Probleme mit qvo6 und SpyHunter 4

loewenherzl · 05.05.2013, 20:12

Hallo zusammen,

ich bin zwar nicht unerfahren im Umgang mit einem Computer, jedoch geht mein Problem weit über das hinaus, was ich selbst lösen kann, daher bin ich nach einigen vergebenen Versuchen (Schilderung siehe weiter unten) und diversen Recherchen im Netz hier bei Euch gelandet. Ich habe laut der Anweisung gearbeitet und möchte nun um Eure Hilfe bitten.

Vorab ein paar Infos zu meinem Problem, wie es dazu kam, was ich bisher unternommen habe und was sonst noch so wichtig sein könnte. Sollte ich etwas vergessen, so werdet Ihr mich sicher danach fragen

Ursache meines Problems:
Am 03.05.13 habe ich im Internet nach einem Programm Ausschau gehalten, von welchem ich mir erhoffte, dass es mir zum Üben für meine kurz bevorstehende Abschlussprüfung meiner Ausbildung helfen könnte. Eigentlich ein ganz harmloses Programm um GRAFCET zu lernen/üben. Die Seite (ich weiß leider nicht mehr welche es war) machte einen vertrauensvollen Eindruck und ich habe mir die Trialversion des entsprechenden Programms herunter geladen und es installiert.

Eigentlich bin ich beim installieren immer sehr vorsichtig und lehne alles ab, was mir auf dem Rechner installiert werden soll, aber nicht zum eigentlichen Programm gehört. Solche Installationen habe ich auch hier gehabt und entsprechend abgelehnt. Dennoch ist irgendwie qvo6 auf meinem Rechner gelandet, von dem ich bis heute nicht wusste, was es ist. Als ich heute mehrfach ins Internet wollte (Firefox) und mir als Startseite ständig der grinsende Smily von qvo6 begegnete wurde ich skeptisch. Nun folgen meine

bisherigen Unternehmungen
um mich dieses Programms wieder zu entledigen.

Ich habe über die Systemsteuerung alle Programme deinstalliert, die ich am 03.05.13 unwissentlich installiert habe und nicht kannte (es waren etwa fünf oder sechs). Dies alleine hat mich schon erstaunt.

Ich habe im Firefox alle Add-ons deinstalliert die mir spanisch vorkamen und in den Einstellungen alles so eingestellt, dass ich als Startseite eine Leerseite habe und bei Neustart von Firefox die bei der letzten Sitzung aktiven Tabs gestartet werden. Den Firefox habe ich danach neu gestartet. Dies habe ich mehrfach gemacht und immer wieder wird nur ein Tab geöffnet mit der Startseite von qvo6.

Als mich das nicht weiter gebracht hat habe ich im Internet mit google nach qvo6 gesucht und bin schnell fündig geworden. Daraufhin habe ich mit Avast HomePremium zuerst einen schnellen Scan und anschließend zwei intensive Scans auf meinem kompletten Rechner laufen lassen. Alle waren ergebnislos.

Die manuelle Suche auf meinem Rechner nach qvo6.exe verlief ebenfalls ergebnislos.

Als ich mir nicht mehr zu helfen wusste habe ich mir im Internet den SpyHunter 4 herunter geladen (kostenlos) und einen weiteren Scan durchgeführt. Dieser Scan hat mir erschreckende Ergebnisse geliefert. Ich soll auf meinem Rechner 90 Probleme haben, unter anderem auch diverse Einträge von qvo6. Als ich dann die Daten beseitigen wollte wurde ich aufgefordert den SpyHunter 4 zu kaufen. Da wurde ich noch skeptischer und begann nach diesem Programm zu googlen. Danach bin ich auf Euer Forum und diesen Eintrag aufmerksam geworden.

Nun schließt sich der Kreis und ich habe gemäß Eurer oben erwähnten Anweisung alle Programm installiert und die entsprechenden Scans durchgeführt (Ergebnisse siehe weiter unten).

defogger_disable

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:20 on 05/05/2013 (Sascha)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Dieser Scan verlief Problemlos.

OTL

Code:

