Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.06.2013, 19:47   #1
Paulinchen
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Unglücklich

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Hallo,

es ist ein Segen, dass es solche Foren gibt!
Dies ist der Computer meiner Mutter. Ein Problem hab ich im Titel ja schon genannt. Ich weiß nicht wie lange nun schon Websearch als Startseite der Browser installiert ist. Vorher gab es noch Babylon und Conduit. Desweiteren werden seit zwei Tagen auf allen besuchten Webseiten "unanständige" Werbebanner gezeigt. ^^ Toolbars von Websearch und Babylon habe ich deinstalliert, allerdings "nur" über Systemsteuerung->Programme->Deinstallieren. Ich weiß nicht, ob das nun tatsächlich deinstalliert ist. Die Probleme gibt es schon seit mehreren Wochen, wegen Abi habe ich mich nicht drum gekümmert und nun festgestellt, dass ich keinerlei Ahnung habe, wie das Problem behoben werden kann.
Achso. In einem voreiligen Versuch das Problem zu lösen habe ich Spyhunter 4 installiert, der gleich über hundert Probleme aufzeigte, aber nicht bereit war diese ohne Bezahlung zu lösen. Ich habe auch dieses Programm wieder deinstalliert.

Hier sind die gewünschten Logs. Der defogger hat keine Fehlermeldung ausgegeben.
OTL
Code:
ATTFilter
OTL logfile created on: 09.06.2013 19:50:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Benutzer\Ute.UTE-PC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,80% Memory free
15,97 Gb Paging File | 12,84 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,49 Gb Total Space | 21,08 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 380,17 Gb Total Space | 332,56 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: UTE-PC | User Name: Ute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.20 17:55:18 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.16 20:04:47 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.01.16 12:18:33 | 001,650,128 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2013.01.10 15:35:48 | 000,257,512 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
PRC - [2013.01.09 14:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2012.11.29 06:25:41 | 001,547,288 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\GUI\GDSC.exe
PRC - [2012.11.29 06:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Ute.UTE-PC\Downloads\OTL.exe
PRC - [2012.05.31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.05.31 14:52:40 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012.04.10 16:05:18 | 000,334,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVK.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.03.09 00:19:30 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.20 17:55:18 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.05.17 15:16:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 15:16:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 15:16:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.16 20:04:46 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.01.24 13:25:02 | 001,044,480 | ---- | M] () -- c:\progra~2\websea~1\sprote~1.dll
MOD - [2013.01.24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\contin~1\sprote~1.dll
MOD - [2013.01.13 17:42:21 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll
MOD - [2013.01.13 17:42:20 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll
MOD - [2013.01.10 04:20:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:20:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 04:20:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 04:20:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:19:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.05.31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.20 17:55:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 20:04:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.16 12:18:33 | 001,650,128 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2013.01.10 15:35:48 | 000,257,512 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2012.11.30 06:30:54 | 001,219,096 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2012.11.29 06:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 06:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.31 14:52:40 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.01.27 01:53:31 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.27 01:51:34 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.27 01:51:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.27 01:51:34 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.27 01:51:34 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.12.26 18:01:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.10.27 02:54:44 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.03 21:59:17 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2012.06.03 21:59:04 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.03.02 06:13:58 | 000,029,184 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 23:49:22 | 000,637,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS)
DRV:64bit: - [2011.12.19 23:49:18 | 000,566,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011.12.19 23:49:18 | 000,024,496 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.08.11 08:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.25 13:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.05.25 13:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.04.11 11:33:54 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.23 09:07:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.19 04:25:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.12.19 04:23:30 | 000,068,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV - [2012.03.02 06:13:58 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}
IE:64bit: - HKLM\..\SearchScopes\{64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14
IE - HKLM\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}
IE - HKLM\..\SearchScopes\{64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14
IE - HKCU\..\SearchScopes\{CBE9CFC6-4714-448F-A35D-3CBD4827D344}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14"
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.06.03 21:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 17:55:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.04 17:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 17:55:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.22 19:24:28 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Extensions
[2013.05.21 08:17:29 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions
[2013.05.21 08:17:29 | 000,000,000 | ---D | M] (SearchNewTab) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions\bxhrd30f4b@rmtbtcamxg.net
[2013.05.21 08:17:29 | 000,000,000 | ---D | M] (coontinueetosavee) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions\xm35ji@ldnihz.net
[2013.04.08 21:58:25 | 000,714,654 | ---- | M] () (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\firefox\profiles\z5644nf8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.05.21 08:17:32 | 000,007,849 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\firefox\profiles\z5644nf8.default\searchplugins\WebSearch.xml
[2013.05.20 17:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 17:55:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga\10.15.2.523_0\
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiogoahdjhmpnidkfapapialgnfmoppf\1\
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcpileggbeggldbgdnikalmifjfeldi\1\
CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SearchNewTab) - {4FBC9915-89A7-FF85-80B0-6C8E0AB6F49F} - C:\ProgramData\SearchNewTab\519b1b8d6ca6a.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (coontinueetosavee) - {E4158A8A-BBCF-35C9-3261-8FE8CB943B95} - C:\ProgramData\coontinueetosavee\519b1b6e189e2.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3965-B290-4655-8631-B8B691A38EE4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe) - c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.06.09 18:23:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.09.28 15:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012.09.28 11:48:28 | 000,000,049 | R--- | M] () - J:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{cbe2ae1d-4f73-11e2-a96b-50e549dfde29}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe2ae1d-4f73-11e2-a96b-50e549dfde29}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2012.09.28 15:30:38 | 000,055,176 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 19:05:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.09 18:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.09 18:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.09 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.06.09 18:04:29 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013.06.07 22:46:40 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\Documents\RCT3
[2013.06.07 22:46:40 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Atari
[2013.06.07 21:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.06.07 21:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.06.07 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.06.07 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.07 21:33:52 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.03 18:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.06.03 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.06.03 18:19:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.06.03 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.21 08:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.05.21 08:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab
[2013.05.21 08:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013.05.21 08:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch
[2013.05.21 08:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave
[2013.05.21 08:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontinueetosavee
[2013.05.21 08:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\coontinueetosavee
[2013.05.21 08:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.05.20 17:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 19:48:59 | 000,000,168 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\defogger_reenable
[2013.06.09 19:04:05 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001UA.job
[2013.06.09 19:04:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 18:25:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 18:25:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 18:23:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.06.09 18:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 18:17:07 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 18:04:29 | 000,002,975 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\Desktop\HiJackThis.lnk
[2013.06.09 17:49:06 | 000,001,063 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.09 17:49:01 | 000,001,047 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\Desktop\Dropbox.lnk
[2013.06.07 16:48:58 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001Core.job
[2013.05.25 01:41:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.25 01:41:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.25 01:41:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.25 01:41:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.25 01:41:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.18 19:26:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.17 15:14:26 | 000,311,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 19:48:59 | 000,000,168 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\defogger_reenable
[2013.06.09 18:23:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.06.09 18:04:29 | 000,002,975 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\Desktop\HiJackThis.lnk
[2013.06.03 18:19:12 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.18 19:26:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.23 01:05:24 | 000,001,638 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\MyMicroBalanceConfig.ini
[2012.12.22 23:14:10 | 000,000,218 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Local\recently-used.xbel
[2012.12.22 23:11:00 | 000,003,533 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Local\Ute.gnucash
[2012.12.20 18:22:44 | 000,000,368 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\.jhh
[2012.06.05 10:45:05 | 001,016,973 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.06.03 16:57:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.12 16:37:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.12 16:35:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.12 16:35:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.12 16:35:49 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.03 17:34:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\.minecraft
[2012.12.22 23:42:48 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Aquamarin Haushaltsbuch
[2012.12.20 18:04:07 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Ashampoo
[2013.06.07 22:46:40 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Atari
[2012.12.02 03:02:07 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\calibre
[2013.06.09 19:14:33 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\DAEMON Tools Lite
[2013.06.09 18:18:23 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox
[2012.12.02 21:51:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\elsterformular
[2013.02.09 15:05:15 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Origin
[2012.12.22 21:28:51 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\SmartTools
[2012.06.04 23:03:10 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Thunderbird
[2012.06.09 15:21:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Zylom Games
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 19:50:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Benutzer\Ute.UTE-PC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,80% Memory free
15,97 Gb Paging File | 12,84 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,49 Gb Total Space | 21,08 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 380,17 Gb Total Space | 332,56 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: UTE-PC | User Name: Ute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B3F9B2-2490-4365-83B6-30924A5E0CDF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{08D084B6-1B9B-45A2-8965-4C41D283DA0F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2829089F-216C-41E4-83D4-A5FA5FFCA48E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3AA2D5DA-49CC-4D33-88DC-29D4EC41F7FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{439BAE38-27CF-4B8B-8FBF-730D1CC93003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A132506-B4EE-475D-B1B3-E7488A4D40AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{56705FB5-0C8A-42A4-BB06-FA5EEBE3F900}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{58B476B6-BE80-4742-B7E9-D7806DDA4269}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C50F9D1-CAC4-4457-8580-B823F52B3810}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7062386E-7895-441C-8FE7-43D33E1AC411}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{746FFD7B-E5C8-49CC-92FC-BD1E092FBC77}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7C410A89-35CA-4EE7-9150-A8991254375F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7C548611-B366-471E-A2C1-E3342476410F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{99E19437-7EAD-4391-939E-06948BE2B82B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A03C0370-0212-4858-8ACD-4D44F52D7BEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6678A25-0834-4C9F-8C58-DF9AB31BDFE0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AACBCE6D-3C38-4B73-AAEF-E981F8C13A71}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B8BF6793-9EE2-426D-AAD1-119B7EE6655B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF0198EE-4B03-46C7-893F-6CCCDD63B8F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4D41C4A-0441-4F44-8349-5530045FA55F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D863A721-5677-4F33-951B-060770A6EE5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DA63950F-8E93-4E41-88F7-CB7AA4C49828}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEA9AE1E-03C8-46DC-BF28-2071D360571B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EDF50131-469A-4743-A5AD-BC06501ED42A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EFBAC61F-023F-46B0-9B29-FD99BE2E7C15}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14BF653C-CDBA-4DBC-A710-19BB5279F92C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{15E6E411-83F9-4326-A413-461EC77892AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{15F80F37-3092-4E96-B1B0-EE4801000C09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1C675264-905D-4197-B50E-415A319B6C2F}" = protocol=17 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{20D3F2F9-343C-4D0E-955A-8FAF87C26A44}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | 
"{332C6D7E-BDCA-4BD1-850E-C68587F41D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{371F2827-61A2-48AB-A74D-9AE75F6382BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A8845F2-99FC-4D03-8B12-A450695F9C9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3C85F81B-354F-4C57-B2E7-4F052A9FABBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | 
"{472ADE33-BDEB-463E-9C33-FC1470DBC8E9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{47F2651B-4425-4809-BFCD-F64CBF48BD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4E075DB2-BDF3-4AE4-BEEE-3D9A08D52B6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{54BDE5E0-5C2A-480A-BD44-DBB4DF9C052A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{55605FBE-226B-4428-BEC4-358A004D4DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{616254D2-E618-453F-9FCD-AFD8930F1660}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{6329F152-CC96-4B69-83F2-C7151D715EFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6FAF2395-4520-4A45-9612-2F20673D7C76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{72D6E19B-448B-4541-BABA-E1B4DB105A9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{73C5EF0A-34CC-4810-A8C3-DB61E6E5B512}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7BAF3BD6-CFF6-4CCF-B106-BBFABDD2F295}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{8677D78A-1A18-4EAD-9825-E440B557C266}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86D6E5A8-7777-4B5A-BB01-BADECCE1E04C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E448B3D-25B4-4A5B-880A-240E3C085DA2}" = protocol=6 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{902A606B-5904-4AB7-BB00-089A4D8AFB76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{92AE9074-44E9-47ED-9162-5180C3999399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{983706F7-24ED-4F41-93A7-825457E8BF03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | 
"{9AF6BFCC-F2B0-49F9-A68F-82110C65FDAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A593034B-9365-4A8C-9135-1CCF1F3ED9E7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C35DA94A-1F9A-4D65-BB09-723AEFCEF415}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5185473-95E2-41D3-831B-63E1D0D0753C}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | 
"{E6A98632-B700-4717-857C-5C3D47FFE2AB}" = protocol=6 | dir=out | app=system | 
"{FECF9DC0-3B5C-476B-98E0-BFF2FA2614FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFC628E6-7519-42D2-BEAB-792899BE1C74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{21399D75-A16A-47BB-9723-EEE9F9578924}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{AA96FAFD-7F51-4368-B0D7-A6490E4D890A}D:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6FECBB16-6A5E-427F-80C4-DD0CF9AA0F5D}D:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8A1B2F2F-FF33-4AB4-9979-3E88BF54CE2D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A1A084D5-B714-442F-B7B6-C3A24AE8C130}" = calibre 64bit
"{C8149A2F-CBAA-A60A-1F13-162126D54D77}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10909818-3951-4C58-801F-76077939856D}" = HydraVision
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{552442BD-8398-46F0-ACF1-02F8E1843458}" = G Data TotalProtection 2012
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.0.1) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = coontinueetosavee
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SearchNewTab
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Big City Adventure: London Classic" = Big City Adventure: London Classic
"DAEMON Tools Lite" = DAEMON Tools Lite
"DSGPlayer" = RTL GAME CENTER
"ElsterFormular" = ElsterFormular
"Exzellent, Eure Majestät!" = Exzellent, Eure Majestät!
"FarmFrenzy" = FarmFrenzy
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Kobo" = Kobo
"Magnus2" = Die Suche nach dem Goldschatz
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Roads Of Rome_is1" = Roads Of Rome
"SmartToolsFinanzplan 2013v4.00" = SmartTools Publishing • Excel Finanzplan 2013
"SP_4e24eecb" = Search Assistant WebSearch 1.74
"SP_e14dcdfa" = ContinueToSave 1.74
"Steam App 2700" = RollerCoaster Tycoon 3: Platinum!
"The Next BIG Thing (de)" = The Next BIG Thing (Deutsch)
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.05.2013 14:52:46 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.05.2013 05:12:50 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.12.2012 06:21:04 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 06:21:34 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.05.2013 17:46:09 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.05.2013 17:54:29 | Computer Name = UTE-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.05.2013 16:48:59 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.12.2012 16:55:07 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 23.12.2012 18:08:27 | Computer Name = UTE-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 23.12.2012 18:56:30 | Computer Name = UTE-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 25.12.2012 07:51:43 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
   %%1115
 
