| |  Browser wird immer langsamer, Websites melden gehäufte Anfragen
 Hallo zusammen,
ich brauche eure Hilfe!
Seit einiger Zeit habe ich immer größere Probleme mit meinem PC. Grundsätzlich sind die Probleme eher unspezifisch: PC und Browser werden immer langsamer, der PC ist mittlerweile beim Windows-Start, also sobald der Desktop erscheint, unwahrscheinlich langsam. Es kann schonmal ne Minute vergehen, bis alles geladen ist und die Internetverbindung steht.
Manchmal allerdings gibt es auch konkrete Hinweise auf Malware: Vor einigen Tagen zeigte Youtube an, dass von meinem PC ungewöhnlich viele Anfragen ausgehen (hatte ich schonmal, als mein PC "befallen" war. Zudem wird mir, wenn ich bei google etwas suche, manchmal die Ergebnisseite einer wenig vertrauenswürdigen Seite angezeigt statt der Google Ergenisseite. Den Namen der Seite poste ich hier, sobald es wieder passiert. Für Hilfe bzw. eine grundsätzliche Analyse meines Systems hier wäre ich sehr dankbar.
Hinweise:
1. OTL hat keine Extra.txt produziert.
2. Ich konnte den Echtzeitscanner von Antivir nicht beenden, obwohl ich Admin bin (Fehlermeldung, ich habe "keinen Zugriff auf diesen Pfad", die betroffene Datei im Antivir-Ordner heißt ccuac.exe)
3. Ich habe bei GMER den Quick-Scan ausgeführt, hoffe das war richtig.
OTL-Log: Zitat:
OTL logfile created on: 24.07.2013 17:37:57 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Musemann\Desktop\Media und Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 42,51% Memory free
7,49 Gb Paging File | 4,92 Gb Available in Paging File | 65,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 53,99 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,50% Space Free | Partition Type: FAT32
Computer Name: MUSEMANNS-HP | User Name: Musemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.24 17:07:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Musemann\Desktop\Media und Tools\OTL.exe
PRC - [2013.06.27 16:25:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.27 16:24:59 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.27 16:24:58 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.13 13:21:42 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2013.05.13 13:20:28 | 000,366,408 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2013.05.13 13:20:20 | 000,260,424 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2013.05.13 13:20:16 | 000,376,648 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.08.10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010.07.30 05:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VPN Client\cvpnd.exe
PRC - [2010.03.07 00:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
========== Modules (No Company Name) ==========
MOD - [2013.07.12 13:12:13 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\JSON\2b2a1dcabd8705d486efe28e04e96fac\JSON.ni.dll
MOD - [2013.07.12 13:12:12 | 014,052,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\39ab34f08be3b84e2741e2d1d141325e\DevComponents.DotNetBar2.ni.dll
MOD - [2013.07.12 13:12:02 | 000,650,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\8d46834c241bb276278875f3515d6d31\HD-Agent.ni.exe
MOD - [2013.07.12 13:04:31 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll
MOD - [2013.07.12 13:04:20 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\484d8900c3d2991677e722b7b849e47f\System.Web.ni.dll
MOD - [2013.07.12 13:03:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.12 13:03:39 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.12 13:03:21 | 000,687,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\8a64025f7849664164acd20d3f8dcd7f\System.Security.ni.dll
MOD - [2013.07.12 13:03:18 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.12 13:03:14 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.12 13:03:13 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.12 13:03:08 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.01.24 13:25:02 | 001,044,480 | ---- | M] () -- c:\progra~2\websea~1\sprote~1.dll
MOD - [2013.01.24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\contin~1\sprote~1.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.23 18:25:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.09.23 18:25:33 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.02.22 21:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.02.22 21:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.02.22 21:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.05.26 23:32:37 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011.11.22 01:55:34 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011.11.22 01:55:33 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010.08.05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.07.30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010.04.05 21:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2013.07.24 13:04:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.27 16:25:14 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.27 16:24:59 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.03 16:54:18 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.13 13:20:52 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.05.13 13:20:32 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.08.10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.07 00:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.06.21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.05.26 23:32:37 | 000,022,632 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2013.05.26 23:32:27 | 004,747,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013.04.28 12:59:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.28 12:59:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.28 12:59:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 01:55:36 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.08.05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 00:59:16 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 13:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.16 22:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.30 12:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2013.05.13 13:20:44 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={C45CE679-57E1-11E2-B22B-CC52AF198575}
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1386174764-3383274687-1770524248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=4092835517&lg=EN&cc=DE&unqvl=18&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: SciLorsGrooveUnlocker%40scilor.com:0.3.3
