Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
weDownload Manager Pro - Spyware/Adware

weDownload Manager Pro - Spyware/Adware


Log-Analyse und Auswertung: weDownload Manager Pro - Spyware/Adware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.12.2013, 02:14   #1
neear
 
weDownload Manager Pro - Spyware/Adware - Standard

weDownload Manager Pro - Spyware/Adware


Hallo liebe Community!


Ich habe mir vor ein paar Tagen einen neues Notebook gekauft und natürlich erstmal diverse Software installiert (also so Standardsachen wie Firefox, OpenOffice usw.). Außerdem habe ich danach vom Hersteller mitgelieferte Software deinstalliert. Dabei hab ich auch das im Titel genannte "weDownload Manager Pro" deinstalliert, da ich dachte es wäre auch bei der mitgelieferten Software dabei gewesen. Ich habe ebenfalls manuell noch übrig gebliebene Daten im bezug auf die Spyware gelöscht. Im nachhinein habe ich dann festgestellt, dass meine Firefox Einstellungen verändert waren und bin stutzig geworden. Ich habe dann nach einer kleinen Google Suche auch recht schnell festgestellt, dass es sich bei diesem weDownload Manager Pro um Spyware handelt, die ich mir wohl über Download von Open Office geholt habe. (Dabei habe ich aus versehen OpenOffice nicht von der offiziellen Seite geladen, was mir zuerst nicht weiter aufgefallen ist.)

tl;dr

AntiVir hatte die Spyware überhaupt nicht bemerkt, habe also keine Meldung bekommen, sondern bin durch Zufall darauf gestoßen, dass es sich dabei um Spyware handelt. Außerdem habe ich leider wie gesagt die Software schon entfernt. Ich bin mir nun aber nicht sicher, ob die Spyware wirklich komplett entfernt worden ist oder ob mein Notebook noch infiziert ist.
Ich hoffe ihr könnt mir bei dieser Frage helfen.

Betriebssystem: Windows 8 64bit


OTL Log:

Code:
ATTFilter
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)


7,73 Gb Total Physical Memory | 5,11 Gb Available Physical Memory | 66,17% Memory free
12,23 Gb Paging File | 9,46 Gb Available in Paging File | 77,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891,46 Gb Total Space | 844,57 Gb Free Space | 94,74% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 21,69 Gb Free Space | 86,78% Space Free | Partition Type: NTFS

Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.12.22 20:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
PRC - [2013.12.16 10:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng .exe
PRC - [2013.12.16 10:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013.12.16 10:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013.12.10 03:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.12.09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.12.05 20:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.16 15:44:06 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.15 18:08:46 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013.05.15 18:08:14 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013.05.15 18:08:14 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013.04.30 11:25:22 | 000,286,704 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013.04.30 11:25:22 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013.04.09 07:39:08 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe
PRC - [2013.03.18 14:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2013.03.18 14:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2013.03.11 09:17:24 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
PRC - [2013.03.08 14:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2013.03.07 11:57:42 | 000,650,528 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012.12.13 21:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012.10.30 19:11:32 | 000,168,464 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe


========== Modules (No Company Name) ==========

MOD - [2013.12.22 04:06:54 | 007,561,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xm l.ni.dll
MOD - [2013.12.22 04:06:49 | 012,700,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\2d9010a9c3383246084e5c8c2139e848 \System.Windows.Forms.ni.dll
MOD - [2013.12.22 04:06:43 | 019,536,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\fb7e8e5205521667b90b236775b55173\ System.ServiceModel.ni.dll
MOD - [2013.12.22 04:06:32 | 002,786,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45 \System.Runtime.Serialization.ni.dll
MOD - [2013.12.22 04:06:29 | 001,631,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\f39c1d8f6b4eddaa2071f4caf91d67b1\Syste m.Drawing.ni.dll
MOD - [2013.12.22 04:06:24 | 000,958,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\3747278c968304a6543a662999df4e5e \System.Configuration.ni.dll
MOD - [2013.12.22 04:06:08 | 006,998,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\56ba21e6081df374de2d8f78fea61d59\System.C ore.ni.dll
MOD - [2013.12.22 04:06:05 | 009,937,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll
MOD - [2013.12.22 04:06:00 | 016,544,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni .dll
MOD - [2013.12.22 02:12:58 | 002,959,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\076f4b96562bcb28f5f968d8757faec8 \System.IdentityModel.ni.dll
MOD - [2013.12.22 02:12:53 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Servd1dec626#\9a4fc56833542881e7e451a099562655 \System.ServiceModel.Internals.ni.dll
MOD - [2013.12.22 02:12:53 | 000,121,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiag nostics.ni.dll
MOD - [2013.12.05 20:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.04.09 07:39:08 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe
MOD - [2013.03.11 09:17:24 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
MOD - [2013.03.07 11:58:16 | 000,499,488 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2013.03.07 11:55:12 | 000,472,576 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2013.03.07 11:54:20 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2013.03.07 11:53:58 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
MOD - [2010.12.17 11:56:54 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2010.12.17 11:56:54 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2010.12.17 11:56:54 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2010.12.17 11:56:54 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2010.12.17 11:56:54 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2010.12.17 11:56:54 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
MOD - [2010.12.16 11:16:56 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2010.01.17 22:34:58 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
MOD - [2010.01.12 15:55:18 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2010.01.12 15:55:18 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.10.19 08:54:19 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.10.19 08:54:19 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.12.16 10:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013.12.10 03:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.12.09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.12.05 20:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.19 00:06:22 | 000,068,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe -- (VeriFaceSrv)
SRV - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.08.28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2013.08.28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2013.08.28 16:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2013.08.28 16:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2013.07.30 14:29:36 | 000,834,664 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0319741387681597mcinst.exe -- (0319741387681597mcinstcleanup)
SRV - [2013.05.28 14:37:36 | 000,101,536 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe -- (BrcmSetSecurity)
SRV - [2013.05.20 08:34:40 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013.05.15 18:08:46 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.05.15 18:08:14 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013.05.15 18:08:14 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2013.05.03 10:29:34 | 000,099,632 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Programme\Elantech\ETDService.exe -- (ETDService)
SRV - [2013.04.30 11:25:22 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2013.04.15 12:39:56 | 000,161,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R)
SRV - [2013.03.18 14:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2013.03.18 14:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2013.02.13 11:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2013.02.13 11:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.12.13 21:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012.12.13 21:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfi g.dll -- (PrintNotify)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.12.09 11:37:19 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.12.09 11:37:19 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013.12.09 11:37:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.12.09 11:37:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.12.05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.10.19 08:55:14 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.10.19 08:55:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.10.19 08:54:19 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.10.19 08:54:19 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.10.19 00:06:29 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013.10.19 00:06:29 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013.10.08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013.07.19 09:58:26 | 008,247,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013.07.02 02:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.10 22:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.05.28 14:37:28 | 000,206,744 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2013.05.28 14:37:28 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013.05.28 14:37:28 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013.05.16 11:24:32 | 000,374,536 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013.05.16 11:24:32 | 000,022,280 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETDSMBus.sys -- (ETDSMBus)