Error - 25.12.2012 09:47:22 | Computer Name = UTE-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 25.12.2012 12:03:01 | Computer Name = UTE-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 27.12.2012 11:54:35 | Computer Name = UTE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 29.12.2012 17:46:54 | Computer Name = UTE-PC | Source = bowser | ID = 8003
Description = 
 
Error - 31.12.2012 10:36:34 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Freemake Improver erreicht.
 
Error - 31.12.2012 10:36:34 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
und GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 20:20:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1  rev. 0,00MB
Running: gmer_2.1.19163.exe; Driver: D:\Benutzer\UTE~1.UTE\AppData\Local\Temp\ufldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                 fffff80002fae000 63 bytes [00, 00, 0D, 02, 4D, 49, 63, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                                                                 fffff80002fae040 72 bytes [C0, 75, B0, 11, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076951465 2 bytes [95, 76]
.text     C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000769514bb 2 bytes [95, 76]
.text     ...                                                                                                                                                                * 2
.text     D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                       0000000076951465 2 bytes [95, 76]
.text     D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                      00000000769514bb 2 bytes [95, 76]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076951465 2 bytes [95, 76]
.text     C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000769514bb 2 bytes [95, 76]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                        0000000076951465 2 bytes [95, 76]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                       00000000769514bb 2 bytes [95, 76]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076951465 2 bytes [95, 76]
.text     C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000769514bb 2 bytes [95, 76]
.text     ...                                                                                                                                                                * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                       0000000076951465 2 bytes [95, 76]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                      00000000769514bb 2 bytes [95, 76]
.text     ...                                                                                                                                                                * 2

---- Threads - GMER 2.1 ----

Thread     [6992:4112]                                                                                                                                                       00000000775f2e25
Thread     [6992:2176]                                                                                                                                                       000000007659d864
Thread     [6992:2040]                                                                                                                                                       00000000775f3e45
---- Processes - GMER 2.1 ----

Library   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804]      0000000140000000
Library   C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804]  0000000180000000
Library   C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804]       000007fee2380000
Library   C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804]          000007fee2860000
Library   C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804]          00000000001e0000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}\Connection@Name                        isatap.{7AB5735D-CA25-4028-BFA4-1D24DB643FC1}
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                           \Device\{FF41DD72-5E02-458C-AAD3-14C09B6E5111}?\Device\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}?\Device\{C682B3CB-8791-48BA-BC35-3858EA5B08CC}?\Device\{5991695B-4452-4BF1-9997-B415FF249D47}?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                          "{FF41DD72-5E02-458C-AAD3-14C09B6E5111}"?"{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}"?"{C682B3CB-8791-48BA-BC35-3858EA5B08CC}"?"{5991695B-4452-4BF1-9997-B415FF249D47}"?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                         \Device\TCPIP6TUNNEL_{FF41DD72-5E02-458C-AAD3-14C09B6E5111}?\Device\TCPIP6TUNNEL_{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}?\Device\TCPIP6TUNNEL_{C682B3CB-8791-48BA-BC35-3858EA5B08CC}?\Device\TCPIP6TUNNEL_{5991695B-4452-4BF1-9997-B415FF249D47}?
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}@InterfaceName                                             isatap.{7AB5735D-CA25-4028-BFA4-1D24DB643FC1}
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}@ReusableType                                              0

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                              sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----
         

Ich bedanke mich jetzt schon für zukünftige Hilfe!
LG
Paulinchen

Alt 09.06.2013, 19:52   #2
markusg
/// Malware-holic
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 09.06.2013, 20:15   #3
Paulinchen
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Danke für die schnelle Hilfe
Hier der Log

