 . 2012-03-19 21:17	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2011-10-07 06:10	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-16 07:54 . 2012-05-02 09:14	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-16 07:54 . 2011-07-20 11:32	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-12 20:16 . 2012-04-02 14:43	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:16 . 2011-09-15 22:04	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-15 20:19	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 20:19	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-15 20:19	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 20:19	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-15 20:19	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 20:19	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2010-10-24 20:25	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-13 05:37 . 2013-01-13 05:37	1081320	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-01-13 05:37 . 2011-09-17 21:59	959976	----a-w-	c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-09 17:19	220632	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-09 17:19	220632	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-09 17:19	220632	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-07-02 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:16]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001Core.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 16:55]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001UA.job
- c:\users\Anwender\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 16:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-09 17:19	244696	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-09 17:19	244696	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-09 17:19	244696	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Anwender\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{9B54AD02-1AD6-449E-B711-CB3A63C346C9}: DhcpNameServer = 192.168.0.1 192.168.0.2
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\ynmmgqpj.23\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-02-25 20:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\ynmmgqpj.23\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-01 05:07; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\ynmmgqpj.23\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-04-02 11:27; {c151d79e-e61b-4a90-a887-5a46d38fba99}; c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\ynmmgqpj.23\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-12  05:25:55
ComboFix-quarantined-files.txt  2013-04-12 03:25
.
Vor Suchlauf: 11 Verzeichnis(se), 348.342.272.000 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 348.268.879.872 Bytes frei
.
- - End Of File - - D9DE79D145ADC412AEB0A1A6EBC02766

Log von OTL:

Code:

ATTFilter

OTL logfile created on: 12.04.2013 05:29:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anwender\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,81% Memory free
3,93 Gb Paging File | 2,72 Gb Available in Paging File | 69,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 324,45 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
 
Computer Name: FUTURES | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 00:53:35 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.12 00:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 00:53:18 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 00:53:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 22:16:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.02 12:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 12:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.21 01:45:22 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.27 15:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012.11.13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2011.06.02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 70 0E 3B C1 C0 CD 01  [binary data]
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\..\SearchScopes\{8BF0409F-3F37-4D7F-9403-9B7FAAE69AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.1.0.23
FF - prefs.js..extensions.enabledAddons: %7B99e34760-2754-11e0-91fa-0800200c9a66%7D:5.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.09 11:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 16:14:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.02 16:14:16 | 000,000,000 | ---D | M]
 