DRV:64bit: - [2013.05.15 18:08:14 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.05.08 01:25:22 | 000,442,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013.05.08 01:22:41 | 004,431,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013.04.30 11:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013.04.14 22:37:26 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.04.11 01:13:20 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013.03.28 12:47:00 | 001,366,328 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2013.03.25 11:42:52 | 000,132,920 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2013.03.22 04:06:30 | 000,091,368 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GeneStor.sys -- (GeneStor)
DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 11:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.01.15 14:44:28 | 000,069,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.19 10:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.13 16:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012.06.02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012.06.02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV - [2013.12.22 18:46:38 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\Temp\GPUZ.sys -- (GPUZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {770B0D2D-1E28-4117-A3E0-216E377E6B44}
IE:64bit: - HKLM\..\SearchScopes\{770B0D2D-1E28-4117-A3E0-216E377E6B44}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=L CJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {770B0D2D-1E28-4117-A3E0-216E377E6B44}
IE - HKLM\..\SearchScopes\{770B0D2D-1E28-4117-A3E0-216E377E6B44}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=L CJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo13.msn.com/?pc=LCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = h**p://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = h**p://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://h**p://search.conduit.com/?ct...EB85E85E&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = h**p://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=2&UP=SPC07500AC-E408-41EB-83D8-2BBCEB85E85E&q={searchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_90 0_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.12.22 19:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.12.22 19:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.12.22 19:27:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtsFT] C:\WINDOWS\RTFTrack.exe (Realtek semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [UMonit64] C:\Windows\SysWOW64\UMonit64.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{14F0F55E-5B5E-4F46-A1A2-6711C0F27DB0}: DhcpNameServer = 150.203.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{AD9323C1-0B91-4E95-A7F3-746E96BB453B}: DhcpNameServer = 192.168.1.254
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll) - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC3 2Loader.dll) - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.22 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Mozilla
[2013.12.22 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mozilla
[2013.12.22 19:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.12.22 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.12.22 18:58:17 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013.12.22 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013.12.22 18:25:27 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\PCMark 8
[2013.12.22 18:21:02 | 000,000,000 | ---D | C] -- C:\Temp
[2013.12.22 18:19:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\IsolatedStorage
[2013.12.22 18:19:31 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\3DMark
[2013.12.22 18:17:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WinRAR
[2013.12.22 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinRAR
[2013.12.22 18:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.12.22 18:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.12.22 18:08:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\SearchProtect
[2013.12.22 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013.12.22 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Activision
[2013.12.22 03:33:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013.12.22 03:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.12.22 03:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.12.22 03:13:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Macromedia
[2013.12.22 03:08:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Adobe
[2013.12.22 03:02:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc
[2013.12.22 02:56:42 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Avatar
[2013.12.22 02:52:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\CyberLink
[2013.12.22 02:52:53 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Youcam
[2013.12.22 02:52:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CyberLink
[2013.12.22 02:42:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\NVIDIA
[2013.12.22 02:42:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs
[2013.12.22 02:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.12.22 02:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.12.22 02:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.12.22 02:31:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Diagnostics
[2013.12.22 02:20:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Nitro
[2013.12.22 02:18:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Intel_Corporation
[2013.12.22 02:13:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\NVIDIA Corporation
[2013.12.22 02:12:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\NVIDIA
[2013.12.22 02:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.12.22 02:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.12.22 02:07:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Intel Corporation
[2013.12.22 02:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2013..12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
[2013.12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\Searches
[2013.12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\Contacts
[2013.12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools
[2013.12.22 02:06:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Macromedia
[2013.12.22 02:06:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Adobe
[2013.12.22 02:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2013.12.22 02:05:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\VirtualStore
[2013.12.22 02:05:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Packages
[2013.12.22 02:05:22 | 000,000,000 | --SD | C] -- C:\Users\****\AppData\Roaming\Microsoft
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Videos
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows


\Start Menu\Programs\System Tools
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Saved Games
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Pictures
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Music
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Links
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Favorites
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Downloads
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Documents
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Desktop
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories
[2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Vorlagen
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Verlauf
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Temporary Internet Files
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Startmenü
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\SendTo
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Recent
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Netzwerkumgebung
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Lokale Einstellungen
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Videos
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Musik
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Eigene Dateien
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Bilder
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Druckumgebung
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Cookies
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Anwendungsdaten
[2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Anwendungsdaten
[2013.12.22 02:05:22 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData
[2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Temp
[2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\Roaming
[2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft
[2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance
[2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Lenovo
[2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Intel
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.12.22 00:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2013.12.21 22:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.12.21 22:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.12.21 22:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.12.21 22:31:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira
[2013.12.21 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.12.21 22:29:28 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.12.21 22:29:28 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.12.21 22:29:28 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.12.21 22:29:28 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.12.21 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.12.21 22:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

========== Files - Modified Within 30 Days ==========

[2013.12.22 20:43:20 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.12.22 19:27:13 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.12.22 19:21:55 | 000,008,506 | ---- | M] () -- C:\Users\****\Documents\cc_20131222_192152.reg
[2013.12.22 19:21:42 | 000,068,442 | ---- | M] () -- C:\Users\****\Documents\cc_20131222_192130.reg
[2013.12.22 18:46:39 | 000,000,022 | ---- | M] () -- C:\WINDOWS\GPU-Z.INI
[2013.12.22 16:27:12 | 001,748,838 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.12.22 16:27:12 | 000,754,172 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.12.22 16:27:12 | 000,711,282 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.12.22 16:27:12 | 000,156,362 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.12.22 16:27:12 | 000,133,150 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.12.22 03:55:54 | 2342,322,175 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.22 03:55:18 | 000,002,560 | ---- | M] () -- C:\WINDOWS\SysNative\VfService.trf
[2013.12.22 02:07:08 | 000,001,129 | ---- | M] () -- C:\Users\****\Desktop\Cyberlink Power2Go.lnk
[2013.12.22 02:06:33 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.12.22 02:06:04 | 000,000,139 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url
[2013.12.21 22:42:13 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.12.21 22:22:06 | 000,007,609 | ---- | M] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2013.12.09 11:37:19 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.12.09 11:37:19 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.12.09 11:37:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.12.09 11:37:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2013.12.22 19:27:13 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.12.22 19:27:13 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.12.22 19:21:54 | 000,008,506 | ---- | C] () -- C:\Users\****\Documents\cc_20131222_192152.reg
[2013.12.22 19:21:39 | 000,068,442 | ---- | C] () -- C:\Users\****\Documents\cc_20131222_192130.reg
[2013.12.22 18:21:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\GPU-Z.INI
[2013.12.22 03:20:57 | 000,386,923 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.12.22 02:06:24 | 000,001,449 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Internet Explorer.lnk
[2013.12.22 02:06:04 | 000,000,139 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url
[2013.12.22 02:05:22 | 000,001,129 | ---- | C] () -- C:\Users\****\Desktop\Cyberlink Power2Go.lnk
[2013.12.22 02:05:22 | 000,000,189 | ---- | C] () -- C:\Users\****\Desktop\Lenovo Telephony Start Now.url
[2013.12.21 22:42:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.12.21 22:42:13 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.12.21 22:22:06 | 000,007,609 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2013.10.19 00:02:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.10.18 23:46:44 | 000,172,097 | ---- | C] () -- C:\WINDOWS\SysWow64\NoMSGuninstall.exe
[2013.10.18 23:46:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\UMonit64.exe
[2013.10.18 23:46:44 | 000,001,519 | ---- | C] () -- C:\WINDOWS\SysWow64\_IconCfg0.ini
[2013.10.18 23:46:44 | 000,000,911 | ---- | C] () -- C:\WINDOWS\SysWow64\ProductName.ini
[2013.10.18 23:46:44 | 000,000,213 | ---- | C] () -- C:\WINDOWS\SysWow64\IconCfg0.ini
[2013.10.18 23:33:46 | 001,774,862 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013.05.23 16:57:14 | 019,587,072 | ---- | C] () -- C:\WINDOWS\SysWow64\igdfcl32.dll
[2013.05.23 16:57:09 | 000,240,640 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013.05.23 16:57:09 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013.03.25 22:10:34 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.02.13 11:27:54 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013.12.22 18:06:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.22 02:20:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
FYI: Ich hatte das ganze schon vor ein paar stunden auf chip.de gepostet und wollte es jetzt aber einfach hier auch noch posten..
Habe deswegen schon einen weiteren Schritt ausgeführt: adwCleaner laufen lassen und mit Mbam mal suchen.

Hier die dazugehörigen Logs:

AdwCleaner:
1. Durchlauf

AdwCleaner[R0]
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:40:27
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Program Files (x86)\Searchprotect
Ordner Gefunden C:\Users\****\AppData\Local\Searchprotect

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\WEDLMNGR
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\WEDLMNGR
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SearchProtect
Schlüssel Gefunden : HKLM\Software\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSourc e=55&CUI=&UM=2&UP=SPC07500AC-E408-41EB-83D8-2BBCEB85E85E&SSPV=

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1941 octets] - [23/12/2013 00:40:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2001 octets] ##########
--- --- ---


AdwCleaner[S0]
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:42:10
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Searchprotect
Ordner Gelöscht : C:\Users\****\AppData\Local\Searchprotect

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\WEDLMNGR
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SearchProtect
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2097 octets] - [23/12/2013 00:40:27]
AdwCleaner[S0].txt - [1663 octets] - [23/12/2013 00:42:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1723 octets] ##########
--- --- ---