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.http: "50.22.206.179"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.24 02:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\plugins [2012.05.14 04:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 09:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.05.16 15:26:40 | 000,000,000 | ---D | M]
[2011.08.27 17:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Extensions
[2013.07.24 14:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions
[2013.05.18 18:05:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.20 14:03:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.21 05:33:00 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\foxmarks@kei.com
[2013.06.29 18:05:21 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Musemann\AppData\Roaming\mozilla\Firefox\Profiles\jkta644v.default\extensions\ich@maltegoetz.de
[2013.02.19 06:49:08 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2011.10.12 01:27:40 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.07.24 03:07:01 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\facebook@disconnect.me.xpi
[2013.07.24 14:21:15 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2012.05.20 14:59:58 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
[2013.07.23 14:21:22 | 000,121,779 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\searchy@searchy.xpi
[2013.06.27 11:10:21 | 000,669,665 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.01.12 21:35:33 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.07.18 02:00:32 | 000,621,019 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\toolbar@web.de.xpi
[2013.06.04 05:31:34 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\videoresumer@jetpack.xpi
[2013.06.11 01:30:04 | 000,008,025 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.23 04:51:53 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2013.07.23 14:21:24 | 000,818,491 | ---- | M] () (No name found) -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.18 02:01:07 | 000,001,050 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\11-suche.xml
[2013.02.18 04:07:06 | 000,001,581 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\boersebz.xml
[2013.07.18 02:01:08 | 000,002,418 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\englische-ergebnisse.xml
[2013.07.18 02:01:07 | 000,010,701 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\gmx-suche.xml
[2013.07.18 02:01:08 | 000,002,432 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\lastminute.xml
[2013.02.18 04:07:36 | 000,002,109 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\openstreetmap.xml
[2013.07.18 02:01:05 | 000,005,682 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\webde-suche.xml
[2013.05.31 03:23:02 | 000,007,847 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\WebSearch.xml
[2012.06.24 14:00:25 | 000,002,057 | ---- | M] () -- C:\Users\Musemann\AppData\Roaming\mozilla\firefox\profiles\jkta644v.default\searchplugins\youtube-videosuche.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Musemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57E28CE8-C052-4096-83C7-9FB77639C303}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.19 17:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2013.07.19 17:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\browser
[2013.07.18 02:24:28 | 000,000,000 | ---D | C] -- C:\Users\Musemann\dwhelper
[2013.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\extensions
[2013.07.18 01:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.07.18 01:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013.07.18 01:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013.07.18 01:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013.07.05 08:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.01 12:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.07.01 12:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.07.01 12:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.07.01 12:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.26 09:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\updated
[2013.04.28 10:56:11 | 000,026,520 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-hang-ui.exe
[2012.10.11 01:59:09 | 000,170,232 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2012.10.11 01:59:09 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2012.08.29 22:48:46 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2012.06.06 01:41:56 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2012.06.06 01:41:56 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2012.04.25 19:53:07 | 000,193,824 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.04.25 19:53:07 | 000,117,144 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.04.15 21:18:17 | 003,407,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.04.15 21:18:17 | 000,131,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2011.08.27 17:41:36 | 020,132,248 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2011.08.27 17:41:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2011.08.27 17:41:36 | 001,916,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2011.08.27 17:41:36 | 000,920,472 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2011.08.27 17:41:36 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2011.08.27 17:41:36 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2011.08.27 17:41:36 | 000,279,448 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2011.08.27 17:41:36 | 000,272,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2011.08.27 17:41:36 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2011.08.27 17:41:36 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2011.08.27 17:41:36 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2011.08.27 17:41:36 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2011.08.27 17:41:36 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2011.08.27 17:41:36 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2011.08.27 17:41:35 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
========== Files - Modified Within 30 Days ==========
[2013.07.24 17:34:17 | 000,018,397 | ---- | M] () -- C:\Users\Musemann\Desktop\Kündigung Inter.odt
[2013.07.24 16:52:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.07.24 16:23:39 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 16:23:39 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 13:58:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.24 13:58:54 | 4019,781,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.18 18:13:44 | 000,018,941 | ---- | M] () -- C:\Users\Musemann\Desktop\Hausarbeit Guttenberg.odt