Code:
ATTFilter
21:07:57.0187 9252  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:07:59.0187 9252  ============================================================
21:07:59.0187 9252  Current date / time: 2013/06/09 21:07:59.0187
21:07:59.0187 9252  SystemInfo:
21:07:59.0187 9252  
21:07:59.0187 9252  OS Version: 6.1.7601 ServicePack: 1.0
21:07:59.0187 9252  Product type: Workstation
21:07:59.0187 9252  ComputerName: UTE-PC
21:07:59.0187 9252  UserName: Ute
21:07:59.0187 9252  Windows directory: C:\Windows
21:07:59.0187 9252  System windows directory: C:\Windows
21:07:59.0187 9252  Running under WOW64
21:07:59.0187 9252  Processor architecture: Intel x64
21:07:59.0187 9252  Number of processors: 4
21:07:59.0187 9252  Page size: 0x1000
21:07:59.0187 9252  Boot type: Normal boot
21:07:59.0187 9252  ============================================================
21:07:59.0557 9252  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x14B355, SectorsPerTrack: 0xC, TracksPerCylinder: 0x3C, Type 'K0', Flags 0x00000040
21:07:59.0657 9252  ============================================================
21:07:59.0657 9252  \Device\Harddisk0\DR0:
21:07:59.0657 9252  MBR partitions:
21:07:59.0657 9252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:07:59.0657 9252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x96FCF8C
21:07:59.0657 9252  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x972F79A, BlocksNum 0x2F85600A
21:07:59.0657 9252  ============================================================
21:07:59.0727 9252  C: <-> \Device\Harddisk0\DR0\Partition2
21:07:59.0787 9252  D: <-> \Device\Harddisk0\DR0\Partition3
21:07:59.0797 9252  ============================================================
21:07:59.0797 9252  Initialize success
21:07:59.0797 9252  ============================================================
21:09:13.0600 9172  ============================================================
21:09:13.0600 9172  Scan started
21:09:13.0600 9172  Mode: Manual; SigCheck; TDLFS; 
21:09:13.0600 9172  ============================================================
21:09:15.0534 9172  ================ Scan system memory ========================
21:09:15.0534 9172  System memory - ok
21:09:15.0534 9172  ================ Scan services =============================
21:09:15.0659 9172  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:09:15.0753 9172  1394ohci - ok
21:09:15.0784 9172  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:09:15.0815 9172  ACPI - ok
21:09:15.0846 9172  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:09:15.0878 9172  AcpiPmi - ok
21:09:16.0018 9172  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:16.0034 9172  AdobeFlashPlayerUpdateSvc - ok
21:09:16.0096 9172  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:09:16.0127 9172  adp94xx - ok
21:09:16.0127 9172  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:09:16.0143 9172  adpahci - ok
21:09:16.0143 9172  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:09:16.0158 9172  adpu320 - ok
21:09:16.0205 9172  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:09:16.0236 9172  AeLookupSvc - ok
21:09:16.0330 9172  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:09:16.0392 9172  AFD - ok
21:09:16.0408 9172  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:09:16.0424 9172  agp440 - ok
21:09:16.0424 9172  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:09:16.0439 9172  ALG - ok
21:09:16.0502 9172  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:09:16.0517 9172  aliide - ok
21:09:16.0548 9172  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:09:16.0564 9172  AMD External Events Utility - ok
21:09:16.0580 9172  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:09:16.0595 9172  amdide - ok
21:09:16.0595 9172  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:09:16.0611 9172  AmdK8 - ok
21:09:16.0798 9172  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:09:17.0032 9172  amdkmdag - ok
21:09:17.0063 9172  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:09:17.0079 9172  amdkmdap - ok
21:09:17.0079 9172  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:09:17.0094 9172  AmdPPM - ok
21:09:17.0110 9172  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:09:17.0126 9172  amdsata - ok
21:09:17.0126 9172  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:09:17.0126 9172  amdsbs - ok
21:09:17.0141 9172  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:09:17.0141 9172  amdxata - ok
21:09:17.0141 9172  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:09:17.0172 9172  AppID - ok
21:09:17.0204 9172  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:09:17.0219 9172  AppIDSvc - ok
21:09:17.0250 9172  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:09:17.0266 9172  Appinfo - ok
21:09:17.0282 9172  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:09:17.0297 9172  arc - ok
21:09:17.0328 9172  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:09:17.0344 9172  arcsas - ok
21:09:17.0375 9172  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:17.0406 9172  AsyncMac - ok
21:09:17.0406 9172  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:09:17.0422 9172  atapi - ok
21:09:17.0469 9172  [ 7D89B0C443F6068E5B27AA3B972069FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:09:17.0516 9172  athr - ok
21:09:17.0547 9172  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:09:17.0578 9172  AtiHDAudioService - ok
21:09:17.0594 9172  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:09:17.0625 9172  AudioEndpointBuilder - ok
21:09:17.0640 9172  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:09:17.0672 9172  AudioSrv - ok
21:09:17.0812 9172  [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
21:09:17.0859 9172  AVKProxy - ok
21:09:17.0921 9172  [ 68F93849B4197243E8454E704B063F9B ] AVKService      C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
21:09:17.0937 9172  AVKService - ok
21:09:17.0968 9172  [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl         C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe
21:09:18.0030 9172  AVKWCtl - ok
21:09:18.0077 9172  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:09:18.0093 9172  AxInstSV - ok
21:09:18.0124 9172  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:09:18.0155 9172  b06bdrv - ok
21:09:18.0171 9172  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:09:18.0186 9172  b57nd60a - ok
21:09:18.0202 9172  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:09:18.0218 9172  BDESVC - ok
21:09:18.0233 9172  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:09:18.0280 9172  Beep - ok
21:09:18.0311 9172  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:09:18.0374 9172  BFE - ok
21:09:18.0389 9172  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:09:18.0436 9172  BITS - ok
21:09:18.0452 9172  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:09:18.0467 9172  blbdrive - ok
21:09:18.0483 9172  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:09:18.0498 9172  bowser - ok
21:09:18.0514 9172  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:09:18.0514 9172  BrFiltLo - ok
21:09:18.0530 9172  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:09:18.0545 9172  BrFiltUp - ok
21:09:18.0576 9172  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:09:18.0608 9172  Browser - ok
21:09:18.0608 9172  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:09:18.0670 9172  Brserid - ok
21:09:18.0670 9172  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:18.0701 9172  BrSerWdm - ok
21:09:18.0717 9172  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:18.0732 9172  BrUsbMdm - ok
21:09:18.0795 9172  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:18.0810 9172  BrUsbSer - ok
21:09:18.0826 9172  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:09:18.0842 9172  BTHMODEM - ok
21:09:18.0857 9172  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:09:18.0904 9172  bthserv - ok
21:09:18.0920 9172  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:09:18.0951 9172  cdfs - ok
21:09:18.0951 9172  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:09:18.0966 9172  cdrom - ok
21:09:18.0982 9172  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:09:19.0013 9172  CertPropSvc - ok
21:09:19.0029 9172  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:09:19.0029 9172  circlass - ok
21:09:19.0044 9172  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:09:19.0060 9172  CLFS - ok
21:09:19.0138 9172  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:19.0154 9172  clr_optimization_v2.0.50727_32 - ok
21:09:19.0200 9172  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:19.0216 9172  clr_optimization_v2.0.50727_64 - ok
21:09:19.0278 9172  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:19.0294 9172  clr_optimization_v4.0.30319_32 - ok
21:09:19.0341 9172  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:19.0356 9172  clr_optimization_v4.0.30319_64 - ok
21:09:19.0356 9172  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:09:19.0356 9172  CmBatt - ok
21:09:19.0372 9172  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:09:19.0372 9172  cmdide - ok
21:09:19.0403 9172  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:09:19.0419 9172  CNG - ok
21:09:19.0419 9172  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:09:19.0434 9172  Compbatt - ok
21:09:19.0434 9172  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:09:19.0450 9172  CompositeBus - ok
21:09:19.0450 9172  COMSysApp - ok
21:09:19.0481 9172  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:09:19.0481 9172  crcdisk - ok
21:09:19.0528 9172  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:09:19.0559 9172  CryptSvc - ok
21:09:19.0590 9172  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:09:19.0622 9172  DcomLaunch - ok
21:09:19.0653 9172  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:09:19.0668 9172  defragsvc - ok
21:09:19.0684 9172  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:09:19.0715 9172  DfsC - ok
21:09:19.0715 9172  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:09:19.0746 9172  Dhcp - ok
21:09:19.0762 9172  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:09:19.0793 9172  discache - ok
21:09:19.0809 9172  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:09:19.0809 9172  Disk - ok
21:09:19.0824 9172  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:09:19.0840 9172  Dnscache - ok
21:09:19.0856 9172  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:09:19.0887 9172  dot3svc - ok
21:09:19.0902 9172  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:09:19.0918 9172  DPS - ok
21:09:19.0949 9172  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:09:19.0965 9172  drmkaud - ok
21:09:20.0012 9172  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:09:20.0027 9172  dtsoftbus01 - ok
21:09:20.0058 9172  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:09:20.0090 9172  DXGKrnl - ok
21:09:20.0105 9172  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:09:20.0121 9172  EapHost - ok
21:09:20.0183 9172  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:09:20.0277 9172  ebdrv - ok
21:09:20.0292 9172  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:09:20.0308 9172  EFS - ok
21:09:20.0355 9172  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:09:20.0386 9172  ehRecvr - ok
21:09:20.0402 9172  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:09:20.0417 9172  ehSched - ok
21:09:20.0433 9172  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:09:20.0448 9172  elxstor - ok
21:09:20.0464 9172  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:09:20.0480 9172  ErrDev - ok
21:09:20.0558 9172  esgiguard - ok
21:09:20.0589 9172  [ 72ECCB2F5C9CFC32A9B2A60933832501 ] EtronHub3       C:\Windows\System32\Drivers\EtronHub3.sys
21:09:20.0604 9172  EtronHub3 - ok
21:09:20.0636 9172  [ 7BB310F6FB9E1B9D21DD2CE7EB0D5464 ] EtronXHCI       C:\Windows\System32\Drivers\EtronXHCI.sys
21:09:20.0651 9172  EtronXHCI - ok
21:09:20.0698 9172  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:09:20.0745 9172  EventSystem - ok
21:09:20.0776 9172  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:09:20.0792 9172  exfat - ok