ATTFilter

OTL logfile created on: 05.05.2013 18:23:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,20% Memory free
6,00 Gb Paging File | 4,12 Gb Available in Paging File | 68,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 72,96 Gb Free Space | 62,66% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 55,04 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive E: | 116,44 Gb Total Space | 69,39 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 116,16 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: LABTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.05.05 18:22:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.04.12 17:09:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.12 16:36:02 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013.03.26 17:28:17 | 000,138,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe
PRC - [2013.03.19 16:15:51 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.02 10:24:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe
PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\***\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe
PRC - [2012.11.06 06:20:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 17:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012.07.26 05:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2012.07.26 05:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012.07.23 15:42:04 | 000,041,632 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
PRC - [2012.07.17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
PRC - [2012.06.25 16:16:44 | 000,548,768 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe
PRC - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
PRC - [2012.01.20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 17:09:30 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.04.12 16:36:02 | 016,032,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013.03.26 17:28:32 | 000,140,184 | ---- | M] () -- C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
MOD - [2013.02.15 15:02:19 | 011,843,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\514763136e7ea4730f5fb8120b6bbb30\System.Web.ni.dll
MOD - [2013.02.15 15:01:21 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll
MOD - [2013.01.13 14:33:35 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll
MOD - [2013.01.13 14:33:23 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8e9282974a23dfd1c27496da39f39472\System.Management.ni.dll
MOD - [2013.01.13 14:33:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll
MOD - [2013.01.13 14:33:06 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll
MOD - [2013.01.13 12:51:44 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013.01.13 12:51:23 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013.01.13 12:51:13 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ef15bfde4d664e24a6c6886e8fb03eb\PresentationFramework.Aero.ni.dll
MOD - [2013.01.13 12:51:11 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e07f712f0af54ae2a9ad237baa4c54b3\PresentationFramework.ni.dll
MOD - [2013.01.13 12:50:51 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\552e0b1cffc85b2d7bb8f202dbf6b58f\PresentationCore.ni.dll
MOD - [2013.01.13 12:50:32 | 003,349,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\24cc53e26c02f2d0dbb139045428ef76\WindowsBase.ni.dll
MOD - [2013.01.13 12:50:27 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013.01.13 12:50:18 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012.10.10 03:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012.10.10 03:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012.10.10 03:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012.10.10 03:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012.09.14 00:04:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.14 00:03:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.07.06 04:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.07.06 04:01:07 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.07.06 04:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2012.07.06 04:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 17:09:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.12 16:36:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.03.02 10:23:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013.03.02 10:23:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013.02.14 04:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.02 10:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013.01.29 02:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013.01.10 01:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013.01.10 01:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 06:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.11.06 06:18:36 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.20 08:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012.09.20 07:55:29 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2012.09.20 07:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012.09.20 07:53:35 | 000,142,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012.07.26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012.07.26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012.07.26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012.07.26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012.07.26 05:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012.07.26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012.07.26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012.07.26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012.07.26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012.07.26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012.07.26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [File_System | Disabled | Stop_Pending] -- system32\DRIVERS\EsgScanner.sys -- (EsgScanner)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.03.02 11:54:25 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013.03.02 11:06:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013.03.02 10:52:49 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013.03.02 10:52:47 | 000,237,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013.03.02 10:52:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013.02.02 11:00:11 | 000,361,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013.02.02 09:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013.01.29 02:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013.01.29 01:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013.01.10 03:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.11.27 05:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012.11.20 06:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012.11.06 05:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012.10.12 09:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.10.11 07:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012.10.11 07:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012.10.11 06:40:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDScan.sys -- (WSDScan)
DRV - [2012.09.20 09:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012.09.20 08:34:10 | 000,179,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012.09.20 08:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012.07.26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012.07.26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012.07.26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012.07.26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012.07.26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012.07.26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012.07.26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012.07.26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012.07.26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012.07.26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012.07.26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012.07.26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012.07.26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012.07.26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012.07.26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012.07.26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012.07.26 04:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2012.07.26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012.07.26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012.07.26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012.07.26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012.07.26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012.07.26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012.07.26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012.07.26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012.07.26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012.07.26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012.07.26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012.07.26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012.07.26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012.07.26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012.07.26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012.07.26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012.07.26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.07.26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012.07.26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012.07.26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012.07.26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012.07.26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012.07.26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012.06.21 17:04:52 | 000,407,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2012.06.02 16:32:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2012.06.02 16:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2009.07.02 18:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2009.05.13 10:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=4325428
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=4325428
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=4325428
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=4325428
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.19 19:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.03 15:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.25 13:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 17:09:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 17:09:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.03 17:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.12 17:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 17:09:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.05 17:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.05.03 17:07:50 | 000,000,732 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
 
O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\***\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SRSAENotifier] C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SkyDrive] C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF7F6B0-4688-4F9E-B8A5-5D4DD4E022D3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 20:12:58 | 000,000,000 | ---D | M] - D:\Autokauf -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 21:21:36 | 000,000,000 | ---D | M] - E:\Autokauf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.05 18:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.05 18:05:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.05 16:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.05 16:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.05.03 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.05.03 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Desk 365
[2013.05.03 17:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Desk 365
[2013.05.03 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\eIntaller
[2013.05.03 17:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SwvUpdater
[2013.05.03 17:05:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Finder
[2013.05.03 17:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2013.05.03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.03 16:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.12 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.05 18:22:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.05 18:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.05 18:20:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.05 18:18:24 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.05 17:47:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
[2013.05.05 16:44:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2013.05.05 15:40:34 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.05 15:38:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.05 15:38:10 | 2576,416,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 13:39:23 | 000,000,502 | ---- | M] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2013.05.03 16:38:19 | 000,184,520 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.29 20:12:01 | 000,753,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.29 20:12:01 | 000,710,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.29 20:12:01 | 000,155,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.29 20:12:01 | 000,132,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.13 14:00:16 | 000,425,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.05 18:20:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.05 18:18:23 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.03 17:07:20 | 000,001,345 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.03 16:38:19 | 000,184,520 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.13 13:59:51 | 000,425,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.13 13:41:06 | 000,387,867 | ---- | C] () -- C:\WINDOWS\System32\ApnDatabase.xml
[2013.03.19 19:39:49 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.19 19:39:49 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.01.13 15:57:01 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.12.23 11:59:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SAMSFPA.DAT
[2012.12.21 17:49:20 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012.12.19 14:12:52 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.12.11 18:52:13 | 000,000,502 | ---- | C] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2012.12.10 19:34:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswnet.sys.sum
[2012.07.26 10:41:52 | 000,753,134 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2012.07.26 10:41:52 | 000,155,826 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2012.07.26 08:55:27 | 000,710,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.07.26 08:55:27 | 000,132,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012.06.21 17:04:52 | 000,407,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.04.28 07:35:21 | 000,000,000 | ---- | C] () -- C:\Users\***\ADSM_Backup.xml
[2009.04.22 07:55:23 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.04.22 07:55:23 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2012.12.22 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.26 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cities3D
[2013.05.03 17:08:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Desk 365
[2012.12.26 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\driveridentifier
[2012.12.22 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Drivers For Free
[2013.02.03 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.02.06 14:50:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.03 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eIntaller
[2012.12.28 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2013.02.28 18:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\File Scout
[2012.12.26 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion
[2013.01.13 12:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Geek Uninstaller
[2013.01.13 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2013.05.03 17:06:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Finder
[2013.04.20 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2013.01.10 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.12.24 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.02.25 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2013.02.25 13:08:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.12.26 15:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PerformerSoft
[2012.12.11 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spacejock Software
[2012.12.19 14:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >

Die Scans für Extras und gmer sind als Anhang an diesen Beitrag angeheftet, da dieser Beitrag sonst 1368827 Zeichen hätte und das Board mich aufgefordert hat, diese Dateien zu zippen und anzuhängen. Bei dem Scan von GMER kam es mehrfach zu Problemen

Ein Systemabsturz mit Bluescreen, welchen ich nur durch längeres Drücken des Ein-/Ausschalters meines Labtops beenden konnte, nachdem er mehrere Minuten nicht reagierte. Leider habe ich beim Start eines neuen Scans vergessen Avast zu stoppen, die Internetverbindung habe ich jedoch unterbrochen (auch WLAN). Sollte dies zu Beeinträchtigungen bezüglich des Scans gekommen sein und diesen verfälscht haben, so kann ich diesen bei Bedarf gerne wiederholen (wenn erforderlich).

Während des Scans wurde ich mehrfach von GMER aufgefordert einen Datenträger in Laufwerk H: einzulegen. Dabei habe ich gar kein Laufwerk H: Diese Meldung konnte ich nur beenden, indem ich mehrfach auf das "x" oben rechts geklickt habe, da die drei zur Verfügung stehenden Buttons (Abbrechen, Wiederholen, Überspringen) nicht reagierten.

So, ich hoffe ich habe nichts vergessen und noch mehr hoffe ich, dass Ihr mir helfen könnt. Für den Fall, dass es von Interesse/Wichtigkeit ist: Ich verwende Windows 8. Da ich aktuell auf Grund meiner Prüfung zeitlich stark eingespannt bin, kann es passieren, dass ich nicht sofort auf eine Antwort von Euch reagiere, daher bitte ich um etwas Geduld und hoffe, dass Ihr das Thema nicht direkt schließt. Es kann unter Umständen auch mal ein/zwei Tage dauern, bis ich mich melde. Werde aber versuchen es schneller hin zu bekommen.

Vielen Dank im Voraus für Eure Hilfe!!!

Gruß
loewenherzl

aharonov · 06.05.2013, 13:04

Hi,

Gmer rauscht schon mal ab, das ist nicht ungewöhnlich.
Gehen wir das mit dem AdwCleaner an:

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von OTL

loewenherzl · 06.05.2013, 17:57

Hallo Leo,

vielen Dank schon mal für Deine schnelle Antwort. Hier die angeforderten Daten. Es sind keinerlei Probleme aufgetreten und beim Start vom Firefox habe ich auch nicht mehr die Seite von qvo6 angezeigt bekommen

Gruß
loewenherzl

EDIT:
Mir ist gerade aufgefallen, dass ich in den Einstellungen vom Firefox in den Tabs nicht die Einstellung vornehmen kann, dass bei einem Neustart von Firefox die letzten geöffneten Tabs wieder angezeigt werden. Die Auswahl ist grau unterlegt. Liegt das auch an dem qvo6?

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 06/05/2013 um 18:30:36 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (32 bits)
# Benutzer : *** - LABTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Désinfected : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Datei Désinfected : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml
Ordner Gelöscht : C:\Program Files\Desk 365
Ordner Gelöscht : C:\Program Files\file scout
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\***\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\***\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\***\AppData\Roaming\PerformerSoft

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\V9
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=4325428 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=4325428 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=163a5fd0-b426-4596-951f-d2fa52cd8334&searchtype=ds&q={searchTerms}&installDate=03/05/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9250320AS_5SW276RWXXXX5SW276RW&ts=1367593667 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a1gnqrvi.default-1367752571952\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7845 octets] - [06/05/2013 18:30:36]

########## EOF - C:\AdwCleaner[S1].txt - [7905 octets] ##########

Code:

ATTFilter

OTL logfile created on: 06.05.2013 18:40:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,81% Memory free
6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 72,91 Gb Free Space | 62,62% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 55,04 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive E: | 116,44 Gb Total Space | 69,39 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 116,16 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: LABTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.05 18:22:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.04.12 17:09:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.03.26 17:28:17 | 000,138,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe
PRC - [2013.03.19 16:15:51 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.02 10:24:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\***\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe
PRC - [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 17:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012.07.26 05:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2012.07.26 05:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012.07.23 15:42:04 | 000,041,632 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
PRC - [2012.07.17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
PRC - [2012.06.25 16:16:44 | 000,548,768 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe
PRC - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
PRC - [2012.01.20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2006.10.23 02:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 17:09:30 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.02.15 15:02:19 | 011,843,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\514763136e7ea4730f5fb8120b6bbb30\System.Web.ni.dll
MOD - [2013.02.15 15:01:21 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll
MOD - [2013.01.13 14:33:35 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll
MOD - [2013.01.13 14:33:23 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8e9282974a23dfd1c27496da39f39472\System.Management.ni.dll
MOD - [2013.01.13 14:33:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll
MOD - [2013.01.13 14:33:06 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll
MOD - [2013.01.13 12:51:44 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013.01.13 12:51:23 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013.01.13 12:51:13 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ef15bfde4d664e24a6c6886e8fb03eb\PresentationFramework.Aero.ni.dll
MOD - [2013.01.13 12:51:11 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e07f712f0af54ae2a9ad237baa4c54b3\PresentationFramework.ni.dll
MOD - [2013.01.13 12:50:51 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\552e0b1cffc85b2d7bb8f202dbf6b58f\PresentationCore.ni.dll
MOD - [2013.01.13 12:50:32 | 003,349,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\24cc53e26c02f2d0dbb139045428ef76\WindowsBase.ni.dll
MOD - [2013.01.13 12:50:27 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013.01.13 12:50:18 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012.10.10 03:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012.10.10 03:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012.10.10 03:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012.10.10 03:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012.09.14 00:04:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.14 00:03:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.07.06 04:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.07.06 04:01:07 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.07.06 04:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2012.07.06 04:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 17:09:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.12 16:36:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.03.02 10:23:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013.03.02 10:23:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013.02.14 04:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.02 10:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013.01.29 02:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013.01.10 01:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013.01.10 01:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 06:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.11.06 06:18:36 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.20 08:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012.09.20 07:55:29 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2012.09.20 07:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012.09.20 07:53:35 | 000,142,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012.07.26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012.07.26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012.07.26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012.07.26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012.07.26 05:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012.07.26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012.07.26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012.07.26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012.07.26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012.07.26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012.07.26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.03.02 11:54:25 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013.03.02 11:06:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013.03.02 10:52:49 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013.03.02 10:52:47 | 000,237,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013.03.02 10:52:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013.02.02 11:00:11 | 000,361,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013.02.02 09:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013.01.29 02:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013.01.29 01:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013.01.10 03:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.11.27 05:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012.11.20 06:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012.11.06 05:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012.10.12 09:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.10.11 07:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012.10.11 07:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012.10.11 06:40:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDScan.sys -- (WSDScan)
DRV - [2012.09.20 09:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012.09.20 08:34:10 | 000,179,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012.09.20 08:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012.07.26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012.07.26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012.07.26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012.07.26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012.07.26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012.07.26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012.07.26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012.07.26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012.07.26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012.07.26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012.07.26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012.07.26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012.07.26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012.07.26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012.07.26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012.07.26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012.07.26 04:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2012.07.26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012.07.26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012.07.26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012.07.26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012.07.26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012.07.26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012.07.26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012.07.26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012.07.26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012.07.26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012.07.26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012.07.26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012.07.26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012.07.26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012.07.26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012.07.26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012.07.26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.07.26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012.07.26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012.07.26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012.07.26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012.07.26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012.07.26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012.06.21 17:04:52 | 000,407,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2012.06.02 16:32:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2012.06.02 16:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2009.07.02 18:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2009.05.13 10:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.19 19:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.25 13:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 17:09:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 17:09:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.03 17:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.12 17:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 17:09:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.05 17:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SRSAENotifier] C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [LightShot] C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [SkyDrive] C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe ()
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF7F6B0-4688-4F9E-B8A5-5D4DD4E022D3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 20:12:58 | 000,000,000 | ---D | M] - D:\Autokauf -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 21:21:36 | 000,000,000 | ---D | M] - E:\Autokauf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.05 18:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.05 18:05:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.05 16:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.05 16:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.05.03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.03 16:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.12 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 18:36:40 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.06 18:34:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.06 18:34:32 | 2576,416,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 18:29:46 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.05 21:47:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
[2013.05.05 21:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.05 21:01:09 | 000,067,293 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2013.05.05 21:00:55 | 000,009,305 | ---- | M] () -- C:\Users\***\Desktop\Extras.zip
[2013.05.05 20:44:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2013.05.05 18:47:27 | 461,832,891 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013.05.05 18:33:38 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.05 18:22:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.05 18:20:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.05 18:18:24 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.05 13:39:23 | 000,000,502 | ---- | M] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2013.05.03 16:38:19 | 000,184,520 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.29 20:12:01 | 000,753,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.29 20:12:01 | 000,710,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.29 20:12:01 | 000,155,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.29 20:12:01 | 000,132,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.13 14:00:16 | 000,425,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.06 18:29:44 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.05 21:01:09 | 000,067,293 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2013.05.05 21:00:55 | 000,009,305 | ---- | C] () -- C:\Users\***\Desktop\Extras.zip
[2013.05.05 18:33:37 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.05 18:20:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.05 18:18:23 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.03 17:07:20 | 000,001,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.03 16:38:19 | 000,184,520 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.13 13:59:51 | 000,425,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.13 13:41:06 | 000,387,867 | ---- | C] () -- C:\WINDOWS\System32\ApnDatabase.xml
[2013.03.19 19:39:49 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.19 19:39:49 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.01.13 15:57:01 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.12.23 11:59:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SAMSFPA.DAT
[2012.12.21 17:49:20 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012.12.19 14:12:52 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.12.11 18:52:13 | 000,000,502 | ---- | C] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2012.12.10 19:34:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswnet.sys.sum
[2012.07.26 10:41:52 | 000,753,134 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2012.07.26 10:41:52 | 000,155,826 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2012.07.26 08:55:27 | 000,710,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.07.26 08:55:27 | 000,132,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012.06.21 17:04:52 | 000,407,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.04.28 07:35:21 | 000,000,000 | ---- | C] () -- C:\Users\***\ADSM_Backup.xml
[2009.04.22 07:55:23 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.04.22 07:55:23 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2012.12.22 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.26 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cities3D
[2012.12.26 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\driveridentifier
[2012.12.22 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Drivers For Free
[2013.02.03 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.12.28 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2012.12.26 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion
[2013.01.13 12:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Geek Uninstaller
[2013.01.13 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2013.04.20 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2013.01.10 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.12.24 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.02.25 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2012.12.11 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spacejock Software
[2012.12.19 14:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >

aharonov · 06.05.2013, 18:21

Hi,

warum diese Einstellung nicht verfügbar ist, weiss ich grad auch nicht..
Wir kontrollieren noch:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
[2013.05.05 16:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.05 16:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

loewenherzl · 06.05.2013, 19:09

Hier schon mal die ersten Daten. Bei dem Eset-Scanner habe ich ein Problem. Wenn ich auf Start klicke, dann fragt er ob ich den Proxy konfiguriert habe. Was muss ich da machen? Es gibt folgende Möglichkeiten:

1. Startbutton drücken (führt aber nicht weiter)
2. Hacken setzen bei "use custom proxy settings" (bringt auch nichts)
3. Link "configure..." anklicken. Hier öffnet sich ein kleines Fenster in dem folgende Daten abgefragt werden:
a) Proxyadress
b) Port
c) Username
d) Password
Da weiß ich allerdings nicht, welche Daten er von mir haben will. Wie soll ich weiter verfahren?

Nun die Daten vom Schritt 1 und 2

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.06.07

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16540
*** :: LABTOP [Administrator]

Schutz: Aktiviert

06.05.2013 19:48:21
mbam-log-2013-05-06 (19-48-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224053
Laufzeit: 7 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\Documents\Downloads\monopoly_deluxe_1_00.exe (PUP.Downloader.ZYL) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 164580828 bytes
->Temporary Internet Files folder emptied: 26653603 bytes
->Java cache emptied: 1170020 bytes
->FireFox cache emptied: 6103248 bytes
->Flash cache emptied: 706 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1461206 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63204968 bytes
RecycleBin emptied: 112098942 bytes
 
Total Files Cleaned = 358,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05062013_193748

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aharonov · 06.05.2013, 19:14

Hi,

Zitat:

Bei dem Eset-Scanner habe ich ein Problem. Wenn ich auf Start klicke, dann fragt er ob ich den Proxy konfiguriert habe.

versuch mal, ob du es so hinbekommst, dass ESET läuft:

Falsche Proxy Einstellungen entfernen

Gehe im Internet Explorer zu Extras -> Internetoptionen.
In der Registerkarte Verbindungen drücke auf LAN-Einstellungen.
Wenn bei "Proxyserver für LAN verwenden" ein Häkchen gesetzt ist, entferne dieses.
Setze den Haken bei "Automatische Suche der Einstellungen".
Bestätige mit OK.

loewenherzl · 06.05.2013, 19:48

Den Internet Explorer habe ich nicht auf meinem Rechner, der ist deinstalliert. Ich gehe immer mit dem Firefox ins Netz. Habe in den Einstellungen in der Registerkarte "Netzwerk" alle Optionen versucht, jedoch ohne Erfolg. Die Optionen sind

aharonov · 06.05.2013, 19:50

Ok, dann ersetz denn ESET-Scan durch Folgendes:

Downloade dir bitte den Panda Cloud Cleaner und starte den Scan.
Bitte nichts löschen. Am Ende nur "View Report" unten rechts klicken.
Kopiere den Scanreport hier in den Thread.

loewenherzl · 09.05.2013, 07:57

Heute als ich meinen Rechner gestartet habe, habe ich wieder im Firefox den qvo6 angezeigt bekommen. Muss ich jetzt wieder ganz von vorne anfangen?

aharonov · 09.05.2013, 12:07

Mach noch den Panda und den SecurityCheck-Scan wie beschrieben. Und dann hänge ich dir noch einen Schritt 5 an:

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

loewenherzl · 09.05.2013, 12:55

Hier die gewünschten Daten

Panda:

Code:

ATTFilter

Unknown. FILE: C:\PROGRAM FILES\COMMON FILES\ADOBE SYSTEMS SHARED\SERVICE\ADOBELMSVC.EXE to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\Adobe LM Service. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ADOBE_EPIC.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.FRA to be deleted.

Unknown. FILE: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SSLEAY32.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\WINRAR\RAREXT.DLL to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved[{B41DB860-8EE4-11D2-9906-E49FADC173CA}]. Value: {B41DB860-8EE4-11D2-9906-E49FADC173CA} To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\WinRAR. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\MOZILLA FIREFOX\XUL.DLL to be deleted.

Unknown. FILE: C:\USERS\***\APPDATA\LOCAL\SKILLBRAINS\LIGHTSHOT\LIGHTSHOT.EXE to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\LightShot\LightShot .lnk to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot\LightShot .lnk to be deleted.

Unknown. REGKEY: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[LightShot]. Value: LightShot To be deleted.

Unknown. FILE: C:\WINDOWS\TWAIN_32\ESCNDV\ESCFG.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan-Einstellungen.lnk to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\EPSON\EPSON Scan\EPSON Scan-Einstellungen.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Escfg.exe. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\EXCEL.EXE to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids[Excel.CSV]. Value: Excel.CSV To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList[MRUList]. Value: MRUList To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList[g]. Value: g To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids[Excel.OpenDocumentSpreadsheet.12]. Value: Excel.OpenDocumentSpreadsheet.12 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids[Excel.AddInMacroEnabled]. Value: Excel.AddInMacroEnabled To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList[MRUList]. Value: MRUList To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList[a]. Value: a To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids[Excel.SheetBinaryMacroEnabled.12]. Value: Excel.SheetBinaryMacroEnabled.12 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids[Excel.SheetMacroEnabled.12]. Value: Excel.SheetMacroEnabled.12 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithList[MRUList]. Value: MRUList To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithList[a]. Value: a To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids[Excel.Sheet.12]. Value: Excel.Sheet.12 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids[Excel.TemplateMacroEnabled]. Value: Excel.TemplateMacroEnabled To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids[Excel.Template]. Value: Excel.Template To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE903C-2776-4574-9855-EC1597ABE3D6}. Key to be deleted.

Unknown. FILE: C:\WINDOWS\SYSTEM32\DRIVERS\PAVBOOT.SYS to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\Pavboot. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\OUTLOOK.EXE to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\OpenWithProgids[Outlook.File.ics.14]. Value: Outlook.File.ics.14 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids[Outlook.File.msg.14]. Value: Outlook.File.msg.14 To be deleted.

Unknown. FILE: C:\PROGRAM FILES\SKILLBRAINS\UPDATER\UPDATER.EXE to be deleted.

Unknown. TASK: Task\[update-S-1-5-21-4171136491-575053196-1707953686-1000]. Task to be deleted.

Unknown. TASK: Task\[update-sys]. Task to be deleted.

Unknown. FILE: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\DEFS\13050900\ALGO.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ADOBE HELP CENTER\AHC.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Adobe Help Center.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ahc.exe. Key to be deleted.

Unknown. FILE: C:\WINDOWS\SYSTEM32\SHELL32.DLL to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{3DAD6C5D-2167-4CAE-9914-F99E41C12CFA}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{3DAD6C5D-2167-4CAE-9914-F99E41C12CFA}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{883373C3-BF89-11D1-BE35-080036B11A03}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{883373C3-BF89-11D1-BE35-080036B11A03}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{EF43ECFE-2AB9-4632-BF21-58909DD177F0}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{EF43ECFE-2AB9-4632-BF21-58909DD177F0}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{D969A300-E7FF-11D0-A93B-00A0C90F2719}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{D969A300-E7FF-11D0-A93B-00A0C90F2719}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{57651662-CE3E-11D0-8D77-00C04FC99D61}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{57651662-CE3E-11D0-8D77-00C04FC99D61}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library Location. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\ContextMenuHandlers\CopyAsPathMenu. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\ContextMenuHandlers\SendTo. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\Open With. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\Open With EncryptionMenu. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\*\ShellEx\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Directory\ShellEx\ContextMenuHandlers\EncryptionMenu. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Directory\ShellEx\CopyHookHandlers\FileSystem. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Directory\ShellEx\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}. Key to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Classes\Directory\Background\ShellEx\ContextMenuHandlers\New. Key to be deleted.

Unknown. REGKEY: HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids[lnkfile]. Value: lnkfile To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids[SHCmdFile]. Value: SHCmdFile To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\PDF ARCHITECT\LIBEAY32.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\PDF ARCHITECT\LIBCURL.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\GROOVE.EXE to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GROOVE.EXE. Key to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\Microsoft SharePoint Workspace Audit Service. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\WINRAR\WINRAR.EXE to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\WinRAR\WinRAR.lnk to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids[WinRAR]. Value: WinRAR To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList[MRUList]. Value: MRUList To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList[a]. Value: a To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids[WinRAR.ZIP]. Value: WinRAR.ZIP To be deleted.

Unknown. FILE: D:\PROGRAMME\ADOBE\PHOTOSHOP CS2\IMAGEREADY.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Adobe ImageReady CS2.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImageReady.exe. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids[Photoshop.PNGFile.9]. Value: Photoshop.PNGFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\OpenWithProgids[Photoshop.WBMFile.9]. Value: Photoshop.WBMFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\OpenWithProgids[Photoshop.WBMFile.9]. Value: Photoshop.WBMFile.9 To be deleted.

Unknown. FILE: C:\PROGRAM FILES\COMMON FILES\ADOBE\CALIBRATION\ADOBE GAMMA LOADER.EXE to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk to be deleted.

Unknown. FILE: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Startup\Adobe Gamma.lnk to be deleted.

Unknown. FILE: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\LIBEAY32.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\PDF ARCHITECT\SSLEAY32.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT ELEMENTS\CONTEXTMENU.DEU to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ADOBE_PCD.DLL to be deleted.

Unknown. FILE: C:\WINDOWS\TWAIN_32\ESCNDV\ESCNDV.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\EPSON\EPSON Scan\EPSON Scan.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Escndv.exe. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ADOBE_PERSONALIZATION.DLL to be deleted.

Unknown. FILE: C:\WINDOWS\SYSTEM32\PDFCMON.DLL to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\pdfcmon. Key to be deleted.

Unknown. FILE: D:\PROGRAMME\ADOBE\PHOTOSHOP CS2\PHOTOSHOP.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Adobe Photoshop CS2.lnk to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Photoshop.exe. Key to be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ase\OpenWithProgids[Photoshop.ExchangeableSwatchFile.9]. Value: Photoshop.ExchangeableSwatchFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cin\OpenWithProgids[Photoshop.CINFile.9]. Value: Photoshop.CINFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\OpenWithProgids[Photoshop.CameraRawFileCanon2.9]. Value: Photoshop.CameraRawFileCanon2.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\OpenWithProgids[Photoshop.CameraRawFileCanon.9]. Value: Photoshop.CameraRawFileCanon.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\OpenWithProgids[Photoshop.CameraRawFileKodak.9]. Value: Photoshop.CameraRawFileKodak.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\OpenWithProgids[Photoshop.CameraRawFileDigital.9]. Value: Photoshop.CameraRawFileDigital.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dpx\OpenWithProgids[Photoshop.CINFile.9]. Value: Photoshop.CINFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\OpenWithProgids[Photoshop.EPSFile.9]. Value: Photoshop.EPSFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\OpenWithProgids[Photoshop.CameraRawFileEpson.9]. Value: Photoshop.CameraRawFileEpson.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exr\OpenWithProgids[Photoshop.OpenEXRFile.9]. Value: Photoshop.OpenEXRFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fido\OpenWithProgids[Photoshop.CINFile.9]. Value: Photoshop.CINFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\OpenWithProgids[Photoshop.PortableBitMapFile.9]. Value: Photoshop.PortableBitMapFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icb\OpenWithProgids[Photoshop.TGAFile.9]. Value: Photoshop.TGAFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mnu\OpenWithProgids[Photoshop.MenuCustomizationFile.9]. Value: Photoshop.MenuCustomizationFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\OpenWithProgids[Photoshop.CameraRawFileLeaf.9]. Value: Photoshop.CameraRawFileLeaf.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\OpenWithProgids[Photoshop.CameraRawFileMinolta.9]. Value: Photoshop.CameraRawFileMinolta.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\OpenWithProgids[Photoshop.CameraRawFileNikon.9]. Value: Photoshop.CameraRawFileNikon.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\OpenWithProgids[Photoshop.CameraRawFileOlympus.9]. Value: Photoshop.CameraRawFileOlympus.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\OpenWithProgids[Photoshop.RadianceFile.9]. Value: Photoshop.RadianceFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\OpenWithProgids[Photoshop.PICTFile.9]. Value: Photoshop.PICTFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdp\OpenWithProgids[Photoshop.PDPFile.9]. Value: Photoshop.PDPFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\OpenWithProgids[Photoshop.CameraRawFilePentax.9]. Value: Photoshop.CameraRawFilePentax.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\OpenWithProgids[Photoshop.PICTFile.9]. Value: Photoshop.PICTFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\OpenWithProgids[Photoshop.PICTFile.9]. Value: Photoshop.PICTFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psb\OpenWithProgids[Photoshop.PSBFile.9]. Value: Photoshop.PSBFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\OpenWithProgids[Photoshop.Image.9]. Value: Photoshop.Image.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pxr\OpenWithProgids[Photoshop.PXRFile.9]. Value: Photoshop.PXRFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\OpenWithProgids[Photoshop.CameraRawFileFujifilm.9]. Value: Photoshop.CameraRawFileFujifilm.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\OpenWithProgids[Photoshop.RAWFile.9]. Value: Photoshop.RAWFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sct\OpenWithProgids[Photoshop.SCTFile.9]. Value: Photoshop.SCTFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdpx\OpenWithProgids[Photoshop.CINFile.9]. Value: Photoshop.CINFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shh\OpenWithProgids[Photoshop.SHHFile.9]. Value: Photoshop.SHHFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\OpenWithProgids[Photoshop.CameraRawFileSony.9]. Value: Photoshop.CameraRawFileSony.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sta\OpenWithProgids[Photoshop.STAFile.9]. Value: Photoshop.STAFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\OpenWithProgids[Photoshop.TGAFile.9]. Value: Photoshop.TGAFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids[Photoshop.TIFFFile.9]. Value: Photoshop.TIFFFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids[Photoshop.TIFFFile.9]. Value: Photoshop.TIFFFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vda\OpenWithProgids[Photoshop.TGAFile.9]. Value: Photoshop.TGAFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vst\OpenWithProgids[Photoshop.TGAFile.9]. Value: Photoshop.TGAFile.9 To be deleted.

Unknown. REGKEY: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f\OpenWithProgids[Photoshop.CameraRawFileFoveon.9]. Value: Photoshop.CameraRawFileFoveon.9 To be deleted.

Unknown. FILE: C:\WINDOWS\TWAIN_32\ESCNDV\ESTCFG.EXE to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Estcfg.exe. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.DEU to be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.63  
   x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Panda Cloud Cleaner   
 Adobe Flash Player 	11.7.700.169  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````

OTL:

Code:

ATTFilter

OTL logfile created on: 09.05.2013 13:41:52 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 41,62% Memory free
6,00 Gb Paging File | 4,08 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 73,10 Gb Free Space | 62,78% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 55,05 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive E: | 116,44 Gb Total Space | 69,39 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 116,16 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: LABTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.05 18:22:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.04.12 17:09:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.26 17:28:17 | 000,138,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe
PRC - [2013.03.19 16:15:51 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.02 10:24:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe
PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\***\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe
PRC - [2012.11.06 06:20:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 17:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012.07.26 05:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2012.07.26 05:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012.07.23 15:42:04 | 000,041,632 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
PRC - [2012.07.17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
PRC - [2012.06.25 16:16:44 | 000,548,768 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe
PRC - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
PRC - [2012.01.20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 17:09:30 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.02.15 15:02:19 | 011,843,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\514763136e7ea4730f5fb8120b6bbb30\System.Web.ni.dll
MOD - [2013.02.15 15:01:21 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll
MOD - [2013.01.13 14:33:35 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll
MOD - [2013.01.13 14:33:23 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8e9282974a23dfd1c27496da39f39472\System.Management.ni.dll
MOD - [2013.01.13 14:33:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll
MOD - [2013.01.13 14:33:06 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll
MOD - [2013.01.13 12:51:44 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013.01.13 12:51:23 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013.01.13 12:51:13 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ef15bfde4d664e24a6c6886e8fb03eb\PresentationFramework.Aero.ni.dll
MOD - [2013.01.13 12:51:11 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e07f712f0af54ae2a9ad237baa4c54b3\PresentationFramework.ni.dll
MOD - [2013.01.13 12:50:51 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\552e0b1cffc85b2d7bb8f202dbf6b58f\PresentationCore.ni.dll
MOD - [2013.01.13 12:50:32 | 003,349,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\24cc53e26c02f2d0dbb139045428ef76\WindowsBase.ni.dll
MOD - [2013.01.13 12:50:27 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013.01.13 12:50:18 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012.10.10 03:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012.10.10 03:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012.10.10 03:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012.10.10 03:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012.09.14 00:04:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.14 00:03:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.07.06 04:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.07.06 04:01:07 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.07.06 04:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2012.07.06 04:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 17:09:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.12 16:36:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.03.02 10:23:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013.03.02 10:23:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013.02.14 04:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.02 10:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013.01.29 02:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013.01.10 01:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013.01.10 01:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 06:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.11.06 06:18:36 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.20 08:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012.09.20 07:55:29 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2012.09.20 07:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012.09.20 07:53:35 | 000,142,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012.07.26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012.07.26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012.07.26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012.07.26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012.07.26 05:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012.07.26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012.07.26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012.07.26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012.07.26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012.07.26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012.07.26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.03.02 11:54:25 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013.03.02 11:06:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013.03.02 10:52:49 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013.03.02 10:52:47 | 000,237,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013.03.02 10:52:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013.02.02 11:00:11 | 000,361,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013.02.02 09:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013.01.29 02:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013.01.29 01:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013.01.10 03:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.11.27 05:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012.11.20 06:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012.11.06 05:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012.10.12 09:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.10.11 07:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012.10.11 07:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012.10.11 06:40:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDScan.sys -- (WSDScan)
DRV - [2012.09.20 09:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012.09.20 08:34:10 | 000,179,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012.09.20 08:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012.07.26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012.07.26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012.07.26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012.07.26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012.07.26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012.07.26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012.07.26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012.07.26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012.07.26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012.07.26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012.07.26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012.07.26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012.07.26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012.07.26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012.07.26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012.07.26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012.07.26 04:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2012.07.26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012.07.26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012.07.26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012.07.26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012.07.26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012.07.26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012.07.26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012.07.26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012.07.26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012.07.26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012.07.26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012.07.26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012.07.26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012.07.26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012.07.26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012.07.26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012.07.26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.07.26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012.07.26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012.07.26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012.07.26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012.07.26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012.07.26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012.06.21 17:04:52 | 000,407,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2012.06.02 16:32:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2012.06.02 16:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2009.07.02 18:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2009.05.13 10:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.19 19:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.25 13:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 17:09:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 17:09:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.03 17:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.12 17:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 17:09:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.05 17:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SRSAENotifier] C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [LightShot] C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [SkyDrive] C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe ()
O4 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4171136491-575053196-1707953686-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF7F6B0-4688-4F9E-B8A5-5D4DD4E022D3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 20:12:58 | 000,000,000 | ---D | M] - D:\Autokauf -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 21:21:36 | 000,000,000 | ---D | M] - E:\Autokauf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 08:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013.05.09 08:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2013.05.09 08:22:28 | 021,188,752 | ---- | C] (Panda Security                                              ) -- C:\Users\***\Desktop\PandaCloudCleaner.exe
[2013.05.06 19:46:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.05.06 19:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.06 19:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.06 19:46:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.06 19:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.06 19:43:27 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.06 19:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.05 18:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.05 18:05:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.03 16:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.12 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 13:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.09 12:44:03 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2013.05.09 09:47:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
[2013.05.09 08:56:12 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.09 08:54:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.09 08:54:05 | 2576,416,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 08:22:40 | 000,890,825 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2013.05.09 08:22:39 | 021,188,752 | ---- | M] (Panda Security                                              ) -- C:\Users\***\Desktop\PandaCloudCleaner.exe
[2013.05.06 19:46:01 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 19:43:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.06 18:29:46 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.05 18:47:27 | 461,832,891 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013.05.05 18:33:38 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.05 18:22:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.05 18:20:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.05 18:18:24 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.05 13:39:23 | 000,000,502 | ---- | M] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2013.05.03 16:38:19 | 000,184,520 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.29 20:12:01 | 000,753,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.29 20:12:01 | 000,710,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.29 20:12:01 | 000,155,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.29 20:12:01 | 000,132,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.13 14:00:16 | 000,425,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.09 08:22:40 | 000,890,825 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2013.05.06 19:46:01 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.06 18:29:44 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.05 18:33:37 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.05 18:20:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.05 18:18:23 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.03 17:07:20 | 000,001,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.03 16:38:19 | 000,184,520 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.13 13:59:51 | 000,425,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.13 13:41:06 | 000,387,867 | ---- | C] () -- C:\WINDOWS\System32\ApnDatabase.xml
[2013.03.19 19:39:49 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.19 19:39:49 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.01.13 15:57:01 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.12.23 11:59:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SAMSFPA.DAT
[2012.12.21 17:49:20 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012.12.19 14:12:52 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.12.11 18:52:13 | 000,000,502 | ---- | C] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2012.12.10 19:34:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswnet.sys.sum
[2012.07.26 10:41:52 | 000,753,134 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2012.07.26 10:41:52 | 000,155,826 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2012.07.26 08:55:27 | 000,710,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.07.26 08:55:27 | 000,132,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012.06.21 17:04:52 | 000,407,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.04.28 07:35:21 | 000,000,000 | ---- | C] () -- C:\Users\***\ADSM_Backup.xml
[2009.04.22 07:55:23 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.04.22 07:55:23 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2012.12.22 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.26 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cities3D
[2012.12.26 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\driveridentifier
[2012.12.22 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Drivers For Free
[2013.02.03 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.12.28 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2012.12.26 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion
[2013.01.13 12:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Geek Uninstaller
[2013.01.13 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2013.04.20 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2013.01.10 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.12.24 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.02.25 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2012.12.11 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spacejock Software
[2012.12.19 14:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >

aharonov · 09.05.2013, 13:01

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Vista und Win7 User: Rechtsklick und "als Administrator starten".
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*qvo6*

:folderfind
*qvo6*

:regfind
qvo6
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.

loewenherzl · 09.05.2013, 14:13

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 15:01 on 09/05/2013 by ***
Administrator - Elevation successful

========== filefind ==========

Searching for "*qvo6*"
No files found.

========== folderfind ==========

Searching for "*qvo6*"
No folders found.

========== regfind ==========

Searching for "qvo6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E339C5BAD7C503D43B41C9384AB949EB\Features]
"DefaultFeature"="O5AOK01vq_WH+ah$oL&!a3SHZu.$m64Q.}[wIL(@[cvIA``Z-wd*ayk[.c[KXC'Uvq,?^sLm,~n`hPMv+anwp]YAVcRNFA?4d,dzu.Naem+Gu16J7tpBz8C*H^I?H(3p,twCJq[z2T(b4u}wkL^FDW-n3QvG9kRhM2ykVsSu$y1!vrF6eFQvO6G(gFoNZ7yIE.P4R7@3dyzyJaw!*AQNK(3rN0sqd~$%,xjCNMfCCOI0$sAiFI.B7i'(wv1}mXyYcZbDKqDo.!aP6hhYm,oa2WY0bWDEpntCrDaU['54hJd$64}6o?F+K1Qf]j34nO{([]ZMS2DR}e~r5R^ND3lMhi^pc@.w6C8cq8Ldf{q'2)*,ZQ%^gyU9}[s~}J(etZIFg_i}_)+x[LPmu?zQveZ.2rw3MNM`*0n[~~q[]DD{P-bUgvD97}6ZOA-i?L4c8Ar.7TjuT^i%&wmCI3Z2k}D_(aQaz$pzYbYmMm1l^v7~XzIK?njoAb=d{xtyS2.u2*]zY`1+VrD.[SMtvO4gy),_UOFNcn(LO,V6)y)^-%RJPjSBu)PIT]V6^20glef44{z?13mi^NS^'Q[vfFnUX5IdbRz10l[]Ew&@c2B!dygV]K`LhW-$y.?oVLqQ+=HWZaE.neZoetl-qT$I)Mrsp5NpP0ylQeX6+WSmG)g+'HdxS)gWpU$YXfn@~B1$ZC==o04(5I){z3@PwlI)4G&W}?+OP@%9s9u^?k2dya4$z]+WT.(Lom9MRTuPweOEhet4`4nm7e*~QN9W6Lui8zZN41^jh0&j@,2}bj.'NS9z3eV.jlFaXSE%I*r8aFhvwqj{Na(xH6YU{p&JX{s~&Iz`IJzz!q5l$H=VtYF

-= EOF =-

aharonov · 09.05.2013, 14:21

Gib in die Adresszeile des Firefox about:config ein und bestätige die Warnung, dass du vorsichtig sein wirst.
Tippe dann qvo6 in das Suchen-Feld oben ein.
Mache einen Rechtsklick auf die gefundenen Einträge, welche "qvo6" beinhalten, und wähle die Option Zurücksetzen.

Ist danach im Firefox noch irgendwas Störendes von qvo6 zu sehen?

loewenherzl · 09.05.2013, 14:30

In der Liste waren keine Einträge zu qvo6 zu finden. Ich habe den Firefox mehrmals neu gestartet und konnte keine Störungen feststellen. Die Einstellungen bezüglich der vor ein paar Tagen genannten "Schwierigkeiten" mit dem Speichern der vorherigen Sitzungen und Tabs hat sich auch geklärt. Die Einstellung ist wieder möglich und funktioniert. Das Problem war, dass Firefox keine Chronik angelegt hat.

06.05.2013, 19:50	#8
aharonov /// TB-Ausbilder	Probleme mit qvo6 und SpyHunter 4 Ok, dann ersetz denn ESET-Scan durch Folgendes: Downloade dir bitte den Panda Cloud Cleaner und starte den Scan. Bitte nichts löschen. Am Ende nur "View Report" unten rechts klicken. Kopiere den Scanreport hier in den Thread. __________________ cheers, Leo

09.05.2013, 12:07	#10
aharonov /// TB-Ausbilder	Probleme mit qvo6 und SpyHunter 4 Mach noch den Panda und den SecurityCheck-Scan wie beschrieben. Und dann hänge ich dir noch einen Schritt 5 an: Schritt 5 Starte bitte die OTL.exe. Setze den Haken bei Scan all Users. Drücke auf den Quick Scan Button. Poste den Inhalt von OTL.txt hier in den Thread. __________________ cheers, Leo

Probleme mit qvo6 und SpyHunter 4

Plagegeister aller Art und deren Bekämpfung: Probleme mit qvo6 und SpyHunter 4