[2013.07.18 05:48:48 | 000,010,240 | ---- | M] () -- C:\Users\Musemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.12 12:54:20 | 000,306,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.07.11 18:22:13 | 001,520,734 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.07.11 18:22:13 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.07.11 18:22:13 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.07.11 18:22:13 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.07.11 18:22:13 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.07.11 03:16:17 | 000,041,320 | ---- | M] () -- C:\Users\Musemann\Desktop\Tagebuch.odt
[2013.07.11 03:04:53 | 000,033,555 | ---- | M] () -- C:\Users\Musemann\Desktop\Essay zur Arbeitskultur Unbehagen.odt
[2013.07.09 19:12:08 | 008,840,993 | ---- | M] () -- C:\Users\Musemann\Desktop\06 Heimat.mp3
[2013.07.09 17:46:03 | 000,012,795 | ---- | M] () -- C:\Users\Musemann\Desktop\Ideensammlung für Jobs, Praktika, Zukunftsplanung.odt
[2013.07.09 05:01:19 | 003,738,943 | ---- | M] () -- C:\Users\Musemann\Desktop\clip_mar_08.wmv
[2013.07.09 05:01:04 | 008,815,292 | ---- | M] () -- C:\Users\Musemann\Desktop\clip_jul_07_new.wmv
[2013.07.09 05:00:47 | 001,774,842 | ---- | M] () -- C:\Users\Musemann\Desktop\frankl_77.wmv
[2013.07.06 16:39:27 | 008,323,926 | ---- | M] () -- C:\Users\Musemann\Desktop\marx_-_oekonomisch-philosophische_manuskripte_1844 - OCRed.pdf
[2013.06.28 16:15:17 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMusemann.job
[2013.06.27 16:25:17 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
========== Files Created - No Company Name ==========
[2013.07.24 17:25:50 | 000,018,397 | ---- | C] () -- C:\Users\Musemann\Desktop\Kündigung Inter.odt
[2013.07.09 19:12:05 | 008,840,993 | ---- | C] () -- C:\Users\Musemann\Desktop\06 Heimat.mp3
[2013.07.09 05:00:26 | 003,738,943 | ---- | C] () -- C:\Users\Musemann\Desktop\clip_mar_08.wmv
[2013.07.09 05:00:18 | 001,774,842 | ---- | C] () -- C:\Users\Musemann\Desktop\frankl_77.wmv
[2013.07.09 05:00:00 | 008,815,292 | ---- | C] () -- C:\Users\Musemann\Desktop\clip_jul_07_new.wmv
[2013.07.06 16:39:08 | 008,323,926 | ---- | C] () -- C:\Users\Musemann\Desktop\marx_-_oekonomisch-philosophische_manuskripte_1844 - OCRed.pdf
[2013.05.27 02:24:15 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2013.05.27 02:24:15 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2013.01.22 08:39:04 | 000,007,552 | ---- | C] () -- C:\windows\SysWow64\drivers\enodpl.sys
[2013.01.22 08:39:04 | 000,004,736 | ---- | C] () -- C:\windows\SysWow64\drivers\tandpl.sys
[2012.09.22 05:43:30 | 000,010,240 | ---- | C] () -- C:\Users\Musemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.12 15:29:35 | 000,000,000 | ---- | C] () -- C:\Users\Musemann\defogger_reenable
[2012.07.26 15:24:30 | 000,007,609 | ---- | C] () -- C:\Users\Musemann\AppData\Local\Resmon.ResmonCfg
[2012.06.07 06:40:41 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2012.04.25 19:53:08 | 000,000,137 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.02.08 18:21:36 | 006,865,771 | ---- | C] () -- C:\Program Files\omni.ja
[2011.10.16 23:03:09 | 000,017,408 | ---- | C] () -- C:\Users\Musemann\AppData\Local\WebpageIcons.db
[2011.08.31 14:29:00 | 004,023,808 | ---- | C] () -- C:\windows\SysWow64\x264vfw.dll
[2011.08.27 17:41:36 | 003,285,912 | ---- | C] () -- C:\Program Files\mozjs.dll
[2011.08.27 17:41:36 | 000,036,638 | ---- | C] () -- C:\Program Files\removed-files
[2011.08.27 17:41:36 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2011.08.27 17:41:36 | 000,001,928 | ---- | C] () -- C:\Program Files\precomplete
[2011.08.27 17:41:36 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2011.08.27 17:41:36 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2011.08.27 17:41:36 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2011.08.27 17:41:36 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2011.08.27 17:41:36 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2011.08.27 17:41:36 | 000,000,099 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2011.08.27 17:41:35 | 000,000,633 | ---- | C] () -- C:\Program Files\application.ini
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.05.01 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\AirportMadness4
[2012.09.22 20:54:43 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Canneverbe Limited
[2013.07.19 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Dropbox
[2013.05.27 03:07:18 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\FreeVideoConverter
[2012.07.09 02:23:48 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Gabob.NowBoarding.75EFD321A77FF3E9D3E8C023673644AB2F392162.1
[2011.09.23 19:06:34 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\OpenOffice.org
[2013.06.11 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\org.kostya.yarDesktop.7EFEB10B09AF84D945E5FE44C420C33DD323B846.1
[2011.09.08 14:48:44 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Shark007
[2011.11.30 20:01:03 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Thunderbird
[2012.01.19 23:25:56 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\toolplugin
[2011.09.08 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Musemann\AppData\Roaming\Win7codecs
========== Purity Check ==========
< End of report >
|
Gmer Log: Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-24 18:59:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Musemann\AppData\Local\Temp\awdcyuob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002da5000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002da502f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755f1465 2 bytes [5F, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755f14bb 2 bytes [5F, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2412] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755f1465 2 bytes [5F, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2412] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755f14bb 2 bytes [5F, 75]
.text ... * 2
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755f1465 2 bytes [5F, 75]
.text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755f14bb 2 bytes [5F, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3844:4148] 000007fefb922a7c
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af198575
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af198575 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
24.07.2013, 18:23
Baum-Darstellung