[2012.08.14 19:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2013.04.11 00:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions
[2013.02.21 02:35:03 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.11.01 02:55:21 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\9rz8xp09.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.04.02 11:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\ynmmgqpj.23\extensions
[2013.02.25 21:16:51 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\ynmmgqpj.23\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.11.24 14:45:05 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.11.21 18:27:01 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2012.11.24 14:44:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\9rz8xp09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 06:07:17 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013.04.02 11:27:23 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2013.02.25 21:59:13 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\ynmmgqpj.23\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 00:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.09 11:46:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9RZ8XP09.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9RZ8XP09.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2013.04.12 00:53:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.13 02:38:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.13 02:38:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.13 02:38:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.13 02:38:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.13 02:38:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.13 02:38:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: Turn Off the Lights = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.35_0\
CHR - Extension: Audiotool = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Stylish = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: AdBlock = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Futhead FIFA Ultimate Team Search = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpobadmlgbdpiiegjfaoimffjngaminj\1.1.2_0\
CHR - Extension: Northern Lights = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef\1.1_0\
CHR - Extension: Google Mail = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.04.12 05:24:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1636361627-3063246627-1062591212-1001\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B54AD02-1AD6-449E-B711-CB3A63C346C9}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 05:25:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.12 05:17:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.12 05:17:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.12 05:17:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.12 05:11:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.12 05:11:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.12 05:02:38 | 005,052,052 | R--- | C] (Swearware) -- C:\Users\Anwender\Desktop\ComboFix.exe
[2013.04.12 03:56:51 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anwender\Desktop\tdsskiller.exe
[2013.04.12 03:56:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Anwender\Desktop\aswMBR.exe
[2013.04.12 00:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.12 00:45:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anwender\Desktop\OTL.exe
[2013.04.11 23:41:08 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Local\AviraSpeedup
[2013.04.11 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
[2013.04.11 23:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.04.11 23:35:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.04.11 21:05:41 | 002,118,144 | ---- | C] (Geek Uninstaller Software) -- C:\Users\Anwender\Desktop\geek.exe
[2013.04.06 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\FileZilla
[2013.04.02 17:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.03.27 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\Anwender\cityguide
[2013.03.18 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 13 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS
[2013.03.18 06:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
[2013.03.14 01:37:16 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\.mono
[2013.03.14 01:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2013.03.14 01:34:21 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Anwender\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Anwender\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Anwender\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Anwender\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 05:30:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001UA.job
[2013.04.12 05:24:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.12 05:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.12 05:14:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 05:14:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 05:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 05:06:55 | 1583,177,728 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 05:02:50 | 005,052,052 | R--- | M] (Swearware) -- C:\Users\Anwender\Desktop\ComboFix.exe
[2013.04.12 05:02:37 | 000,613,083 | ---- | M] () -- C:\Users\Anwender\Desktop\adwcleaner.exe
[2013.04.12 04:51:49 | 000,000,512 | ---- | M] () -- C:\Users\Anwender\Desktop\MBR.dat
[2013.04.12 03:58:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Anwender\Desktop\aswMBR.exe
[2013.04.12 03:56:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anwender\Desktop\tdsskiller.exe
[2013.04.12 01:22:19 | 000,001,320 | ---- | M] () -- C:\Users\Anwender\Desktop\Gmer.zip
[2013.04.12 01:09:25 | 000,377,856 | ---- | M] () -- C:\Users\Anwender\Desktop\gmer_2.1.19163.exe
[2013.04.12 00:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Desktop\OTL.exe
[2013.04.12 00:43:49 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2013.04.12 00:40:36 | 000,050,477 | ---- | M] () -- C:\Users\Anwender\Desktop\Defogger.exe
[2013.04.11 23:41:08 | 000,001,167 | ---- | M] () -- C:\Users\Anwender\Desktop\Avira System Speedup.lnk
[2013.04.11 23:30:46 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1636361627-3063246627-1062591212-1001Core.job
[2013.04.11 23:23:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 20:49:14 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe
[2013.04.11 20:44:33 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 20:44:33 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 20:44:33 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 20:44:33 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 20:44:33 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 06:31:57 | 000,002,345 | ---- | M] () -- C:\Users\Anwender\Desktop\Google Chrome.lnk
[2013.04.11 01:02:31 | 000,359,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 12:45:43 | 002,118,144 | ---- | M] (Geek Uninstaller Software) -- C:\Users\Anwender\Desktop\geek.exe
[2013.04.08 16:39:03 | 000,001,063 | ---- | M] () -- C:\Users\Anwender\Desktop\Notepad++.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 12:45:58 | 000,001,105 | ---- | M] () -- C:\Users\Anwender\Desktop\ColorMania.lnk
[2013.03.18 06:41:57 | 000,002,230 | ---- | M] () -- C:\Users\Anwender\Desktop\FIFA 13 CAREER MODE EDITOR 1.0 by Doctor+.lnk
[2013.03.18 06:39:20 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2013.03.15 22:35:13 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.15 21:42:15 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013.04.12 05:17:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.12 05:17:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.12 05:17:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.12 05:17:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.12 05:17:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.12 05:02:30 | 000,613,083 | ---- | C] () -- C:\Users\Anwender\Desktop\adwcleaner.exe
[2013.04.12 04:51:49 | 000,000,512 | ---- | C] () -- C:\Users\Anwender\Desktop\MBR.dat
[2013.04.12 01:22:19 | 000,001,320 | ---- | C] () -- C:\Users\Anwender\Desktop\Gmer.zip
[2013.04.12 01:09:23 | 000,377,856 | ---- | C] () -- C:\Users\Anwender\Desktop\gmer_2.1.19163.exe
[2013.04.12 00:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2013.04.12 00:40:33 | 000,050,477 | ---- | C] () -- C:\Users\Anwender\Desktop\Defogger.exe
[2013.04.11 23:41:08 | 000,001,167 | ---- | C] () -- C:\Users\Anwender\Desktop\Avira System Speedup.lnk
[2013.04.08 18:45:23 | 002,987,168 | ---- | C] () -- C:\Users\Anwender\Desktop\Squads 20121206102542#Squads 1
[2013.03.18 06:41:57 | 000,002,230 | ---- | C] () -- C:\Users\Anwender\Desktop\FIFA 13 CAREER MODE EDITOR 1.0 by Doctor+.lnk
[2013.03.18 06:39:20 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2012.12.05 20:23:38 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.09.09 23:53:08 | 000,002,677 | ---- | C] () -- C:\Users\Anwender\AppData\Local\recently-used.xbel
[2012.09.09 21:42:27 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.06.02 17:37:22 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.03.18 13:46:38 | 000,007,598 | ---- | C] () -- C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
[2011.10.19 18:48:08 | 000,001,600 | ---- | C] () -- C:\Users\Anwender\AppData\Local\RecConfig.xml
[2011.07.20 10:51:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.07.20 10:51:51 | 000,022,587 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.14 01:37:16 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\.mono
[2012.12.05 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Apowersoft
[2013.03.18 09:16:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\BSW
[2012.11.17 13:37:52 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Dropbox
[2012.09.17 07:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Electronic Arts
[2013.04.07 05:35:58 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FileZilla
[2012.09.14 08:51:37 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Foxit Software
[2012.06.10 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Geek Uninstaller
[2011.10.20 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mp3DirectCut
[2013.04.11 22:49:02 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\MusicBee
[2012.10.19 03:28:58 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Need for Speed World
[2013.04.08 16:39:03 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Notepad++
[2012.09.08 07:55:18 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.12.01 02:16:28 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Origin
[2013.03.14 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Pokémon Trading Card Game Online
[2012.12.10 03:24:05 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Steganos
[2012.09.07 19:42:35 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\SumatraPDF
[2011.09.29 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Thunderbird
[2013.04.11 01:07:04 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\uTorrent
[2013.04.11 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wise Care 365
[2013.02.01 01:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Wise Game Booster
 