21:09:20.0807 9172  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:09:20.0854 9172  fastfat - ok
21:09:20.0870 9172  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:09:20.0901 9172  Fax - ok
21:09:20.0916 9172  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:09:20.0932 9172  fdc - ok
21:09:20.0948 9172  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:09:20.0963 9172  fdPHost - ok
21:09:20.0979 9172  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:09:21.0010 9172  FDResPub - ok
21:09:21.0026 9172  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:09:21.0026 9172  FileInfo - ok
21:09:21.0041 9172  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:09:21.0072 9172  Filetrace - ok
21:09:21.0088 9172  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:09:21.0088 9172  flpydisk - ok
21:09:21.0104 9172  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:09:21.0119 9172  FltMgr - ok
21:09:21.0166 9172  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:09:21.0213 9172  FontCache - ok
21:09:21.0275 9172  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:21.0291 9172  FontCache3.0.0.0 - ok
21:09:21.0338 9172  [ 565619F1B6DA86E3C7BA75A1E60ECFCD ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
21:09:21.0353 9172  Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
21:09:21.0353 9172  Freemake Improver - detected UnsignedFile.Multi.Generic (1)
21:09:21.0384 9172  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
21:09:21.0400 9172  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
21:09:21.0400 9172  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
21:09:21.0416 9172  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:09:21.0431 9172  FsDepends - ok
21:09:21.0447 9172  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:09:21.0462 9172  Fs_Rec - ok
21:09:21.0509 9172  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:09:21.0540 9172  fvevol - ok
21:09:21.0556 9172  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:09:21.0572 9172  gagp30kx - ok
21:09:21.0650 9172  [ E97ECF327AF2648DC7F3F29200B8C490 ] GDBackupSvc     C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
21:09:21.0712 9172  GDBackupSvc - ok
21:09:21.0743 9172  [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
21:09:21.0743 9172  GDBehave - ok
21:09:21.0852 9172  [ 98024F808C6A12FA9160AEF9C8344FAB ] GDFwSvc         C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
21:09:21.0930 9172  GDFwSvc - ok
21:09:21.0946 9172  [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
21:09:21.0946 9172  GDMnIcpt - ok
21:09:21.0962 9172  [ D826B9C59DE0B310C9E560763560D8F9 ] GdNetMon        C:\Windows\system32\drivers\GdNetMon64.sys
21:09:21.0977 9172  GdNetMon - ok
21:09:21.0993 9172  [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
21:09:22.0008 9172  GDPkIcpt - ok
21:09:22.0024 9172  gdrv - ok
21:09:22.0055 9172  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
21:09:22.0086 9172  GDScan - ok
21:09:22.0149 9172  [ 1526ACA44D95361D1D75E4354A39FC0A ] GDTunerSvc      C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe
21:09:22.0180 9172  GDTunerSvc - ok
21:09:22.0196 9172  [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
21:09:22.0196 9172  gdwfpcd - ok
21:09:22.0227 9172  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:09:22.0258 9172  gpsvc - ok
21:09:22.0305 9172  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
21:09:22.0320 9172  GRD - ok
21:09:22.0336 9172  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:09:22.0367 9172  hcw85cir - ok
21:09:22.0383 9172  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:22.0414 9172  HdAudAddService - ok
21:09:22.0430 9172  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:22.0445 9172  HDAudBus - ok
21:09:22.0445 9172  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:09:22.0461 9172  HidBatt - ok
21:09:22.0461 9172  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:09:22.0476 9172  HidBth - ok
21:09:22.0508 9172  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:09:22.0523 9172  HidIr - ok
21:09:22.0523 9172  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:09:22.0554 9172  hidserv - ok
21:09:22.0554 9172  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:09:22.0570 9172  HidUsb - ok
21:09:22.0601 9172  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:09:22.0632 9172  hkmsvc - ok
21:09:22.0664 9172  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:22.0679 9172  HomeGroupListener - ok
21:09:22.0710 9172  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:22.0710 9172  HomeGroupProvider - ok
21:09:22.0726 9172  [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
21:09:22.0742 9172  HookCentre - ok
21:09:22.0757 9172  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:09:22.0757 9172  HpSAMD - ok
21:09:22.0788 9172  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:09:22.0820 9172  HTTP - ok
21:09:22.0820 9172  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:09:22.0835 9172  hwpolicy - ok
21:09:22.0835 9172  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:09:22.0851 9172  i8042prt - ok
21:09:22.0882 9172  [ 8180A2392E732E8871589B54FAB6991F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
21:09:22.0882 9172  iaStor - ok
21:09:22.0898 9172  [ 3A2C1EBCC6E5A7540AF36C36208F87D2 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
21:09:22.0913 9172  iaStorA - ok
21:09:22.0976 9172  [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:09:22.0991 9172  IAStorDataMgrSvc - ok
21:09:23.0007 9172  [ 1200D69DA2328EA64CDC448F08D5E57B ] iaStorF         C:\Windows\system32\drivers\iaStorF.sys
21:09:23.0022 9172  iaStorF - ok
21:09:23.0038 9172  [ E6A6A5462E693D63F7C6729945C48E9E ] iaStorS         C:\Windows\system32\drivers\iaStorS.sys
21:09:23.0054 9172  iaStorS - ok
21:09:23.0069 9172  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:09:23.0085 9172  iaStorV - ok
21:09:23.0116 9172  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:23.0147 9172  idsvc - ok
21:09:23.0147 9172  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:09:23.0163 9172  iirsp - ok
21:09:23.0194 9172  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:09:23.0225 9172  IKEEXT - ok
21:09:23.0350 9172  [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:09:23.0490 9172  IntcAzAudAddService - ok
21:09:23.0522 9172  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:09:23.0522 9172  intelide - ok
21:09:23.0537 9172  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:09:23.0553 9172  intelppm - ok
21:09:23.0553 9172  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:09:23.0584 9172  IPBusEnum - ok
21:09:23.0584 9172  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:23.0615 9172  IpFilterDriver - ok
21:09:23.0646 9172  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:09:23.0678 9172  iphlpsvc - ok
21:09:23.0678 9172  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:09:23.0693 9172  IPMIDRV - ok
21:09:23.0693 9172  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:09:23.0724 9172  IPNAT - ok
21:09:23.0740 9172  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:09:23.0756 9172  IRENUM - ok
21:09:23.0756 9172  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:09:23.0771 9172  isapnp - ok
21:09:23.0787 9172  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:09:23.0802 9172  iScsiPrt - ok
21:09:23.0818 9172  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:23.0818 9172  kbdclass - ok
21:09:23.0818 9172  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:23.0834 9172  kbdhid - ok
21:09:23.0849 9172  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:09:23.0849 9172  KeyIso - ok
21:09:23.0880 9172  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:09:23.0880 9172  KSecDD - ok
21:09:23.0912 9172  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:09:23.0912 9172  KSecPkg - ok
21:09:23.0927 9172  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:09:23.0943 9172  ksthunk - ok
21:09:23.0958 9172  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:09:23.0990 9172  KtmRm - ok
21:09:24.0021 9172  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
21:09:24.0036 9172  L1C - ok
21:09:24.0068 9172  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:09:24.0099 9172  LanmanServer - ok
21:09:24.0130 9172  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:24.0146 9172  LanmanWorkstation - ok
21:09:24.0177 9172  [ ACEC35F181075B20A5EF4A71958B13DF ] libusb0         C:\Windows\system32\drivers\libusb0.sys
21:09:24.0208 9172  libusb0 - ok
21:09:24.0239 9172  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:09:24.0286 9172  lltdio - ok
21:09:24.0286 9172  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:09:24.0317 9172  lltdsvc - ok
21:09:24.0317 9172  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:09:24.0348 9172  lmhosts - ok
21:09:24.0364 9172  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:09:24.0364 9172  LSI_FC - ok
21:09:24.0395 9172  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:09:24.0411 9172  LSI_SAS - ok
21:09:24.0426 9172  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:09:24.0426 9172  LSI_SAS2 - ok
21:09:24.0442 9172  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:09:24.0458 9172  LSI_SCSI - ok
21:09:24.0458 9172  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:09:24.0489 9172  luafv - ok
21:09:24.0489 9172  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:09:24.0504 9172  Mcx2Svc - ok
21:09:24.0520 9172  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:09:24.0520 9172  megasas - ok
21:09:24.0536 9172  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:09:24.0536 9172  MegaSR - ok
21:09:24.0567 9172  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:09:24.0582 9172  MMCSS - ok
21:09:24.0582 9172  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:09:24.0614 9172  Modem - ok
21:09:24.0629 9172  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:09:24.0645 9172  monitor - ok
21:09:24.0660 9172  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:09:24.0660 9172  mouclass - ok
21:09:24.0676 9172  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:09:24.0692 9172  mouhid - ok
21:09:24.0692 9172  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:09:24.0707 9172  mountmgr - ok
21:09:24.0738 9172  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:09:24.0754 9172  MozillaMaintenance - ok
21:09:24.0770 9172  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:09:24.0770 9172  mpio - ok
21:09:24.0785 9172  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:09:24.0816 9172  mpsdrv - ok
21:09:24.0832 9172  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:09:24.0863 9172  MpsSvc - ok
21:09:24.0879 9172  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:09:24.0894 9172  MRxDAV - ok
21:09:24.0910 9172  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:24.0926 9172  mrxsmb - ok
21:09:24.0957 9172  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:24.0957 9172  mrxsmb10 - ok
21:09:24.0972 9172  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:24.0988 9172  mrxsmb20 - ok
21:09:24.0988 9172  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:09:24.0988 9172  msahci - ok
21:09:25.0004 9172  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:09:25.0004 9172  msdsm - ok
21:09:25.0019 9172  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:09:25.0035 9172  MSDTC - ok
21:09:25.0066 9172  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:09:25.0082 9172  Msfs - ok
21:09:25.0097 9172  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:09:25.0128 9172  mshidkmdf - ok
21:09:25.0144 9172  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:09:25.0144 9172  msisadrv - ok
21:09:25.0175 9172  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:09:25.0206 9172  MSiSCSI - ok
21:09:25.0206 9172  msiserver - ok
21:09:25.0222 9172  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:09:25.0269 9172  MSKSSRV - ok
21:09:25.0284 9172  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:25.0316 9172  MSPCLOCK - ok
21:09:25.0316 9172  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:09:25.0347 9172  MSPQM - ok
21:09:25.0347 9172  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:09:25.0362 9172  MsRPC - ok
21:09:25.0378 9172  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:09:25.0378 9172  mssmbios - ok
21:09:25.0394 9172  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:09:25.0425 9172  MSTEE - ok
21:09:25.0425 9172  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:09:25.0425 9172  MTConfig - ok
21:09:25.0440 9172  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:09:25.0456 9172  Mup - ok
21:09:25.0472 9172  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:09:25.0503 9172  napagent - ok
21:09:25.0581 9172  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:09:25.0612 9172  NativeWifiP - ok
21:09:25.0643 9172  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:09:25.0690 9172  NDIS - ok
21:09:25.0690 9172  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:25.0706 9172  NdisCap - ok
21:09:25.0721 9172  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:25.0737 9172  NdisTapi - ok
21:09:25.0737 9172  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:25.0768 9172  Ndisuio - ok
21:09:25.0784 9172  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:25.0799 9172  NdisWan - ok
21:09:25.0815 9172  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:09:25.0846 9172  NDProxy - ok
21:09:25.0846 9172  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:09:25.0877 9172  NetBIOS - ok
21:09:25.0893 9172  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:09:25.0924 9172  NetBT - ok
21:09:25.0940 9172  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:09:25.0940 9172  Netlogon - ok
21:09:25.0971 9172  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:09:26.0002 9172  Netman - ok
21:09:26.0018 9172  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:09:26.0049 9172  netprofm - ok
21:09:26.0064 9172  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:26.0064 9172  NetTcpPortSharing - ok
21:09:26.0080 9172  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:09:26.0096 9172  nfrd960 - ok
21:09:26.0111 9172  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:09:26.0127 9172  NlaSvc - ok
21:09:26.0158 9172  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
21:09:26.0174 9172  npf - ok
21:09:26.0189 9172  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:09:26.0220 9172  Npfs - ok
21:09:26.0236 9172  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:09:26.0267 9172  nsi - ok
21:09:26.0267 9172  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:09:26.0298 9172  nsiproxy - ok
21:09:26.0330 9172  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:09:26.0361 9172  Ntfs - ok
21:09:26.0361 9172  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:09:26.0392 9172  Null - ok
21:09:26.0408 9172  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:09:26.0423 9172  nvraid - ok
21:09:26.0423 9172  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:09:26.0439 9172  nvstor - ok
21:09:26.0454 9172  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:09:26.0454 9172  nv_agp - ok
21:09:26.0548 9172  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:26.0564 9172  odserv - ok
21:09:26.0579 9172  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:09:26.0595 9172  ohci1394 - ok
21:09:26.0642 9172  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:26.0657 9172  ose - ok
21:09:26.0688 9172  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:09:26.0704 9172  p2pimsvc - ok
21:09:26.0720 9172  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:09:26.0735 9172  p2psvc - ok
21:09:26.0751 9172  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:09:26.0751 9172  Parport - ok
21:09:26.0782 9172  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:09:26.0782 9172  partmgr - ok
21:09:26.0798 9172  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:09:26.0813 9172  PcaSvc - ok
21:09:26.0829 9172  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:09:26.0829 9172  pci - ok
21:09:26.0844 9172  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:09:26.0844 9172  pciide - ok
21:09:26.0860 9172  [ 4EDB8D7DC85AD76C434D3037DA7631EC ] PciIsaSerial    C:\Windows\system32\drivers\PciIsaSerial.sys
21:09:26.0876 9172  PciIsaSerial - ok
21:09:26.0891 9172  [ 28C9AF2398DA99BCCD647A44F838949B ] PciPPorts       C:\Windows\system32\drivers\PciPPorts.sys
21:09:26.0907 9172  PciPPorts - ok
21:09:26.0938 9172  [ 443BCB6D87ACE6F3FCDC65B299DD3EB7 ] PciSPorts       C:\Windows\system32\drivers\PciSPorts.sys
21:09:26.0954 9172  PciSPorts - ok
21:09:26.0969 9172  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:09:26.0985 9172  pcmcia - ok
21:09:27.0000 9172  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:09:27.0016 9172  pcw - ok
21:09:27.0032 9172  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:09:27.0063 9172  PEAUTH - ok
21:09:27.0110 9172  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:09:27.0141 9172  PerfHost - ok
21:09:27.0172 9172  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:09:27.0219 9172  pla - ok
21:09:27.0250 9172  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:09:27.0297 9172  PlugPlay - ok
21:09:27.0312 9172  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:09:27.0328 9172  PNRPAutoReg - ok
21:09:27.0344 9172  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:09:27.0359 9172  PNRPsvc - ok
21:09:27.0390 9172  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:09:27.0422 9172  PolicyAgent - ok
21:09:27.0437 9172  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:09:27.0468 9172  Power - ok
21:09:27.0468 9172  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:09:27.0500 9172  PptpMiniport - ok
21:09:27.0515 9172  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:09:27.0515 9172  Processor - ok
21:09:27.0546 9172  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:09:27.0578 9172  ProfSvc - ok
21:09:27.0593 9172  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:27.0609 9172  ProtectedStorage - ok
21:09:27.0609 9172  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:09:27.0640 9172  Psched - ok
21:09:27.0671 9172  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:09:27.0702 9172  ql2300 - ok
21:09:27.0718 9172  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:09:27.0718 9172  ql40xx - ok
21:09:27.0734 9172  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:09:27.0749 9172  QWAVE - ok
21:09:27.0749 9172  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:09:27.0765 9172  QWAVEdrv - ok
21:09:27.0765 9172  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:09:27.0796 9172  RasAcd - ok
21:09:27.0812 9172  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:27.0858 9172  RasAgileVpn - ok
21:09:27.0874 9172  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:09:27.0905 9172  RasAuto - ok
21:09:27.0905 9172  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:27.0936 9172  Rasl2tp - ok
21:09:27.0952 9172  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:09:27.0983 9172  RasMan - ok
21:09:27.0983 9172  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:28.0014 9172  RasPppoe - ok
21:09:28.0014 9172  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:09:28.0046 9172  RasSstp - ok
21:09:28.0061 9172  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:09:28.0077 9172  rdbss - ok
21:09:28.0092 9172  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:09:28.0108 9172  rdpbus - ok
21:09:28.0124 9172  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:28.0139 9172  RDPCDD - ok
21:09:28.0155 9172  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:09:28.0186 9172  RDPENCDD - ok
21:09:28.0186 9172  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:09:28.0217 9172  RDPREFMP - ok
21:09:28.0280 9172  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:28.0295 9172  RdpVideoMiniport - ok
21:09:28.0326 9172  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:09:28.0373 9172  RDPWD - ok
21:09:28.0389 9172  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:09:28.0404 9172  rdyboost - ok
21:09:28.0436 9172  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:09:28.0482 9172  RemoteAccess - ok
21:09:28.0482 9172  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:09:28.0514 9172  RemoteRegistry - ok
21:09:28.0514 9172  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:09:28.0545 9172  RpcEptMapper - ok
21:09:28.0560 9172  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:09:28.0576 9172  RpcLocator - ok
21:09:28.0592 9172  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:09:28.0623 9172  RpcSs - ok
21:09:28.0670 9172  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:09:28.0716 9172  rspndr - ok
21:09:28.0763 9172  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:09:28.0779 9172  SamSs - ok
21:09:28.0826 9172  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:09:28.0841 9172  sbp2port - ok
21:09:28.0857 9172  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:09:28.0904 9172  SCardSvr - ok
21:09:28.0919 9172  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:09:28.0950 9172  scfilter - ok
21:09:28.0982 9172  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:09:29.0044 9172  Schedule - ok
21:09:29.0060 9172  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:09:29.0091 9172  SCPolicySvc - ok
21:09:29.0106 9172  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:09:29.0122 9172  SDRSVC - ok
21:09:29.0200 9172  [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:09:29.0262 9172  SDScannerService - ok
21:09:29.0294 9172  [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:09:29.0325 9172  SDUpdateService - ok
21:09:29.0340 9172  [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:09:29.0340 9172  SDWSCService - ok
21:09:29.0340 9172  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:09:29.0372 9172  secdrv - ok
21:09:29.0387 9172  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:09:29.0403 9172  seclogon - ok
21:09:29.0418 9172  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:09:29.0450 9172  SENS - ok
21:09:29.0450 9172  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:09:29.0465 9172  SensrSvc - ok
21:09:29.0481 9172  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:09:29.0496 9172  Serenum - ok
21:09:29.0512 9172  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
21:09:29.0512 9172  Serial - ok
21:09:29.0528 9172  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:09:29.0528 9172  sermouse - ok
21:09:29.0543 9172  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:09:29.0574 9172  SessionEnv - ok
21:09:29.0574 9172  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:09:29.0590 9172  sffdisk - ok
21:09:29.0590 9172  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:09:29.0590 9172  sffp_mmc - ok
21:09:29.0606 9172  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:09:29.0606 9172  sffp_sd - ok
21:09:29.0621 9172  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:09:29.0637 9172  sfloppy - ok
21:09:29.0668 9172  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:09:29.0699 9172  SharedAccess - ok
21:09:29.0715 9172  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:29.0746 9172  ShellHWDetection - ok
21:09:29.0762 9172  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:09:29.0762 9172  SiSRaid2 - ok
21:09:29.0777 9172  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:09:29.0793 9172  SiSRaid4 - ok
21:09:29.0871 9172  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:09:29.0886 9172  SkypeUpdate - ok
21:09:29.0902 9172  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:09:29.0949 9172  Smb - ok
21:09:29.0964 9172  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:09:29.0980 9172  SNMPTRAP - ok
21:09:29.0980 9172  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:09:29.0980 9172  spldr - ok
21:09:30.0011 9172  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:09:30.0042 9172  Spooler - ok
21:09:30.0105 9172  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:09:30.0198 9172  sppsvc - ok
21:09:30.0214 9172  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:09:30.0230 9172  sppuinotify - ok
21:09:30.0261 9172  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:09:30.0276 9172  srv - ok
21:09:30.0292 9172  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:09:30.0308 9172  srv2 - ok
21:09:30.0308 9172  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:09:30.0323 9172  srvnet - ok
21:09:30.0339 9172  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:09:30.0370 9172  SSDPSRV - ok
21:09:30.0386 9172  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:09:30.0417 9172  SstpSvc - ok
21:09:30.0432 9172  Steam Client Service - ok
21:09:30.0448 9172  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:09:30.0464 9172  stexstor - ok
21:09:30.0495 9172  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:09:30.0526 9172  stisvc - ok
21:09:30.0526 9172  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:09:30.0542 9172  swenum - ok
21:09:30.0557 9172  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:09:30.0588 9172  swprv - ok
21:09:30.0635 9172  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:09:30.0666 9172  SysMain - ok
21:09:30.0682 9172  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:30.0682 9172  TabletInputService - ok
21:09:30.0698 9172  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:09:30.0729 9172  TapiSrv - ok
21:09:30.0760 9172  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:09:30.0791 9172  TBS - ok
21:09:30.0838 9172  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:09:30.0869 9172  Tcpip - ok
21:09:30.0900 9172  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:09:30.0932 9172  TCPIP6 - ok
21:09:30.0963 9172  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:09:30.0963 9172  tcpipreg - ok
21:09:30.0963 9172  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:09:30.0994 9172  TDPIPE - ok
21:09:30.0994 9172  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:09:30.0994 9172  TDTCP - ok
21:09:31.0010 9172  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:09:31.0041 9172  tdx - ok
21:09:31.0041 9172  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:09:31.0056 9172  TermDD - ok
21:09:31.0072 9172  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:09:31.0103 9172  TermService - ok
21:09:31.0103 9172  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:09:31.0119 9172  Themes - ok
21:09:31.0134 9172  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:09:31.0150 9172  THREADORDER - ok
21:09:31.0150 9172  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:09:31.0181 9172  TrkWks - ok
21:09:31.0212 9172  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:31.0244 9172  TrustedInstaller - ok
21:09:31.0275 9172  [ 59BD43714E1034A913F019413905D387 ] TS4NT           C:\Windows\system32\Drivers\TS4nt.sys
21:09:31.0290 9172  TS4NT - ok
21:09:31.0353 9172  [ 025D02D851EBDDA5B59B6ECD3EF558F6 ] TSNxGService    C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
21:09:31.0368 9172  TSNxGService - ok
21:09:31.0384 9172  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:31.0431 9172  tssecsrv - ok
21:09:31.0446 9172  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:09:31.0462 9172  TsUsbFlt - ok
21:09:31.0493 9172  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:09:31.0509 9172  TsUsbGD - ok
21:09:31.0540 9172  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:09:31.0556 9172  tunnel - ok
21:09:31.0571 9172  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:09:31.0571 9172  uagp35 - ok
21:09:31.0587 9172  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:09:31.0618 9172  udfs - ok
21:09:31.0634 9172  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:09:31.0634 9172  UI0Detect - ok
21:09:31.0665 9172  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:09:31.0665 9172  uliagpkx - ok
21:09:31.0680 9172  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:09:31.0680 9172  umbus - ok
21:09:31.0712 9172  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:09:31.0712 9172  UmPass - ok
21:09:31.0727 9172  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:09:31.0758 9172  upnphost - ok
21:09:31.0758 9172  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:31.0774 9172  usbccgp - ok
21:09:31.0790 9172  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:09:31.0790 9172  usbcir - ok
21:09:31.0805 9172  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:09:31.0821 9172  usbehci - ok
21:09:31.0836 9172  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
21:09:31.0836 9172  usbhub - ok
21:09:31.0852 9172  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:09:31.0868 9172  usbohci - ok
21:09:31.0883 9172  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:09:31.0883 9172  usbprint - ok
21:09:31.0914 9172  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:09:31.0946 9172  usbscan - ok
21:09:31.0946 9172  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:31.0977 9172  USBSTOR - ok
21:09:31.0977 9172  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:09:31.0977 9172  usbuhci - ok
21:09:31.0992 9172  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:09:32.0024 9172  UxSms - ok
21:09:32.0024 9172  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:09:32.0024 9172  VaultSvc - ok
21:09:32.0039 9172  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:09:32.0055 9172  vdrvroot - ok
21:09:32.0070 9172  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:09:32.0086 9172  vds - ok
21:09:32.0102 9172  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:32.0117 9172  vga - ok
21:09:32.0117 9172  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:09:32.0148 9172  VgaSave - ok
21:09:32.0180 9172  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:09:32.0180 9172  vhdmp - ok
21:09:32.0180 9172  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:09:32.0195 9172  viaide - ok
21:09:32.0195 9172  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:09:32.0211 9172  volmgr - ok
21:09:32.0211 9172  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:09:32.0226 9172  volmgrx - ok
21:09:32.0242 9172  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:09:32.0258 9172  volsnap - ok
21:09:32.0273 9172  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:09:32.0273 9172  vsmraid - ok
21:09:32.0304 9172  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:09:32.0351 9172  VSS - ok
21:09:32.0367 9172  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:09:32.0367 9172  vwifibus - ok
21:09:32.0398 9172  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:09:32.0414 9172  vwififlt - ok
21:09:32.0414 9172  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:09:32.0429 9172  vwifimp - ok
21:09:32.0445 9172  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:09:32.0476 9172  W32Time - ok
21:09:32.0476 9172  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:09:32.0492 9172  WacomPen - ok
21:09:32.0507 9172  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:09:32.0523 9172  WANARP - ok
21:09:32.0538 9172  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:09:32.0554 9172  Wanarpv6 - ok
21:09:32.0585 9172  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:09:32.0601 9172  wbengine - ok
21:09:32.0632 9172  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:09:32.0663 9172  WbioSrvc - ok
21:09:32.0679 9172  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:09:32.0694 9172  wcncsvc - ok
21:09:32.0710 9172  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:09:32.0726 9172  WcsPlugInService - ok
21:09:32.0741 9172  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:09:32.0757 9172  Wd - ok
21:09:32.0788 9172  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:09:32.0819 9172  Wdf01000 - ok
21:09:32.0819 9172  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:09:32.0835 9172  WdiServiceHost - ok
21:09:32.0835 9172  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:09:32.0850 9172  WdiSystemHost - ok
21:09:32.0882 9172  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:09:32.0897 9172  WebClient - ok
21:09:32.0913 9172  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:09:32.0928 9172  Wecsvc - ok
21:09:32.0944 9172  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:09:32.0975 9172  wercplsupport - ok
21:09:33.0006 9172  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:09:33.0022 9172  WerSvc - ok
21:09:33.0022 9172  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:33.0053 9172  WfpLwf - ok
21:09:33.0053 9172  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:09:33.0069 9172  WIMMount - ok
21:09:33.0084 9172  WinDefend - ok
21:09:33.0100 9172  WinHttpAutoProxySvc - ok
21:09:33.0147 9172  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:09:33.0194 9172  Winmgmt - ok
21:09:33.0240 9172  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:09:33.0287 9172  WinRM - ok
21:09:33.0334 9172  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:33.0350 9172  WinUsb - ok
21:09:33.0381 9172  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:09:33.0428 9172  Wlansvc - ok
21:09:33.0568 9172  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:09:33.0646 9172  wlidsvc - ok
21:09:33.0646 9172  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:09:33.0662 9172  WmiAcpi - ok
21:09:33.0662 9172  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:09:33.0677 9172  wmiApSrv - ok
21:09:33.0693 9172  WMPNetworkSvc - ok
21:09:33.0708 9172  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:09:33.0724 9172  WPCSvc - ok
21:09:33.0724 9172  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:09:33.0740 9172  WPDBusEnum - ok
21:09:33.0755 9172  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:09:33.0771 9172  ws2ifsl - ok
21:09:33.0786 9172  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:09:33.0802 9172  wscsvc - ok
21:09:33.0802 9172  WSearch - ok
21:09:33.0849 9172  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:09:33.0927 9172  wuauserv - ok
21:09:33.0958 9172  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:09:33.0958 9172  WudfPf - ok
21:09:33.0989 9172  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:33.0989 9172  WUDFRd - ok
21:09:34.0005 9172  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:09:34.0020 9172  wudfsvc - ok
21:09:34.0036 9172  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:09:34.0083 9172  WwanSvc - ok
21:09:34.0114 9172  ================ Scan global ===============================
21:09:34.0130 9172  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:09:34.0161 9172  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:09:34.0176 9172  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:09:34.0192 9172  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:09:34.0192 9172  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:09:34.0208 9172  [Global] - ok
21:09:34.0208 9172  ================ Scan MBR ==================================
21:09:34.0208 9172  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:09:34.0442 9172  \Device\Harddisk0\DR0 - ok
21:09:34.0442 9172  ================ Scan VBR ==================================
21:09:34.0442 9172  [ 2C8D2B004C5D2C1D4CBD76172D6A3B3A ] \Device\Harddisk0\DR0\Partition1
21:09:34.0442 9172  \Device\Harddisk0\DR0\Partition1 - ok
21:09:34.0457 9172  [ D2161D0873AF8C73EE8FBE6F9B0C3644 ] \Device\Harddisk0\DR0\Partition2
21:09:34.0473 9172  \Device\Harddisk0\DR0\Partition2 - ok
21:09:34.0473 9172  [ 421781F5EB31D5D2E9A9DDD76C68112C ] \Device\Harddisk0\DR0\Partition3
21:09:34.0473 9172  \Device\Harddisk0\DR0\Partition3 - ok
21:09:34.0473 9172  ============================================================
21:09:34.0473 9172  Scan finished
21:09:34.0473 9172  ============================================================
21:09:34.0488 10476  Detected object count: 2
21:09:34.0488 10476  Actual detected object count: 2
21:10:44.0767 10476  Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:44.0767 10476  Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:44.0767 10476  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:44.0767 10476  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:11:57.0706 5156  Deinitialize success
         
__________________

Alt 09.06.2013, 20:17   #4
markusg
/// Malware-holic
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 11:28   #5
Paulinchen
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Hallo,
ich konnte GData nicht komplett ausstellen. Ich habe Funktionen wie den Wächter deaktiviert, das Programm hat trotzdem bei jeder Aktion von Combofix gemeckert. Mein eigentliches Problem (Vielleicht hängt es auch mit GData zusammen) ist, dass Combofix schon seit über einer Stunde nichts mehr macht. Er zeigt an, dass Stufe 4 fertig gestellt wurde und mehr ist in der letzten Stunde nicht passiert. Was soll ich jetzt machen?
LG


Alt 10.06.2013, 11:31   #6
markusg
/// Malware-holic
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



kannst du in gdata, nutze es nicht selbst, die verhaltensanalyse und selbstschutz funktionen beenden?
combofix abbrechen, evtl. via pc neustart
__________________
--> Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite

Alt 10.06.2013, 12:28   #7
Paulinchen
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Okay jetzt hat es geklappt.

Code:
ATTFilter
ComboFix 13-06-08.02 - Ute 10.06.2013  13:11:26.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8175.6162 [GMT 2:00]
ausgeführt von:: d:\benutzer\Ute.UTE-PC\Desktop\ComboFix.exe
AV: G Data TotalProtection 2013 *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data TotalProtection 2013 *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\coontinueetosavee
c:\programdata\coontinueetosavee\519b1b6e189e2.dll
c:\programdata\coontinueetosavee\519b1b6e189e2.tlb
c:\programdata\coontinueetosavee\data\coontinueetosavee.dat
c:\programdata\coontinueetosavee\settings.ini
c:\programdata\coontinueetosavee\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinueetosavee
c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinueetosavee\coontinueetosavee.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinueetosavee\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\519b1b8d6ca6a.dll
c:\programdata\SearchNewTab\519b1b8d6ca6a.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\windows\SysWow64\ChilkatMail_v7_9.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI38FB.txt
c:\windows\tmp\dd_vcredistUI38FB.txt
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-10 bis 2013-06-10  ))))))))))))))))))))))))))))))
.
.
2013-06-09 16:23 . 2013-06-09 16:23	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-09 16:22 . 2013-06-09 17:05	--------	d-----w-	c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-09 16:22 . 2013-06-09 16:22	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-09 16:04 . 2013-06-09 16:04	388096	----a-r-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-09 16:04 . 2013-06-09 16:04	--------	d-----w-	c:\program files (x86)\Trend Micro
2013-06-07 20:46 . 2013-06-07 20:46	--------	d-----w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Atari
2013-06-07 19:52 . 2013-06-09 10:30	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2013-06-07 19:52 . 2013-06-10 11:01	--------	d-----w-	c:\program files (x86)\Steam
2013-06-07 19:34 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB9DD5F7-94BC-4A4D-90D0-AEF50D128E97}\mpengine.dll
2013-06-07 19:34 . 2013-06-07 19:34	--------	d-----w-	c:\windows\ERUNT
2013-06-07 19:33 . 2013-06-09 16:00	--------	d-----w-	C:\JRT
2013-06-03 16:19 . 2013-06-03 16:24	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-05-21 06:17 . 2013-05-21 06:17	--------	d-----w-	c:\programdata\StarApp
2013-05-21 06:16 . 2013-05-21 06:16	--------	d-----w-	c:\program files (x86)\WebSearch
2013-05-21 06:16 . 2013-05-21 06:16	--------	d-----w-	c:\program files (x86)\ContinueToSave
2013-05-21 06:15 . 2013-05-21 06:17	--------	d-----w-	c:\programdata\InstallMate
2013-05-16 17:05 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 22:06 . 2012-04-13 06:12	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-16 18:04 . 2012-12-27 13:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 18:04 . 2012-12-27 13:07	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 16:54 . 2010-06-24 09:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 17:05	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 17:05	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 17:05	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 17:05	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 17:05	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 17:05	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:10	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-05 13:47 . 2013-04-05 13:47	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-05 13:47 . 2013-04-05 13:47	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 13:47 . 2013-04-05 13:47	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-05 13:47 . 2013-04-05 13:47	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-05 13:47 . 2013-04-05 13:47	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-05 13:47 . 2013-04-05 13:47	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-05 13:47 . 2013-04-05 13:47	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 13:47 . 2013-04-05 13:47	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 13:47 . 2013-04-05 13:47	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-05 13:47 . 2013-04-05 13:47	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-05 13:47 . 2013-04-05 13:47	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-05 13:47 . 2013-04-05 13:47	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-05 13:47 . 2013-04-05 13:47	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-05 13:47 . 2013-04-05 13:47	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-05 13:47 . 2013-04-05 13:47	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-05 13:47 . 2013-04-05 13:47	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-05 13:47 . 2013-04-05 13:47	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-05 13:47 . 2013-04-05 13:47	441856	----a-w-	c:\windows\system32\html.iec
2013-04-05 13:47 . 2013-04-05 13:47	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-05 13:47 . 2013-04-05 13:47	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-05 13:47 . 2013-04-05 13:47	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-05 13:47 . 2013-04-05 13:47	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-05 13:47 . 2013-04-05 13:47	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-05 13:47 . 2013-04-05 13:47	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-05 13:47 . 2013-04-05 13:47	235008	----a-w-	c:\windows\system32\url.dll
2013-04-05 13:47 . 2013-04-05 13:47	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-05 13:47 . 2013-04-05 13:47	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-05 13:47 . 2013-04-05 13:47	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-05 13:47 . 2013-04-05 13:47	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-05 13:47 . 2013-04-05 13:47	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-05 13:47 . 2013-04-05 13:47	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-05 13:47 . 2013-04-05 13:47	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-05 13:47 . 2013-04-05 13:47	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-05 13:47 . 2013-04-05 13:47	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-05 13:47 . 2013-04-05 13:47	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-05 13:47 . 2013-04-05 13:47	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-05 13:47 . 2013-04-05 13:47	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-05 13:47 . 2013-04-05 13:47	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-05 13:47 . 2013-04-05 13:47	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-05 13:47 . 2013-04-05 13:47	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-05 13:47 . 2013-04-05 13:47	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-05 13:47 . 2013-04-05 13:47	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-05 13:47 . 2013-04-05 13:47	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-05 13:47 . 2013-04-05 13:47	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-05 13:47 . 2013-04-05 13:47	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-05 13:47 . 2013-04-05 13:47	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-05 13:47 . 2013-04-05 13:47	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 13:47 . 2013-04-05 13:47	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 13:47 . 2013-04-05 13:47	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-05 13:47 . 2013-04-05 13:47	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-05 13:47 . 2013-04-05 13:47	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-05 13:47 . 2013-04-05 13:47	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-05 13:47 . 2013-04-05 13:47	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-05 13:47 . 2013-04-05 13:47	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-05 13:47 . 2013-04-05 13:47	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-05 13:47 . 2013-04-05 13:47	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 13:47 . 2013-04-05 13:47	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-05 13:47 . 2013-04-05 13:47	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-05 13:47 . 2013-04-05 13:47	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-05 13:47 . 2013-04-05 13:47	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-05 13:47 . 2013-04-05 13:47	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-05 13:47 . 2013-04-05 13:47	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-05 13:47 . 2013-04-05 13:47	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-05 13:47 . 2013-04-05 13:47	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 13:47 . 2013-04-05 13:47	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-05 13:47 . 2013-04-05 13:47	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 13:47 . 2013-04-05 13:47	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-05 13:47 . 2013-04-05 13:47	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-05 13:47 . 2013-04-05 13:47	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-05 13:47 . 2013-04-05 13:47	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-05 13:47 . 2013-04-05 13:47	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-04-05 13:47 . 2013-04-05 13:47	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-05 13:47 . 2013-04-05 13:47	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	130736	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	130736	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	130736	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-03-08 393216]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
d:\benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
IML.lnk -  [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
2;2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys;c:\windows\SYSNATIVE\drivers\GdNetMon64.sys [x]
R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys;c:\windows\SYSNATIVE\drivers\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys;c:\windows\SYSNATIVE\drivers\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys;c:\windows\SYSNATIVE\drivers\PciSPorts.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys;c:\windows\SYSNATIVE\Drivers\TS4nt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [x]
S2 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 18:04]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001Core.job
- d:\benutzer\Ute.UTE-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 22:47]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001UA.job
- d:\benutzer\Ute.UTE-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 22:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - d:\benutzer\Ute.UTE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\z5644nf8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14
FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q=
FF - ExtSQL: 2013-05-21 08:59; xm35ji@ldnihz.net; d:\benutzer\Ute.UTE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\z5644nf8.default\extensions\xm35ji@ldnihz.net
FF - ExtSQL: 2013-05-21 09:00; bxhrd30f4b@rmtbtcamxg.net; d:\benutzer\Ute.UTE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\z5644nf8.default\extensions\bxhrd30f4b@rmtbtcamxg.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
BHO-{4FBC9915-89A7-FF85-80B0-6C8E0AB6F49F} - c:\programdata\SearchNewTab\519b1b8d6ca6a.dll
BHO-{E4158A8A-BBCF-35C9-3261-8FE8CB943B95} - c:\programdata\coontinueetosavee\519b1b6e189e2.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\coontinueetosavee\uninstall.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-10  13:21:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-10 11:21
.
Vor Suchlauf: 10 Verzeichnis(se), 22.173.896.704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 21.622.185.984 Bytes frei
.
- - End Of File - - EEADBC97190961A8F9A74A0F7D0A6532
D41D8CD98F00B204E9800998ECF8427E
         

Alt 10.06.2013, 12:37   #8
markusg
/// Malware-holic
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



für Malwarebytes auch wieder GDATA aus bitte
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 15:25   #9
Paulinchen
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Hallo,
das Programm ist durchgelaufen, hat aber nichts gefunden. Hier der log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Ute :: UTE-PC [Administrator]

Schutz: Aktiviert

10.06.2013 15:41:54
mbam-log-2013-06-10 (15-41-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431400
Laufzeit: 40 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 10.06.2013, 18:10   #10
markusg
/// Malware-holic
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 15:24   #11
Paulinchen
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



Hier die Liste:
Code:
ATTFilter
7-Zip 9.22beta		23.09.2012												nötig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	10.06.2013	6,00MB	11.7.700.224				nötig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	10.06.2013	6,00MB	11.7.700.224				nötig
Adobe Reader X (10.0.1) MUI	Adobe Systems Incorporated	11.04.2012	472MB	10.0.1					nötig
Amazon Kindle	Amazon	09.08.2012												nötig
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	02.03.2013	26,4MB	8.0.903.0				nötig
Apple Application Support	Apple Inc.	03.03.2013	65,1MB	2.3							unbekannt
Apple Software Update	Apple Inc.	22.09.2012	2,38MB	2.1.3.127							unbekannt 
Ashampoo Burning Studio 2013 v.11.0.5	Ashampoo GmbH & Co. KG	19.12.2012	206MB	11.0.5					nötig
Big City Adventure: London Classic	INTENIUM GmbH	19.10.2012		1.0.0.0						unbekannt
calibre 64bit	Kovid Goyal	20.05.2013	163,9MB	0.9.31									nötig
CCleaner	Piriform	02.06.2012		3.14									nötig
CDBurnerXP	CDBurnerXP	02.06.2012	17,9MB	4.4.0.2838								nötig
ContinueToSave 1.74		20.05.2012											unbekannt		
coontinueetosavee	continue to save	20.05.2012									unbekannt
DAEMON Tools Lite	DT Soft Ltd	25.12.2012		4.46.1.0327							nötig
Die Sims™ 3	Electronic Arts	14.03.2013		1.50.56									nötig
Die Sims™ 3 Einfach tierisch	Electronic Arts	08.02.2013		10.0.96							nötig
Die Sims™ 3 Jahreszeiten	Electronic Arts	08.02.2013		16.0.136						nötig
Die Sims™ 3 Late Night	Electronic Arts	08.02.2013		6.0.81								nötig
Die Sims™ 3 Lebensfreude	Electronic Arts	08.02.2013		8.0.152							nötig
Die Sims™ 3 Luxus-Accessoires	Electronic Arts	08.02.2013		3.0.38							nötig
Die Sims™ 3 Reiseabenteuer	Electronic Arts	08.02.2013		2.0.86							nötig
Die Sims™ 3 Showtime	Electronic Arts	08.02.2013		12.0.273							nötig
Die Sims™ 3 Stadt-Accessoires	Electronic Arts	08.02.2013		9.0.73							nötig
Die Sims™ 3 Supernatural	Electronic Arts	08.02.2013		15.0.135						nötig
Die Sims™ 3 Traumkarrieren	Electronic Arts	08.02.2013		4.0.87							nötig
Die Sims™ 3 Traumsuite-Accessoires	Electronic Arts	08.02.2013		11.0.84						nötig
Die Suche nach dem Goldschatz		25.06.2012										unbekannt
Dropbox	Dropbox, Inc.	08.06.2013		2.0.22										nötig
ElsterFormular	Landesfinanzdirektion Thüringen	01.12.2012	163,9MB	13.4.1.10296						nötig
Etron USB3.0 Host Controller	Etron Technology	11.04.2012	5,23MB	0.101						unbekannt
Exzellent, Eure Majestät!	INTENIUM GmbH	09.11.2012		1.0.0.0							unbekannt
FarmFrenzy		30.07.2012												unbekannt		
Freemake Video Downloader	Ellora Assets Corporation	02.06.2012	32,5MB	3.0.1					unbekannt
G Data TotalProtection 2012	G Data Software AG	02.06.2012	130,9MB	22.0.0.0					nötig
Google Chrome	Google Inc.	02.06.2012		27.0.1453.110								nötig
HiJackThis	Trend Micro	08.06.2013	0,36MB	1.0.0									unnötig?
Intel(R) Rapid Storage Technology	Intel Corporation	12.04.2012		11.1.0.1006				nötig
Java 7 Update 21	Oracle	18.03.2013	129,1MB	7.0.210									nötig
Kobo	Kobo Inc.	18.11.2012		3.0.4										nötig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	09.06.2013	19,3MB	1.75.0.1300		nötig?
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.04.2012	38,8MB	4.0.30319			nötig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	12.04.2012	2,94MB	4.0.30319	nötig
Microsoft Office File Validation Add-In	Microsoft Corporation	31.01.2013	7,95MB	14.0.5130.5003				nötig
Microsoft Office Home and Student 2007	Microsoft Corporation	21.12.2012		12.0.6612.1000				nötig
Microsoft Silverlight	Microsoft Corporation	12.03.2013	50,2MB	5.1.20125.0						nötig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	11.04.2012	1,70MB	3.1.0000			nötig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	10.02.2013	0,29MB	8.0.61001			unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	11.04.2012	0,77MB	9.0.30729.4148	unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	21.12.2012	0,76MB	9.0.30729.6161	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	07.06.2012	0,58MB	9.0.30729	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	11.04.2012	0,58MB	9.0.30729.4148	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	21.12.2012	0,58MB	9.0.30729.6161	unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	22.12.2012	13,7MB	10.0.30319	unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	22.12.2012	11,0MB	10.0.30319	unbekannt
Microsoft WSE 3.0 Runtime	Microsoft Corp.	08.02.2013	0,92MB	3.0.5305.0						unbekannt
Mozilla Firefox 21.0 (x86 de)	Mozilla	20.05.2013	44,6MB	21.0								nötig
Mozilla Maintenance Service	Mozilla	20.05.2013	0,33MB	21.0								nötig
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	03.06.2012	38,1MB	12.0.1							nötig
Origin	Electronic Arts, Inc.	08.02.2013		9.1.12.73								unnötig
Paint.NET v3.5.10	dotPDN LLC	02.06.2012	10,7MB	3.60.0								nötig
PDF-XChange Viewer		03.06.2012											nötig
QuickTime	Apple Inc.	03.03.2013	73,2MB	7.73.80.64								nötig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	11.04.2012		6.0.1.6526			nötig
Roads Of Rome	Realore Studios	22.06.2012											nötig
RollerCoaster Tycoon 3: Platinum!	Frontier	06.06.2013								nötig
RTL GAME CENTER	INTENIUM GmbH	19.10.2012		1.0.0.46								unbekannt
Search Assistant WebSearch 1.74		20.05.2012										unbekannt
SearchNewTab	SearchNewTab	20.05.2012											unbekannt		
Skype™ 5.10	Skype Technologies S.A.	22.12.2012	19,4MB	5.10.116							nötig
SmartTools Publishing • Excel Finanzplan 2013	SmartTools Publishing	21.12.2012		v4.00				unbekannt
Steam	Valve Corporation	06.06.2013	35,5MB	1.0.0.0									nötig
The Next BIG Thing (Deutsch)	CRIMSON COW	07.06.2012		1.00							nötig
VLC media player 1.1.11	VideoLAN	02.06.2012		1.1.11								nötig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	11.04.2012	5,58MB	15.4.5722.2	wahrscheinlich nötig		
WinPcap 4.1.2	CACE Technologies	02.06.2012		4.1.0.2001							unbekannt
Zylom Games Player Plugin	Zylom Games	08.06.2012									unbekannt
Zylom Games Player Plugin	Zylom Games	09.06.2012									unbekannt
         
LG

Alt 13.06.2013, 18:21   #12
markusg
/// Malware-holic
 
Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Standard

Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Big City
ContinueToSave
coontinueetosavee
Die Suche
Exzellent,
FarmFrenzy
Freemake

G Data
G Data TotalProtection - G Data Software AG
bitte auf 2014 upgraden, sollte kostenlos sein.

deinstaliere:
HiJackThis auch nicht mehr verwenden bitte
Origin
Search Assistant
SearchNewTab
Zylom : beide

Öffne CCleaner, analysieren, starten, pcneustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite
4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, antivirus, application/pdf:, autorun, bereit, bho, browser, computer, continue, error, firefox, flash player, helper, hijack, home, iexplore.exe, install.exe, installation, logfile, mozilla, plug-in, problem, realtek, registry, safer networking, scan, security, senden, software, super, svchost.exe, totalprotection, tracker, tunnel, windows




Ähnliche Themen: Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite


  1. Websearch.searchisfun.info entfernen
    Anleitungen, FAQs & Links - 16.08.2015 (2)
  2. websearch.coolsearches.info entfernen
    Anleitungen, FAQs & Links - 04.04.2015 (2)
  3. websearch.goodforsearch.info entfernen
    Anleitungen, FAQs & Links - 04.04.2015 (2)
  4. Websearch.searchdominion.info entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  5. websearch.look-for-it.info entfernen
    Anleitungen, FAQs & Links - 15.02.2015 (2)
  6. Firefox Startseite http://websearch.searchoholic.info
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (23)
  7. websearch.searchmania.info entfernen
    Anleitungen, FAQs & Links - 26.11.2014 (2)
  8. Websearch.allsearches.info entfernen
    Anleitungen, FAQs & Links - 26.09.2014 (2)
  9. Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.
    Log-Analyse und Auswertung - 01.08.2014 (3)
  10. Websearch.wonderfulsearches.info entfernen
    Anleitungen, FAQs & Links - 21.07.2014 (2)
  11. websearch.flyandsearch.info entfernen
    Anleitungen, FAQs & Links - 08.07.2014 (2)
  12. Websearch.calcitapp.info entfernen
    Anleitungen, FAQs & Links - 01.07.2014 (2)
  13. Websearch.searchissimple.info entfernen
    Anleitungen, FAQs & Links - 28.03.2014 (2)
  14. Websearch.searchsunmy.info entfernen
    Anleitungen, FAQs & Links - 19.12.2013 (2)
  15. http://websearch.oversearch.info
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (9)
  16. Chrome|Firefox lädt keine Seiten (websearch.mocaflix.com)
    Log-Analyse und Auswertung - 11.04.2013 (9)
  17. delta-search Startseite in Google Chrome und Firefox
    Log-Analyse und Auswertung - 26.02.2013 (4)

Zum Thema Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite - Hallo, es ist ein Segen, dass es solche Foren gibt! Dies ist der Computer meiner Mutter. Ein Problem hab ich im Titel ja schon genannt. Ich weiß nicht wie lange - Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite...
Archiv
Du betrachtest: Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.