Ein weiterer Durchlauf, nachdem der 1. gelaufen ist und "Löschen" ausgeführt wurde:
AdwCleaner[R1]
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:48:18
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2097 octets] - [23/12/2013 00:40:27]
AdwCleaner[R1].txt - [698 octets] - [23/12/2013 00:48:18]
AdwCleaner[S0].txt - [1807 octets] - [23/12/2013 00:42:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [817 octets] ##########
--- --- ---

[/code]

AdwCleaner[S1]
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:48:35
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2097 octets] - [23/12/2013 00:40:27]
AdwCleaner[R1].txt - [896 octets] - [23/12/2013 00:48:18]
AdwCleaner[S0].txt - [1807 octets] - [23/12/2013 00:42:10]
AdwCleaner[S1].txt - [818 octets] - [23/12/2013 00:48:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [877 octets] ##########
--- --- ---

Mbam Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.22.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
**** :: **** [Administrator]

23.12.2013 00:55:45
MBAM-log-2013-12-23 (01-49-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 443073
Laufzeit: 47 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.v ir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe .vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.v ir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader .dll.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.v ir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader .dll.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\****\AppData\Local\Temp\nsa5811.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\****\AppData\Local\Temp\nsc69F5.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\****\AppData\Local\Temp\nsp5699.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\****\AppData\Local\Temp\nsr68CB.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\****\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

(Ende)


Grüße,

neear

 

Themen zu weDownload Manager Pro - Spyware/Adware
antworten, appdatalow, chip.de, daten, diverse, ebenfalls, einstellungen, festgestellt, firefox, frage, gekauft, google, infiziert, installiert, kleine, manager, meldung, neues, notebook, nvpciflt.sys, office, registrierungsdatenbank, schnell, seite, software, spyware, suche, verändert, windows


« Windows7: Hohe CPU-Auslastung- svchost.exe | Rechner bereinigt und wie die "Sauberkaeit" feststellen? »


Ähnliche Themen: weDownload Manager Pro - Spyware/Adware


  1. "The weDownload Manager" bei ebay.de und "dealfinder" auf ntv.de
    Plagegeister aller Art und deren Bekämpfung - 29.03.2014 (18)
  2. Spyware / Adware MgAssist.exe
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (5)
  3. adware, spyware,malware ?
    Diskussionsforum - 18.11.2010 (4)
  4. Spyware, Adware und Pop Up´s (Mozilla)
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (3)
  5. Nervige Adware und Spyware!
    Log-Analyse und Auswertung - 29.09.2008 (1)
  6. Spyware Adware Meldung
    Log-Analyse und Auswertung - 04.04.2008 (5)
  7. Task-Manager wurde durch den Administrator deaktiviert und ANTISPYSTORM Spyware
    Log-Analyse und Auswertung - 07.09.2007 (3)
  8. Spyware/Adware
    Log-Analyse und Auswertung - 15.07.2007 (2)
  9. Fund:savenow adware+ ezula Spyware/adware
    Log-Analyse und Auswertung - 17.05.2007 (1)
  10. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  11. Spyware/Adware?
    Log-Analyse und Auswertung - 10.04.2006 (10)
  12. BPS Spyware & Adware Remover
    Antiviren-, Firewall- und andere Schutzprogramme - 26.03.2006 (1)
  13. spyware/adware infection
    Plagegeister aller Art und deren Bekämpfung - 11.02.2006 (2)
  14. Trojaner, Adware, Spyware ???
    Plagegeister aller Art und deren Bekämpfung - 21.12.2005 (2)
  15. AltNet Spyware/Adware
    Plagegeister aller Art und deren Bekämpfung - 26.07.2005 (1)
  16. BPS Spyware&Adware Remover
    Antiviren-, Firewall- und andere Schutzprogramme - 03.05.2005 (2)
  17. Hilfe bei Spyware/Adware
    Plagegeister aller Art und deren Bekämpfung - 02.04.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema weDownload Manager Pro - Spyware/Adware - Hallo liebe Community! Ich habe mir vor ein paar Tagen einen neues Notebook gekauft und natürlich erstmal diverse Software installiert (also so Standardsachen wie Firefox, OpenOffice usw.). Außerdem habe ich - weDownload Manager Pro - Spyware/Adware...
Archiv
Du betrachtest: weDownload Manager Pro - Spyware/Adware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131