========== Purity Check ==========
 
 

< End of report >

aharonov · 12.04.2013, 04:49

Da ist nicht wirklich was zu sehen..
Noch eine Kontrolle:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

Glam · 12.04.2013, 06:13

Vorab: ESET hat nichts gefunden; daher kein Log dafür.

Fixlog von OTL:

Code:

ATTFilter

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Anwender
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 79642159 bytes
->Java cache emptied: 7801696 bytes
->FireFox cache emptied: 73592920 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7158 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77926 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 638 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 154,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04122013_055247

Files\Folders moved on Reboot...
C:\Users\Anwender\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Log von MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Anwender :: FUTURES [Administrator]

12.04.2013 05:57:41
mbam-log-2013-04-12 (05-57-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 253909
Laufzeit: 3 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log von SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Mozilla Firefox (20.0.1) 
 Mozilla Thunderbird (17.0.) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

aharonov · 12.04.2013, 12:36

Antonio, da ist nichts zu sehen bei dir, was Malware als Ursache für die von dir beschriebenen Symptome ins Zentrum rücken lässt..
Und da du, so wie es aussieht, auch auf aktuelle Software achtest, konnten die erwähnten Java-Exploits wohl ihre Wirkung nicht entfalten wie gewünscht.
Von meiner Seite her würd ich dich jetzt als sauber entlassen und wir räumen noch auf:

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Glam · 12.04.2013, 13:58

Ich bin den letzten Anweisungen gefolgt und kann nun auch sagen, dass es keine Probleme mehr mit Windows Update gibt. Bis jetzt auch keine Anzeichen von Internetschwierigkeiten. Da bin ich noch mal mit einem blauen Auge davon gekommen, denn Vorsicht ist besser als Nachsicht.

Vielen Dank für deine Hilfe, Leo, ihr leistet hier tolle Arbeit!

Antonio

aharonov · 12.04.2013, 14:43

Danke für die Rückmeldung, Antonio.

Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits

Plagegeister aller Art und deren Bekämpfung: Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits