Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2012, 07:52   #1
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Hallo zusammen!

Dieses Thema habe ich bei Euch und wohl auch schon ein paar erfolgreiche Gegenmaßnahmen gefunden. Allerdings schreibt Ihr, dass jedes Problem etwas anders ist und dass man nicht selbstständig tätig werden soll.

Und ein großer PC-Freak bin ich übrigens auch nicht, d.h. bei möglichen Antworten bitte leicht verständlich posten!!!

Deshalb nun mein Problem.

Ich habe seit neuestem unten rechts dieses blöde Popup mit Werbung und das nervt. Es ist wie schon öfter in anderen Posts beschrieben: Baut sich von unten nach oben auf - wahrscheinlich Flash und Kaspersky sowie Malwarebytes finden nichts.

Wie Ihr in Eurer Anleitung schreibt habe ich nun "defogger" laufen lassen:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:22 on 09/06/2012 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Dann noch OTL:
OTL logfile created on: 09.06.2012 07:25:20 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

16,00 Gb Total Physical Memory | 13,60 Gb Available Physical Memory | 84,98% Memory free
32,00 Gb Paging File | 29,62 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,87 Gb Total Space | 104,97 Gb Free Space | 35,84% Space Free | Partition Type: NTFS
Drive D: | 1569,96 Gb Total Space | 1426,09 Gb Free Space | 90,84% Space Free | Partition Type: NTFS

Computer Name: AUDIOVIDEO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.09 07:23:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012.03.26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.23 13:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.24 23:12:42 | 000,197,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbws.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.12.14 13:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2007.03.11 15:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012.05.22 20:45:27 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2012.01.13 00:16:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.01.13 00:13:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.16 14:50:50 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.24 10:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.11.04 16:13:22 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.04 16:13:20 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.04 16:13:20 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.08.09 08:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.02.06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.12.12 20:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 D8 0F 19 70 D0 CC 01 [binary data]
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\SearchScopes\{1CC27000-A679-4C3E-A270-0166EF900C5B}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\SearchScopes\{26D56679-5375-441B-8E1D-4E3F40FA002F}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNQN_deDE466
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\SearchScopes\{B5122093-E269-478D-8578-0A3808F2163D}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\SearchScopes\{F52D3B5A-10E9-4994-823F-175B6B794E08}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.15 00:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.16 15:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.05.16 15:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.05.16 15:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012.06.01 19:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.17 21:27:37 | 000,000,000 | ---D | M]

[2012.01.11 17:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.16 10:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zvatqlle.default\extensions
[2012.05.14 15:10:39 | 000,001,210 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zvatqlle.default\searchplugins\search.xml
[2012.05.16 15:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.16 14:51:49 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.05.16 14:51:45 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.02.13 12:43:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.13 12:43:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 12:43:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 12:43:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 12:43:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 12:43:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 12:43:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012.05.15 17:11:10 | 000,001,392 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-801218467-2357481680-3807684844-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841A2C73-C21E-47EB-9EB6-BF6B9C44BC1E}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7D1E5C7-683C-414B-A404-D2B9740E5326}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.02 11:46:07 | 000,000,000 | --SD | C] -- C:\Users\User\Documents\Meine Datenquellen
[2012.05.22 21:57:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.05.22 21:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 21:53:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.22 21:44:20 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.05.22 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.05.22 21:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.05.17 21:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.17 21:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.05.16 14:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.05.16 14:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.05.16 14:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.05.16 14:50:50 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.05.16 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MGTEK
[2012.05.16 10:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MGTEK
[2012.05.16 08:39:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2012.05.16 07:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.16 07:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.05.16 07:55:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2012.05.16 07:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.16 07:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.16 07:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.16 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.15 17:09:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.09 07:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.09 07:22:06 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.06.09 06:37:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.09 06:03:29 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 06:03:29 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 05:52:19 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.09 05:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.09 05:51:28 | 4294,266,878 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 13:24:18 | 012,794,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.06 08:05:34 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll
[2012.06.06 08:05:34 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.06.03 15:31:50 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.03 15:31:50 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.03 15:31:50 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.03 15:31:50 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.03 15:31:49 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.02 11:18:23 | 000,001,065 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 11:18:11 | 000,001,031 | ---- | M] () -- C:\Users\User\Desktop\Dropbox.lnk
[2012.06.02 10:14:49 | 000,094,567 | ---- | M] () -- C:\Users\User\Desktop\kontakte bine mai2012.csv
[2012.05.24 11:38:30 | 000,002,350 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.16 15:02:34 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.05.16 15:02:34 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.05.16 14:50:50 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.05.16 07:55:41 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.15 18:55:54 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012.05.15 18:49:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.15 17:11:10 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.15 08:46:02 | 001,532,588 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.14 15:10:37 | 000,000,288 | ---- | M] () -- C:\Users\User\AppData\Roaming\8FFB8B89.reg
[2012.05.13 19:25:57 | 000,001,085 | ---- | M] () -- C:\Users\User\Desktop\Kd.Nr..lnk
[2012.05.13 19:25:52 | 000,001,118 | ---- | M] () -- C:\Users\User\Desktop\Rechnungen Übersicht.lnk
[2012.05.13 19:25:45 | 000,001,186 | ---- | M] () -- C:\Users\User\Desktop\Stunden Aufstellung.lnk
[2012.05.13 19:24:01 | 000,000,888 | ---- | M] () -- C:\Users\User\Desktop\Studio 7 Rechnungen.lnk
[2012.05.13 19:23:55 | 000,000,867 | ---- | M] () -- C:\Users\User\Desktop\peppUP Rechnungen.lnk
[2012.05.13 19:23:50 | 000,000,853 | ---- | M] () -- C:\Users\User\Desktop\peppUP Angebote.lnk
[2012.05.13 19:23:43 | 000,000,937 | ---- | M] () -- C:\Users\User\Desktop\Studio 7 Angebote.lnk
[2012.05.13 19:23:33 | 000,000,739 | ---- | M] () -- C:\Users\User\Desktop\Studio 7.lnk
[2012.05.13 19:23:28 | 000,000,718 | ---- | M] () -- C:\Users\User\Desktop\peppUP.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.09 07:22:06 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.06.06 08:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.06.06 08:06:14 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.06.02 11:39:27 | 000,094,567 | ---- | C] () -- C:\Users\User\Desktop\kontakte bine mai2012.csv
[2012.05.16 14:51:51 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.05.16 14:51:51 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.05.16 07:55:41 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.16 07:45:41 | 000,002,350 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.15 18:55:48 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012.05.14 15:10:37 | 000,000,288 | ---- | C] () -- C:\Users\User\AppData\Roaming\8FFB8B89.reg
[2012.05.13 19:25:57 | 000,001,085 | ---- | C] () -- C:\Users\User\Desktop\Kd.Nr..lnk
[2012.05.13 19:25:52 | 000,001,118 | ---- | C] () -- C:\Users\User\Desktop\Rechnungen Übersicht.lnk
[2012.05.13 19:25:45 | 000,001,186 | ---- | C] () -- C:\Users\User\Desktop\Stunden Aufstellung.lnk
[2012.05.13 19:24:01 | 000,000,888 | ---- | C] () -- C:\Users\User\Desktop\Studio 7 Rechnungen.lnk
[2012.05.13 19:23:55 | 000,000,867 | ---- | C] () -- C:\Users\User\Desktop\peppUP Rechnungen.lnk
[2012.05.13 19:23:50 | 000,000,853 | ---- | C] () -- C:\Users\User\Desktop\peppUP Angebote.lnk
[2012.05.13 19:23:43 | 000,000,937 | ---- | C] () -- C:\Users\User\Desktop\Studio 7 Angebote.lnk
[2012.05.13 19:23:33 | 000,000,739 | ---- | C] () -- C:\Users\User\Desktop\Studio 7.lnk
[2012.05.13 19:23:28 | 000,000,718 | ---- | C] () -- C:\Users\User\Desktop\peppUP.lnk
[2012.01.30 19:10:41 | 000,000,017 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2012.01.15 23:44:03 | 000,000,158 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2012.01.13 10:21:17 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.01.12 23:32:17 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.11 13:54:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.11 13:54:04 | 000,028,829 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012.01.15 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\1&1 Mail & Media GmbH
[2012.01.29 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ASCOMP Software
[2012.06.09 05:52:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2012.05.23 14:41:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2012.05.17 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2012.01.11 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2012.01.15 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RoboForm
[2012.01.28 20:31:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SpeedProject
[2012.01.13 11:02:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2012.04.03 08:37:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:6B9ADB51

< End of report >

und OTL Extras
OTL Extras logfile created on: 09.06.2012 07:25:20 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

16,00 Gb Total Physical Memory | 13,60 Gb Available Physical Memory | 84,98% Memory free
32,00 Gb Paging File | 29,62 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,87 Gb Total Space | 104,97 Gb Free Space | 35,84% Space Free | Partition Type: NTFS
Drive D: | 1569,96 Gb Total Space | 1426,09 Gb Free Space | 90,84% Space Free | Partition Type: NTFS

Computer Name: AUDIOVIDEO-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-801218467-2357481680-3807684844-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03516CFF-FEAE-4558-8835-F4051D490068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0C233FB1-F046-4734-98CD-FB23F12FF756}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0C524C61-BDA2-4050-96FC-43AD22404379}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A381D37-989E-4E02-9B3E-8BDBBF247877}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20DBE57B-8375-4EFC-8742-921FC0695A0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{28C0EC4F-C84B-4E89-AFB7-FC9A2C32F524}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DC9BBCB-F394-4812-B2B6-54D786CCF73E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{32060F6C-8F7F-4394-8C87-CE6E300C4FC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{46FCD999-AD40-4E5D-B271-FDCF587D9119}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57EDBBC2-6EF4-4969-A393-6A73E1E5F53E}" = rport=138 | protocol=17 | dir=out | app=system |
"{59322D3B-D2CE-4458-810C-72EBE0AFBB4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C00A662-67C8-48D8-B42A-7E4112F3A30D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61649B2A-0553-44A5-A8F6-7BDEAF2FC8DF}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{73C704CE-4F81-4D5C-80E0-6CCA5E5244E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D8FAA2D-F468-48EA-80DF-C1BA862078DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85D7BB50-75DD-4515-9E08-8547794CA50D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B6CBB61-A020-4BBE-8BC5-F02B51918AB2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CB27A99-F755-48F7-BFCC-959BAC84B434}" = lport=139 | protocol=6 | dir=in | app=system |
"{8FF7AF11-F147-46F5-B57F-AC6D6AAC99CD}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{9E8A934A-094A-481D-A4DE-AC6A6853DE9D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A9F05EE1-B73E-43A1-9555-7012628405E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5BAED92-A769-4AD6-9112-89B7A330A064}" = lport=137 | protocol=17 | dir=in | app=system |
"{B80F3424-61C2-426E-A702-040540D83310}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF968B07-F6FD-4E4B-A40D-71FF386E9DF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4892DD0-4E85-405E-8D84-33579FF41117}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D16F3126-A60B-4561-948B-9CB27FB70302}" = rport=139 | protocol=6 | dir=out | app=system |
"{DF1DB8E7-03C9-49A5-8BF7-21C5E38137E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7A42FC8-3AD2-4C23-A016-2C88CBA08432}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F91324A4-61B6-4356-88E1-A02E02F3AC2C}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0410162A-F379-4C24-9C40-79382A165740}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06CE9B38-6254-4BE5-9F5A-B30831CD4B6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{106B604C-953B-45EB-925F-EF61031730B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2665276B-9474-44A2-94C1-D528FE2FFD13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A7FA7B4-EAE3-4B0A-87D0-7ECC0131D9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{36693E7F-E249-436D-9C0A-8BB23DD483CC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{422B29C6-040B-442B-BE4C-11028E1AB21A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43DCA9F0-66FF-44FA-8EAD-2DE9EF66C9E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E1102E8-2721-43EC-9C7B-466B583CBC09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{56DD8638-F3FF-4467-A66D-508622E8CB3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6FA1315B-430D-47EA-871A-E47014610E49}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7DD247FF-7E66-47F4-83E8-1CC0639DE29D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EF886BF-1D67-449B-A1D0-AB9A3A27F2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{878EBB2E-7CFB-48DF-93E6-29A32D82B01B}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{8A2E1507-73F4-423B-BD58-ECA1D25DF72C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DA0F0C-17B9-4923-BB7C-188BF31DFA28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{93B4450A-585E-46CE-9C95-BC7AB00F844A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9587B194-208A-4451-AEBA-3D8150922860}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{9B4A646B-FF49-4A94-B817-434BC49E16A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E5F5A55-9DCD-43E9-9923-2DFCC1FB2C88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EE66AA5-917A-43A2-9444-C22010AA7CBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AF74438F-D442-42CD-83A8-EEE136AA08B6}" = protocol=6 | dir=out | app=system |
"{AF9127B9-2BF8-4F76-9A7D-E5EA5ED7F91C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0B25D09-B5F7-44F4-A588-1793118596DC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C31FE416-9AFE-4ED7-A093-2DAE6DADA13C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE600D89-57E3-4EF7-A9C1-0B8D8B322010}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2C2B3CC-4AA1-46A4-8E9E-64CB593ABBDE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DE48BA4D-0DCC-4EFB-A0D4-4B94061702A9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{E6693054-E890-486B-94C1-0E06E4F1F667}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED4D3DEB-B91B-4919-9D77-65232C7D83AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF0D2C1C-4354-4187-A2D1-A755B6713720}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{EF1AF132-16DD-4F58-8F8B-ED30B7466998}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAB6D2B7-C1F5-4785-A7DA-BA3088004CC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{739FE2DC-0C7E-4A1C-AC6E-46348169E27E}" = MAGIX Web Designer MX Premium
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2011 Kompakt 2nd Edition
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{536180B3-14C2-4834-BFA3-BDBC34CE00BB}" = MP3 deluxe MX Update
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62562224-27D6-4542-AD91-1DAD0B965A0D}" = MAGIX Foto & Grafik Designer 7 Download-Version
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710BD792-8C8C-477E-B1C3-8E7B14AB0C79}" = MAGIX Goya burnR (MSI)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{819B324F-62E8-4CBF-9E41-52CE31BF1F2C}" = MAGIX Speed burnR (MSI)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OUTLOOKR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94eba32d-014e-4381-a60a-43387a0c5e0d}" = Nero 9
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{98E3DE42-F6E0-49EC-8E83-E29821927812}" = MAGIX Video deluxe MX Premium Download-Version
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B06DEEF2-9F64-4C04-84E7-D56CD9BF85BE}" = MAGIX Music Maker MX Download-Version
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF7D3040-7427-4E54-BC1F-D92E5D599D72}" = MAGIX Screenshare
"{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}" = MAGIX MP3 deluxe MX Download-Version
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"Adobe AIR" = Adobe AIR
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"AI RoboForm" = RoboForm 7-7-7-1 (All Users)
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy CD-DA Extractor 15" = Easy CD-DA Extractor 15
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"MAGIX_{739FE2DC-0C7E-4A1C-AC6E-46348169E27E}" = MAGIX Web Designer MX Premium
"MAGIX_MSI_Foto_Grafik_Designer_7" = MAGIX Foto & Grafik Designer 7 Download-Version
"MAGIX_MSI_mm18" = MAGIX Music Maker MX Download-Version
"MAGIX_MSI_mp3_deluxe_mx" = MAGIX MP3 deluxe MX Download-Version
"MAGIX_MSI_PCVisit" = MAGIX Screenshare
"MAGIX_MSI_Speed3_burnR_mxcdr_MSI" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium Download-Version
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MusicMaster for Windows" = MusicMaster
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 15.0" = RealPlayer
"Speed Dial Utility" = Canon Kurzwahlprogramm
"SpeedCommander 12" = SpeedCommander 12
"Synchredible_is1" = Synchredible v3.3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-801218467-2357481680-3807684844-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.06.2012 07:11:15 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.06.2012 07:19:42 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.06.2012 23:46:06 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.06.2012 00:26:44 | Computer Name = AudioVideo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 07.06.2012 08:00:45 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.06.2012 14:44:22 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.06.2012 23:33:03 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.06.2012 01:45:49 | Computer Name = AudioVideo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 08.06.2012 23:53:24 | Computer Name = AudioVideo-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.06.2012 01:01:28 | Computer Name = AudioVideo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

[ System Events ]
Error - 07.06.2012 07:59:43 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HASP License Manager" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 07.06.2012 14:42:49 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aksdf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 07.06.2012 14:43:19 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HASP License Manager erreicht.

Error - 07.06.2012 14:43:19 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HASP License Manager" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 07.06.2012 23:31:31 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aksdf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 07.06.2012 23:32:01 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HASP License Manager erreicht.

Error - 07.06.2012 23:32:01 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HASP License Manager" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 08.06.2012 23:52:00 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "aksdf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 08.06.2012 23:52:30 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HASP License Manager erreicht.

Error - 08.06.2012 23:52:30 | Computer Name = AudioVideo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HASP License Manager" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053


< End of report >
Ich hoffe ich habe alles richtig gemacht und hoffe es gibt jemanden, der mir hier unkompliziert helfen kann???

Schöne Grüße und DANKE im voraus!!!!


MrDisc
Angehängte Dateien
Dateityp: txt Extras.Txt (81,2 KB, 199x aufgerufen)

Alt 11.06.2012, 08:32   #2
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Schritt 3: Scan mit adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________

__________________

Alt 12.06.2012, 20:45   #3
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Hallo Marius!

Vielen Dank, dass Du Dir meine Problem anschaust!

Hier meine Auswertung:

aswMBR wurde abgebrochen

avast! Antirootkit funktioniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt wenn eine Lösung verfügbar ist.

Ich habe ein Printscreen als pdf-Datein von den letzten aswMBR Logs, das Dokument ist leider zu groß um es hier zu posten.

Soll ich Dir die Zeilen abtippen?





TDSS-Killer

20:29:22.0192 10332 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:29:22.0426 10332 ============================================================
20:29:22.0426 10332 Current date / time: 2012/06/12 20:29:22.0426
20:29:22.0426 10332 SystemInfo:
20:29:22.0426 10332
20:29:22.0426 10332 OS Version: 6.1.7601 ServicePack: 1.0
20:29:22.0426 10332 Product type: Workstation
20:29:22.0426 10332 ComputerName: AUDIOVIDEO-PC
20:29:22.0426 10332 UserName: User
20:29:22.0426 10332 Windows directory: C:\Windows
20:29:22.0426 10332 System windows directory: C:\Windows
20:29:22.0426 10332 Running under WOW64
20:29:22.0426 10332 Processor architecture: Intel x64
20:29:22.0426 10332 Number of processors: 6
20:29:22.0426 10332 Page size: 0x1000
20:29:22.0426 10332 Boot type: Normal boot
20:29:22.0426 10332 ============================================================
20:29:23.0237 10332 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:29:23.0268 10332 Drive \Device\Harddisk6\DR6 - Size: 0x1D1C1115800 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:29:23.0268 10332 ============================================================
20:29:23.0268 10332 \Device\Harddisk0\DR0:
20:29:23.0268 10332 MBR partitions:
20:29:23.0268 10332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:29:23.0268 10332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BD800
20:29:23.0268 10332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0000, BlocksNum 0xC43E9000
20:29:23.0268 10332 \Device\Harddisk6\DR6:
20:29:23.0268 10332 MBR partitions:
20:29:23.0268 10332 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:29:23.0268 10332 ============================================================
20:29:23.0315 10332 C: <-> \Device\Harddisk0\DR0\Partition1
20:29:23.0331 10332 D: <-> \Device\Harddisk0\DR0\Partition2
20:29:23.0362 10332 E: <-> \Device\Harddisk6\DR6\Partition0
20:29:23.0362 10332 ============================================================
20:29:23.0362 10332 Initialize success
20:29:23.0362 10332 ============================================================
20:29:36.0450 10748 ============================================================
20:29:36.0450 10748 Scan started
20:29:36.0450 10748 Mode: Manual; TDLFS;
20:29:36.0450 10748 ============================================================
20:29:37.0652 10748 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:29:37.0652 10748 1394ohci - ok
20:29:37.0683 10748 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:29:37.0683 10748 ACPI - ok
20:29:37.0714 10748 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:29:37.0714 10748 AcpiPmi - ok
20:29:37.0761 10748 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
20:29:37.0761 10748 adfs - ok
20:29:37.0870 10748 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
20:29:37.0886 10748 Adobe Version Cue CS4 - ok
20:29:37.0964 10748 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:29:37.0964 10748 AdobeARMservice - ok
20:29:38.0073 10748 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:29:38.0088 10748 AdobeFlashPlayerUpdateSvc - ok
20:29:38.0135 10748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:29:38.0135 10748 adp94xx - ok
20:29:38.0166 10748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:29:38.0166 10748 adpahci - ok
20:29:38.0198 10748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:29:38.0198 10748 adpu320 - ok
20:29:38.0229 10748 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:29:38.0229 10748 AeLookupSvc - ok
20:29:38.0307 10748 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:29:38.0307 10748 AFD - ok
20:29:38.0307 10748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:29:38.0307 10748 agp440 - ok
20:29:38.0322 10748 aksdf (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys
20:29:38.0338 10748 aksdf - ok
20:29:38.0354 10748 aksusb (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys
20:29:38.0354 10748 aksusb - ok
20:29:38.0369 10748 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:29:38.0369 10748 ALG - ok
20:29:38.0385 10748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:29:38.0385 10748 aliide - ok
20:29:38.0385 10748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:29:38.0400 10748 amdide - ok
20:29:38.0416 10748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:29:38.0416 10748 AmdK8 - ok
20:29:38.0432 10748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:29:38.0432 10748 AmdPPM - ok
20:29:38.0447 10748 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:29:38.0463 10748 amdsata - ok
20:29:38.0478 10748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:29:38.0478 10748 amdsbs - ok
20:29:38.0494 10748 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:29:38.0494 10748 amdxata - ok
20:29:38.0494 10748 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:29:38.0494 10748 AppID - ok
20:29:38.0510 10748 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:29:38.0510 10748 AppIDSvc - ok
20:29:38.0541 10748 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:29:38.0541 10748 Appinfo - ok
20:29:38.0603 10748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:29:38.0603 10748 Apple Mobile Device - ok
20:29:38.0634 10748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:29:38.0634 10748 arc - ok
20:29:38.0650 10748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:29:38.0666 10748 arcsas - ok
20:29:38.0728 10748 AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys
20:29:38.0728 10748 AsIO - ok
20:29:38.0775 10748 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
20:29:38.0775 10748 asmthub3 - ok
20:29:38.0806 10748 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
20:29:38.0806 10748 asmtxhci - ok
20:29:38.0822 10748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:29:38.0822 10748 AsyncMac - ok
20:29:38.0837 10748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:29:38.0837 10748 atapi - ok
20:29:38.0868 10748 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:29:38.0868 10748 AtiPcie - ok
20:29:38.0915 10748 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:29:38.0915 10748 AudioEndpointBuilder - ok
20:29:38.0931 10748 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:29:38.0931 10748 AudioSrv - ok
20:29:39.0024 10748 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
20:29:39.0024 10748 AVP - ok
20:29:39.0040 10748 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:29:39.0056 10748 AxInstSV - ok
20:29:39.0071 10748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:29:39.0071 10748 b06bdrv - ok
20:29:39.0087 10748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:29:39.0087 10748 b57nd60a - ok
20:29:39.0102 10748 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:29:39.0102 10748 BDESVC - ok
20:29:39.0118 10748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:29:39.0118 10748 Beep - ok
20:29:39.0180 10748 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:29:39.0180 10748 BFE - ok
20:29:39.0243 10748 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:29:39.0258 10748 BITS - ok
20:29:39.0274 10748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:29:39.0274 10748 blbdrive - ok
20:29:39.0336 10748 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:29:39.0352 10748 Bonjour Service - ok
20:29:39.0352 10748 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:29:39.0352 10748 bowser - ok
20:29:39.0383 10748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:29:39.0383 10748 BrFiltLo - ok
20:29:39.0399 10748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:29:39.0399 10748 BrFiltUp - ok
20:29:39.0414 10748 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:29:39.0414 10748 Browser - ok
20:29:39.0414 10748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:29:39.0430 10748 Brserid - ok
20:29:39.0446 10748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:29:39.0446 10748 BrSerWdm - ok
20:29:39.0446 10748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:29:39.0446 10748 BrUsbMdm - ok
20:29:39.0461 10748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:29:39.0461 10748 BrUsbSer - ok
20:29:39.0461 10748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:29:39.0461 10748 BTHMODEM - ok
20:29:39.0477 10748 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:29:39.0477 10748 bthserv - ok
20:29:39.0492 10748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:29:39.0492 10748 cdfs - ok
20:29:39.0508 10748 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:29:39.0524 10748 cdrom - ok
20:29:39.0539 10748 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:29:39.0539 10748 CertPropSvc - ok
20:29:39.0539 10748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:29:39.0539 10748 circlass - ok
20:29:39.0555 10748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:29:39.0555 10748 CLFS - ok
20:29:39.0617 10748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:39.0633 10748 clr_optimization_v2.0.50727_32 - ok
20:29:39.0680 10748 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:29:39.0680 10748 clr_optimization_v2.0.50727_64 - ok
20:29:39.0742 10748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:29:39.0742 10748 clr_optimization_v4.0.30319_32 - ok
20:29:39.0789 10748 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:29:39.0789 10748 clr_optimization_v4.0.30319_64 - ok
20:29:39.0804 10748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:29:39.0804 10748 CmBatt - ok
20:29:39.0820 10748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:29:39.0820 10748 cmdide - ok
20:29:39.0851 10748 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:29:39.0851 10748 CNG - ok
20:29:39.0867 10748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:29:39.0867 10748 Compbatt - ok
20:29:39.0882 10748 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:29:39.0882 10748 CompositeBus - ok
20:29:39.0882 10748 COMSysApp - ok
20:29:39.0914 10748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:29:39.0914 10748 crcdisk - ok
20:29:39.0945 10748 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:29:39.0945 10748 CryptSvc - ok
20:29:39.0976 10748 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:29:39.0992 10748 DcomLaunch - ok
20:29:40.0007 10748 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:29:40.0007 10748 defragsvc - ok
20:29:40.0023 10748 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:29:40.0023 10748 DfsC - ok
20:29:40.0054 10748 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:29:40.0054 10748 Dhcp - ok
20:29:40.0054 10748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:29:40.0054 10748 discache - ok
20:29:40.0070 10748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:29:40.0070 10748 Disk - ok
20:29:40.0163 10748 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:29:40.0179 10748 Dnscache - ok
20:29:40.0194 10748 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:29:40.0210 10748 dot3svc - ok
20:29:40.0210 10748 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:29:40.0210 10748 DPS - ok
20:29:40.0241 10748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:29:40.0241 10748 drmkaud - ok
20:29:40.0288 10748 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:29:40.0304 10748 DXGKrnl - ok
20:29:40.0319 10748 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:29:40.0319 10748 EapHost - ok
20:29:40.0460 10748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:29:40.0553 10748 ebdrv - ok
20:29:40.0772 10748 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:29:40.0772 10748 EFS - ok
20:29:40.0834 10748 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:29:40.0850 10748 ehRecvr - ok
20:29:40.0865 10748 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:29:40.0865 10748 ehSched - ok
20:29:40.0912 10748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:29:40.0912 10748 elxstor - ok
20:29:40.0928 10748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:29:40.0928 10748 ErrDev - ok
20:29:40.0959 10748 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:29:40.0959 10748 EventSystem - ok
20:29:40.0974 10748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:29:40.0990 10748 exfat - ok
20:29:41.0052 10748 Fabs - ok
20:29:41.0068 10748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:29:41.0068 10748 fastfat - ok
20:29:41.0146 10748 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:29:41.0146 10748 Fax - ok
20:29:41.0146 10748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:29:41.0146 10748 fdc - ok
20:29:41.0162 10748 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:29:41.0162 10748 fdPHost - ok
20:29:41.0177 10748 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:29:41.0177 10748 FDResPub - ok
20:29:41.0193 10748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:29:41.0193 10748 FileInfo - ok
20:29:41.0193 10748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:29:41.0193 10748 Filetrace - ok
20:29:41.0318 10748 FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
20:29:41.0333 10748 FirebirdServerMAGIXInstance - ok
20:29:41.0380 10748 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:29:41.0380 10748 FLEXnet Licensing Service - ok
20:29:41.0474 10748 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:29:41.0474 10748 FLEXnet Licensing Service 64 - ok
20:29:41.0505 10748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:29:41.0505 10748 flpydisk - ok
20:29:41.0520 10748 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:29:41.0536 10748 FltMgr - ok
20:29:41.0567 10748 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:29:41.0583 10748 FontCache - ok
20:29:41.0630 10748 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:29:41.0630 10748 FontCache3.0.0.0 - ok
20:29:41.0645 10748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:29:41.0645 10748 FsDepends - ok
20:29:41.0692 10748 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:29:41.0692 10748 Fs_Rec - ok
20:29:41.0708 10748 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:29:41.0708 10748 fvevol - ok
20:29:41.0723 10748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:29:41.0723 10748 gagp30kx - ok
20:29:41.0754 10748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:29:41.0754 10748 GEARAspiWDM - ok
20:29:41.0801 10748 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:29:41.0817 10748 gpsvc - ok
20:29:41.0864 10748 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:29:41.0879 10748 gupdate - ok
20:29:41.0895 10748 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:29:41.0895 10748 gupdatem - ok
20:29:41.0926 10748 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:29:41.0926 10748 gusvc - ok
20:29:41.0926 10748 hasplms - ok
20:29:41.0926 10748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:29:41.0926 10748 hcw85cir - ok
20:29:41.0973 10748 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:29:41.0973 10748 HdAudAddService - ok
20:29:42.0004 10748 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:29:42.0004 10748 HDAudBus - ok
20:29:42.0004 10748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:29:42.0004 10748 HidBatt - ok
20:29:42.0020 10748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:29:42.0020 10748 HidBth - ok
20:29:42.0020 10748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:29:42.0020 10748 HidIr - ok
20:29:42.0035 10748 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:29:42.0035 10748 hidserv - ok
20:29:42.0082 10748 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:29:42.0082 10748 HidUsb - ok
20:29:42.0098 10748 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:29:42.0098 10748 hkmsvc - ok
20:29:42.0113 10748 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:29:42.0129 10748 HomeGroupListener - ok
20:29:42.0160 10748 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:29:42.0160 10748 HomeGroupProvider - ok
20:29:42.0176 10748 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:29:42.0176 10748 HpSAMD - ok
20:29:42.0238 10748 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:29:42.0254 10748 HTTP - ok
20:29:42.0254 10748 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:29:42.0254 10748 hwpolicy - ok
20:29:42.0285 10748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:29:42.0285 10748 i8042prt - ok
20:29:42.0347 10748 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:29:42.0347 10748 iaStorV - ok
20:29:42.0456 10748 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:29:42.0456 10748 IDriverT - ok
20:29:42.0550 10748 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:29:42.0566 10748 idsvc - ok
20:29:42.0628 10748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:29:42.0628 10748 iirsp - ok
20:29:42.0690 10748 IJPLMSVC (f82bc30bb2b608af8b5540cdbaea93a6) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:29:42.0690 10748 IJPLMSVC - ok
20:29:42.0753 10748 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:29:42.0784 10748 IKEEXT - ok
20:29:42.0956 10748 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
20:29:43.0002 10748 IntcAzAudAddService - ok
20:29:43.0034 10748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:29:43.0034 10748 intelide - ok
20:29:43.0065 10748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:29:43.0065 10748 intelppm - ok
20:29:43.0080 10748 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:29:43.0080 10748 IPBusEnum - ok
20:29:43.0080 10748 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:29:43.0080 10748 IpFilterDriver - ok
20:29:43.0112 10748 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:29:43.0112 10748 iphlpsvc - ok
20:29:43.0112 10748 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:29:43.0112 10748 IPMIDRV - ok
20:29:43.0127 10748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:29:43.0127 10748 IPNAT - ok
20:29:43.0221 10748 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:29:43.0236 10748 iPod Service - ok
20:29:43.0252 10748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:29:43.0252 10748 IRENUM - ok
20:29:43.0252 10748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:29:43.0252 10748 isapnp - ok
20:29:43.0268 10748 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:29:43.0299 10748 iScsiPrt - ok
20:29:43.0314 10748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:29:43.0314 10748 kbdclass - ok
20:29:43.0330 10748 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:29:43.0330 10748 kbdhid - ok
20:29:43.0346 10748 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:43.0346 10748 KeyIso - ok
20:29:43.0439 10748 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
20:29:43.0439 10748 KL1 - ok
20:29:43.0439 10748 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
20:29:43.0439 10748 kl2 - ok
20:29:43.0517 10748 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
20:29:43.0533 10748 KLIF - ok
20:29:43.0548 10748 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
20:29:43.0548 10748 KLIM6 - ok
20:29:43.0548 10748 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
20:29:43.0548 10748 klmouflt - ok
20:29:43.0564 10748 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:29:43.0564 10748 KSecDD - ok
20:29:43.0595 10748 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:29:43.0595 10748 KSecPkg - ok
20:29:43.0595 10748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:29:43.0595 10748 ksthunk - ok
20:29:43.0642 10748 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:29:43.0658 10748 KtmRm - ok
20:29:43.0704 10748 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:29:43.0704 10748 LanmanServer - ok
20:29:43.0736 10748 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:29:43.0736 10748 LanmanWorkstation - ok
20:29:43.0782 10748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:29:43.0782 10748 lltdio - ok
20:29:43.0814 10748 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:29:43.0829 10748 lltdsvc - ok
20:29:43.0845 10748 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:29:43.0845 10748 lmhosts - ok
20:29:43.0876 10748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:29:43.0876 10748 LSI_FC - ok
20:29:43.0892 10748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:29:43.0892 10748 LSI_SAS - ok
20:29:43.0907 10748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:29:43.0907 10748 LSI_SAS2 - ok
20:29:43.0923 10748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:29:43.0923 10748 LSI_SCSI - ok
20:29:43.0954 10748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:29:43.0954 10748 luafv - ok
20:29:43.0985 10748 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:29:43.0985 10748 Mcx2Svc - ok
20:29:43.0985 10748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:29:43.0985 10748 megasas - ok
20:29:44.0016 10748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:29:44.0016 10748 MegaSR - ok
20:29:44.0016 10748 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:29:44.0016 10748 MMCSS - ok
20:29:44.0032 10748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:29:44.0032 10748 Modem - ok
20:29:44.0048 10748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:29:44.0048 10748 monitor - ok
20:29:44.0063 10748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:29:44.0063 10748 mouclass - ok
20:29:44.0063 10748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:29:44.0079 10748 mouhid - ok
20:29:44.0079 10748 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:29:44.0079 10748 mountmgr - ok
20:29:44.0094 10748 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:29:44.0110 10748 mpio - ok
20:29:44.0126 10748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:29:44.0126 10748 mpsdrv - ok
20:29:44.0172 10748 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:29:44.0172 10748 MpsSvc - ok
20:29:44.0188 10748 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:29:44.0188 10748 MRxDAV - ok
20:29:44.0219 10748 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:29:44.0235 10748 mrxsmb - ok
20:29:44.0250 10748 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:29:44.0250 10748 mrxsmb10 - ok
20:29:44.0266 10748 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:29:44.0266 10748 mrxsmb20 - ok
20:29:44.0282 10748 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:29:44.0282 10748 msahci - ok
20:29:44.0297 10748 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:29:44.0297 10748 msdsm - ok
20:29:44.0313 10748 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:29:44.0313 10748 MSDTC - ok
20:29:44.0328 10748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:29:44.0328 10748 Msfs - ok
20:29:44.0328 10748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:29:44.0328 10748 mshidkmdf - ok
20:29:44.0344 10748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:29:44.0344 10748 msisadrv - ok
20:29:44.0375 10748 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:29:44.0375 10748 MSiSCSI - ok
20:29:44.0375 10748 msiserver - ok
20:29:44.0422 10748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:29:44.0422 10748 MSKSSRV - ok
20:29:44.0438 10748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:29:44.0438 10748 MSPCLOCK - ok
20:29:44.0453 10748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:29:44.0453 10748 MSPQM - ok
20:29:44.0469 10748 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:29:44.0469 10748 MsRPC - ok
20:29:44.0484 10748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:29:44.0484 10748 mssmbios - ok
20:29:44.0516 10748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:29:44.0516 10748 MSTEE - ok
20:29:44.0531 10748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:29:44.0531 10748 MTConfig - ok
20:29:44.0562 10748 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
20:29:44.0562 10748 MTsensor - ok
20:29:44.0578 10748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:29:44.0578 10748 Mup - ok
20:29:44.0609 10748 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:29:44.0625 10748 napagent - ok
20:29:44.0656 10748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:29:44.0656 10748 NativeWifiP - ok
20:29:44.0687 10748 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:29:44.0703 10748 NDIS - ok
20:29:44.0718 10748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:29:44.0718 10748 NdisCap - ok
20:29:44.0750 10748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:29:44.0750 10748 NdisTapi - ok
20:29:44.0765 10748 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:29:44.0765 10748 Ndisuio - ok
20:29:44.0781 10748 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:29:44.0781 10748 NdisWan - ok
20:29:44.0796 10748 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:29:44.0796 10748 NDProxy - ok
20:29:44.0906 10748 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:29:44.0937 10748 Nero BackItUp Scheduler 4.0 - ok
20:29:44.0952 10748 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
20:29:44.0952 10748 Netaapl - ok
20:29:44.0952 10748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:29:44.0952 10748 NetBIOS - ok
20:29:44.0984 10748 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:29:44.0984 10748 NetBT - ok
20:29:44.0999 10748 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:44.0999 10748 Netlogon - ok
20:29:45.0062 10748 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:29:45.0077 10748 Netman - ok
20:29:45.0093 10748 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:29:45.0108 10748 netprofm - ok
20:29:45.0140 10748 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:45.0155 10748 NetTcpPortSharing - ok
20:29:45.0186 10748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:29:45.0186 10748 nfrd960 - ok
20:29:45.0218 10748 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:29:45.0218 10748 NlaSvc - ok
20:29:45.0233 10748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:29:45.0233 10748 Npfs - ok
20:29:45.0249 10748 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:29:45.0249 10748 nsi - ok
20:29:45.0249 10748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:29:45.0249 10748 nsiproxy - ok
20:29:45.0327 10748 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:29:45.0342 10748 Ntfs - ok
20:29:45.0389 10748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:29:45.0389 10748 Null - ok
20:29:45.0420 10748 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
20:29:45.0436 10748 NVHDA - ok
20:29:45.0888 10748 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:29:46.0060 10748 nvlddmkm - ok
20:29:46.0107 10748 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:29:46.0107 10748 nvraid - ok
20:29:46.0138 10748 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:29:46.0138 10748 nvstor - ok
20:29:46.0200 10748 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:29:46.0216 10748 nvsvc - ok
20:29:46.0434 10748 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:29:46.0450 10748 nvUpdatusService - ok
20:29:46.0481 10748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:29:46.0481 10748 nv_agp - ok
20:29:46.0497 10748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:29:46.0497 10748 ohci1394 - ok
20:29:46.0590 10748 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:46.0590 10748 ose - ok
20:29:46.0824 10748 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:29:46.0856 10748 osppsvc - ok
20:29:46.0902 10748 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:29:46.0902 10748 p2pimsvc - ok
20:29:46.0934 10748 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:29:46.0934 10748 p2psvc - ok
20:29:46.0949 10748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:29:46.0949 10748 Parport - ok
20:29:46.0980 10748 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:29:46.0980 10748 partmgr - ok
20:29:46.0996 10748 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:29:46.0996 10748 PcaSvc - ok
20:29:47.0027 10748 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:29:47.0027 10748 pci - ok
20:29:47.0027 10748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:29:47.0027 10748 pciide - ok
20:29:47.0043 10748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:29:47.0043 10748 pcmcia - ok
20:29:47.0043 10748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:29:47.0043 10748 pcw - ok
20:29:47.0074 10748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:29:47.0074 10748 PEAUTH - ok
20:29:47.0136 10748 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:29:47.0136 10748 PerfHost - ok
20:29:47.0214 10748 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:29:47.0230 10748 pla - ok
20:29:47.0292 10748 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:29:47.0308 10748 PlugPlay - ok
20:29:47.0308 10748 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:29:47.0308 10748 PNRPAutoReg - ok
20:29:47.0324 10748 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:29:47.0339 10748 PNRPsvc - ok
20:29:47.0370 10748 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:29:47.0386 10748 PolicyAgent - ok
20:29:47.0402 10748 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:29:47.0417 10748 Power - ok
20:29:47.0433 10748 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:29:47.0433 10748 PptpMiniport - ok
20:29:47.0448 10748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:29:47.0448 10748 Processor - ok
20:29:47.0464 10748 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:29:47.0480 10748 ProfSvc - ok
20:29:47.0495 10748 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:47.0495 10748 ProtectedStorage - ok
20:29:47.0495 10748 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:29:47.0511 10748 Psched - ok
20:29:47.0511 10748 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
20:29:47.0526 10748 PxHlpa64 - ok
20:29:47.0589 10748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:29:47.0604 10748 ql2300 - ok
20:29:47.0667 10748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:29:47.0667 10748 ql40xx - ok
20:29:47.0698 10748 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:29:47.0698 10748 QWAVE - ok
20:29:47.0714 10748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:29:47.0714 10748 QWAVEdrv - ok
20:29:47.0729 10748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:29:47.0729 10748 RasAcd - ok
20:29:47.0745 10748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:29:47.0745 10748 RasAgileVpn - ok
20:29:47.0760 10748 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:29:47.0776 10748 RasAuto - ok
20:29:47.0776 10748 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:29:47.0776 10748 Rasl2tp - ok
20:29:47.0807 10748 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:29:47.0807 10748 RasMan - ok
20:29:47.0823 10748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:29:47.0823 10748 RasPppoe - ok
20:29:47.0823 10748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:29:47.0823 10748 RasSstp - ok
20:29:47.0854 10748 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:29:47.0854 10748 rdbss - ok
20:29:47.0870 10748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:29:47.0870 10748 rdpbus - ok
20:29:47.0885 10748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:29:47.0885 10748 RDPCDD - ok
20:29:47.0901 10748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:29:47.0901 10748 RDPENCDD - ok
20:29:47.0916 10748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:29:47.0916 10748 RDPREFMP - ok
20:29:47.0948 10748 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:29:47.0948 10748 RDPWD - ok
20:29:47.0963 10748 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:29:47.0963 10748 rdyboost - ok
20:29:48.0010 10748 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:29:48.0026 10748 RemoteAccess - ok
20:29:48.0041 10748 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:29:48.0041 10748 RemoteRegistry - ok
20:29:48.0041 10748 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:29:48.0057 10748 RpcEptMapper - ok
20:29:48.0072 10748 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:29:48.0072 10748 RpcLocator - ok
20:29:48.0104 10748 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:29:48.0119 10748 RpcSs - ok
20:29:48.0135 10748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:29:48.0135 10748 rspndr - ok
20:29:48.0182 10748 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:29:48.0182 10748 RTL8167 - ok
20:29:48.0197 10748 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:48.0197 10748 SamSs - ok
20:29:48.0213 10748 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:29:48.0213 10748 sbp2port - ok
20:29:48.0228 10748 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:29:48.0244 10748 SCardSvr - ok
20:29:48.0244 10748 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:29:48.0244 10748 scfilter - ok
20:29:48.0291 10748 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:29:48.0306 10748 Schedule - ok
20:29:48.0322 10748 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:29:48.0322 10748 SCPolicySvc - ok
20:29:48.0338 10748 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:29:48.0338 10748 SDRSVC - ok
20:29:48.0353 10748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:29:48.0353 10748 secdrv - ok
20:29:48.0353 10748 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:29:48.0353 10748 seclogon - ok
20:29:48.0369 10748 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:29:48.0369 10748 SENS - ok
20:29:48.0384 10748 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:29:48.0384 10748 SensrSvc - ok
20:29:48.0400 10748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:29:48.0400 10748 Serenum - ok
20:29:48.0416 10748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:29:48.0416 10748 Serial - ok
20:29:48.0431 10748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:29:48.0431 10748 sermouse - ok
20:29:48.0447 10748 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:29:48.0447 10748 SessionEnv - ok
20:29:48.0462 10748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:29:48.0462 10748 sffdisk - ok
20:29:48.0462 10748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:29:48.0462 10748 sffp_mmc - ok
20:29:48.0462 10748 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:29:48.0462 10748 sffp_sd - ok
20:29:48.0478 10748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:29:48.0478 10748 sfloppy - ok
20:29:48.0509 10748 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:29:48.0509 10748 SharedAccess - ok
20:29:48.0540 10748 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:29:48.0540 10748 ShellHWDetection - ok
20:29:48.0556 10748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:29:48.0556 10748 SiSRaid2 - ok
20:29:48.0572 10748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:29:48.0572 10748 SiSRaid4 - ok
20:29:48.0587 10748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:29:48.0587 10748 Smb - ok
20:29:48.0618 10748 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:29:48.0618 10748 SNMPTRAP - ok
20:29:48.0618 10748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:29:48.0618 10748 spldr - ok
20:29:48.0650 10748 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:29:48.0650 10748 Spooler - ok
20:29:48.0774 10748 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:29:48.0790 10748 sppsvc - ok
20:29:48.0837 10748 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:29:48.0837 10748 sppuinotify - ok
20:29:48.0868 10748 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:29:48.0884 10748 srv - ok
20:29:48.0899 10748 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:29:48.0899 10748 srv2 - ok
20:29:48.0915 10748 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:29:48.0915 10748 srvnet - ok
20:29:48.0930 10748 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:29:48.0946 10748 SSDPSRV - ok
20:29:48.0962 10748 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:29:48.0962 10748 SstpSvc - ok
20:29:48.0977 10748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:29:48.0977 10748 stexstor - ok
20:29:49.0055 10748 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:29:49.0071 10748 stisvc - ok
20:29:49.0086 10748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:29:49.0086 10748 swenum - ok
20:29:49.0118 10748 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:29:49.0118 10748 swprv - ok
20:29:49.0196 10748 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:29:49.0211 10748 SysMain - ok
20:29:49.0227 10748 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:29:49.0242 10748 TabletInputService - ok
20:29:49.0258 10748 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:29:49.0258 10748 TapiSrv - ok
20:29:49.0274 10748 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:29:49.0274 10748 TBS - ok
20:29:49.0383 10748 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:29:49.0398 10748 Tcpip - ok
20:29:49.0492 10748 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:29:49.0492 10748 TCPIP6 - ok
20:29:49.0523 10748 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:29:49.0523 10748 tcpipreg - ok
20:29:49.0539 10748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:29:49.0539 10748 TDPIPE - ok
20:29:49.0554 10748 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:29:49.0554 10748 TDTCP - ok
20:29:49.0570 10748 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:29:49.0570 10748 tdx - ok
20:29:49.0570 10748 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:29:49.0570 10748 TermDD - ok
20:29:49.0601 10748 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:29:49.0617 10748 TermService - ok
20:29:49.0632 10748 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:29:49.0632 10748 Themes - ok
20:29:49.0648 10748 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:29:49.0648 10748 THREADORDER - ok
20:29:49.0664 10748 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:29:49.0664 10748 TrkWks - ok
20:29:49.0710 10748 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:29:49.0710 10748 TrustedInstaller - ok
20:29:49.0742 10748 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:29:49.0742 10748 tssecsrv - ok
20:29:49.0757 10748 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:29:49.0757 10748 TsUsbFlt - ok
20:29:49.0773 10748 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:29:49.0773 10748 TsUsbGD - ok
20:29:49.0898 10748 TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
20:29:49.0913 10748 TuneUp.UtilitiesSvc - ok
20:29:49.0960 10748 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
20:29:49.0960 10748 TuneUpUtilitiesDrv - ok
20:29:49.0991 10748 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:29:49.0991 10748 tunnel - ok
20:29:50.0007 10748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:29:50.0007 10748 uagp35 - ok
20:29:50.0022 10748 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:29:50.0038 10748 udfs - ok
20:29:50.0054 10748 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:29:50.0054 10748 UI0Detect - ok
20:29:50.0069 10748 UimBus (34859d3801f4bd3dacfa131dd928455a) C:\Windows\system32\DRIVERS\uimx64.sys
20:29:50.0069 10748 UimBus - ok
20:29:50.0100 10748 Uim_IM (d3ce4776e7ffb25e6935b1c797f4650c) C:\Windows\system32\Drivers\Uim_IMx64.sys
20:29:50.0100 10748 Uim_IM - ok
20:29:50.0132 10748 Uim_VIM (532e4bed5c7803b2ee5681818b2528b7) C:\Windows\system32\Drivers\uim_vimx64.sys
20:29:50.0132 10748 Uim_VIM - ok
20:29:50.0147 10748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:29:50.0147 10748 uliagpkx - ok
20:29:50.0163 10748 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:29:50.0163 10748 umbus - ok
20:29:50.0163 10748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:29:50.0163 10748 UmPass - ok
20:29:50.0194 10748 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:29:50.0194 10748 upnphost - ok
20:29:50.0225 10748 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:29:50.0225 10748 USBAAPL64 - ok
20:29:50.0256 10748 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:29:50.0256 10748 usbccgp - ok
20:29:50.0256 10748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:29:50.0256 10748 usbcir - ok
20:29:50.0288 10748 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:29:50.0288 10748 usbehci - ok
20:29:50.0303 10748 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:29:50.0303 10748 usbhub - ok
20:29:50.0319 10748 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:29:50.0334 10748 usbohci - ok
20:29:50.0350 10748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:29:50.0350 10748 usbprint - ok
20:29:50.0366 10748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:29:50.0366 10748 usbscan - ok
20:29:50.0381 10748 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:29:50.0381 10748 USBSTOR - ok
20:29:50.0397 10748 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:29:50.0397 10748 usbuhci - ok
20:29:50.0412 10748 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:29:50.0412 10748 UxSms - ok
20:29:50.0444 10748 UxTuneUp (5b0cd0238b864ca71ea80e4fa1a988af) C:\Windows\System32\uxtuneup.dll
20:29:50.0459 10748 UxTuneUp - ok
20:29:50.0475 10748 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:29:50.0475 10748 VaultSvc - ok
20:29:50.0490 10748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:29:50.0490 10748 vdrvroot - ok
20:29:50.0522 10748 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:29:50.0537 10748 vds - ok
20:29:50.0537 10748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:29:50.0537 10748 vga - ok
20:29:50.0553 10748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:29:50.0553 10748 VgaSave - ok
20:29:50.0568 10748 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:29:50.0568 10748 vhdmp - ok
20:29:50.0584 10748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:29:50.0584 10748 viaide - ok
20:29:50.0584 10748 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:29:50.0584 10748 volmgr - ok
20:29:50.0600 10748 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:29:50.0600 10748 volmgrx - ok
20:29:50.0615 10748 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:29:50.0631 10748 volsnap - ok
20:29:50.0646 10748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:29:50.0646 10748 vsmraid - ok
20:29:50.0709 10748 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:29:50.0724 10748 VSS - ok
20:29:50.0756 10748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:29:50.0756 10748 vwifibus - ok
20:29:50.0943 10748 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:29:50.0958 10748 W32Time - ok
20:29:50.0974 10748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:29:50.0974 10748 WacomPen - ok
20:29:50.0990 10748 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:29:50.0990 10748 WANARP - ok
20:29:51.0005 10748 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:29:51.0005 10748 Wanarpv6 - ok
20:29:51.0083 10748 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:29:51.0099 10748 wbengine - ok
20:29:51.0130 10748 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:29:51.0130 10748 WbioSrvc - ok
20:29:51.0146 10748 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:29:51.0161 10748 wcncsvc - ok
20:29:51.0177 10748 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:29:51.0177 10748 WcsPlugInService - ok
20:29:51.0192 10748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:29:51.0192 10748 Wd - ok
20:29:51.0208 10748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:29:51.0208 10748 Wdf01000 - ok
20:29:51.0224 10748 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:29:51.0224 10748 WdiServiceHost - ok
20:29:51.0224 10748 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:29:51.0224 10748 WdiSystemHost - ok
20:29:51.0239 10748 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:29:51.0239 10748 WebClient - ok
20:29:51.0255 10748 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:29:51.0270 10748 Wecsvc - ok
20:29:51.0286 10748 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:29:51.0286 10748 wercplsupport - ok
20:29:51.0317 10748 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:29:51.0333 10748 WerSvc - ok
20:29:51.0348 10748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:29:51.0348 10748 WfpLwf - ok
20:29:51.0364 10748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:29:51.0364 10748 WIMMount - ok
20:29:51.0395 10748 WinDefend - ok
20:29:51.0411 10748 WinHttpAutoProxySvc - ok
20:29:51.0520 10748 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:29:51.0520 10748 Winmgmt - ok
20:29:51.0629 10748 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:29:51.0645 10748 WinRM - ok
20:29:51.0707 10748 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:29:51.0707 10748 WinUsb - ok
20:29:51.0770 10748 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:29:51.0785 10748 Wlansvc - ok
20:29:51.0816 10748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:29:51.0816 10748 WmiAcpi - ok
20:29:51.0832 10748 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:29:51.0832 10748 wmiApSrv - ok
20:29:51.0863 10748 WMPNetworkSvc - ok
20:29:51.0894 10748 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:29:51.0894 10748 WPCSvc - ok
20:29:51.0910 10748 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:29:51.0926 10748 WPDBusEnum - ok
20:29:51.0941 10748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:29:51.0941 10748 ws2ifsl - ok
20:29:51.0957 10748 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:29:51.0957 10748 wscsvc - ok
20:29:51.0957 10748 WSearch - ok
20:29:52.0050 10748 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:29:52.0082 10748 wuauserv - ok
20:29:52.0128 10748 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:29:52.0128 10748 WudfPf - ok
20:29:52.0160 10748 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:29:52.0160 10748 WUDFRd - ok
20:29:52.0191 10748 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:29:52.0191 10748 wudfsvc - ok
20:29:52.0222 10748 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:29:52.0222 10748 WwanSvc - ok
20:29:52.0253 10748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:29:52.0487 10748 \Device\Harddisk0\DR0 - ok
20:29:52.0503 10748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk6\DR6
20:29:52.0674 10748 \Device\Harddisk6\DR6 - ok
20:29:52.0690 10748 Boot (0x1200) (b34fbb7f4fe7cc0307a389ca60c17a52) \Device\Harddisk0\DR0\Partition0
20:29:52.0690 10748 \Device\Harddisk0\DR0\Partition0 - ok
20:29:52.0706 10748 Boot (0x1200) (ce51529030662d0803b94ae55d2ed17c) \Device\Harddisk0\DR0\Partition1
20:29:52.0706 10748 \Device\Harddisk0\DR0\Partition1 - ok
20:29:52.0721 10748 Boot (0x1200) (444a5c579fc20d59c7faa1287317b496) \Device\Harddisk0\DR0\Partition2
20:29:52.0737 10748 \Device\Harddisk0\DR0\Partition2 - ok
20:29:52.0737 10748 Boot (0x1200) (de6c99818c5193cba28e902ba4ea51f5) \Device\Harddisk6\DR6\Partition0
20:29:52.0737 10748 \Device\Harddisk6\DR6\Partition0 - ok
20:29:52.0737 10748 ============================================================
20:29:52.0737 10748 Scan finished
20:29:52.0737 10748 ============================================================
20:29:52.0768 7788 Detected object count: 0
20:29:52.0768 7788 Actual detected object count: 0




und hier kommt AdwCleaner

# AdwCleaner v1.609 - Logfile created 06/12/2012 at 20:30:39
# Updated 10/06/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - AUDIOVIDEO-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [Registre - GUID] *****

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.1 (de)

-\\ Google Chrome v19.0.1084.56

*************************

AdwCleaner[R1].txt - [1150 octets] - [12/06/2012 20:30:39]

########## EOF - C:\AdwCleaner[R1].txt - [1278 octets] ##########
__________________

Alt 13.06.2012, 09:19   #4
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



CkScan


Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.06.2012, 11:50   #5
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Hallo!

Hier das Ergebnis zu CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\fonts pc\christmas-on-crack.ttf
c:\fonts pc\crackaddict.ttf
c:\fonts pc\crackdown-o1--brk-.ttf
c:\fonts pc\crackdown-o1-brk.ttf
c:\fonts pc\crackdown-o2--brk-.ttf
c:\fonts pc\crackdown-o2-brk.ttf
c:\fonts pc\crackdown-r--brk-.ttf
c:\fonts pc\crackdown-r-brk.ttf
c:\fonts pc\crackdown-r2-brk.ttf
c:\fonts pc\cracked-johnnie.ttf
c:\fonts pc\crackman.ttf
c:\fonts pc\crackwhore.ttf
c:\fonts pc\fz-jazzy-12-cracked.ttf
c:\fonts pc\kr-all-cracked-up.ttf
c:\fonts pc\lots-of-dead-crack-babies.ttf
c:\fonts pc\wherecracksappear.ttf
c:\fonts pc\wisecrack.ttf
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\de_de\vstplugins\decrackler6.dll
c:\users\user\music\itunes\itunes media\music\neil diamond\neil diamond_ the greatest hits 1966-199\1-14 cracklin' rosie (live version).m4a
scanner sequence 3.ZZ.11.RTAPFJ
----- EOF -----

Schöne Grüße!


Alt 13.06.2012, 11:53   #6
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Schritt 1: Fix mit adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein

Alt 13.06.2012, 14:36   #7
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



adwCleaner:

# AdwCleaner v1.609 - Logfile created 06/13/2012 at 14:33:45
# Updated 10/06/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - AUDIOVIDEO-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [Registre - GUID] *****

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.1 (de)

-\\ Google Chrome v19.0.1084.56

*************************

AdwCleaner[R1].txt - [1273 octets] - [12/06/2012 20:30:39]
AdwCleaner[R2].txt - [1333 octets] - [13/06/2012 14:12:31]
AdwCleaner[R3].txt - [1270 octets] - [13/06/2012 14:33:45]

########## EOF - C:\AdwCleaner[R3].txt - [1398 octets] ##########





Combofix

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-13.01 - User 13.06.2012  14:17:06.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16383.13861 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E7E1122F-3B47-4F9C-AF86-8DBCE0F06F13}.xps
c:\users\User\AppData\Roaming\8FFB8B89.reg
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 12:21 . 2012-06-13 12:21	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-06-13 12:21 . 2012-06-13 12:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-10 20:05 . 2012-06-10 20:06	--------	d-----w-	c:\program files (x86)\FRITZ!Box Monitor
2012-06-09 04:00 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F8B52A-C34E-4A5A-9F71-503778BA473A}\mpengine.dll
2012-06-06 06:06 . 2004-02-26 22:00	962612	----a-w-	c:\windows\SysWow64\mfc42d.dll
2012-06-06 06:06 . 2004-02-16 22:00	434252	----a-w-	c:\windows\SysWow64\MSVCRTD.DLL
2012-06-06 06:06 . 2012-06-06 06:05	24576	----a-w-	c:\windows\SysWow64\AsIO.dll
2012-06-06 06:06 . 2012-06-06 06:05	13368	----a-w-	c:\windows\SysWow64\drivers\AsIO.sys
2012-05-22 19:57 . 2012-05-22 19:57	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2012-05-22 19:57 . 2012-05-22 19:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-22 19:44 . 2012-05-22 19:53	--------	d-----w-	C:\sh4ldr
2012-05-22 19:44 . 2012-05-22 19:44	--------	d-----w-	c:\program files\Enigma Software Group
2012-05-22 19:43 . 2012-05-22 19:53	--------	d-----w-	c:\windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-22 19:43 . 2012-05-22 19:43	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-17 19:27 . 2012-05-17 19:27	--------	d-----w-	c:\program files (x86)\QuickTime
2012-05-16 12:51 . 2011-04-24 21:13	110992	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-05-16 12:51 . 2011-04-24 21:13	147856	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-05-16 12:51 . 2012-06-13 12:23	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-05-16 12:51 . 2012-05-16 12:51	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2012-05-16 08:23 . 2012-05-16 08:23	--------	d-----w-	c:\users\User\AppData\Local\MGTEK
2012-05-16 08:22 . 2012-05-16 08:22	--------	d-----w-	c:\programdata\MGTEK
2012-05-16 06:39 . 2012-05-16 06:39	--------	d-----w-	c:\users\User\AppData\Roaming\NVIDIA
2012-05-16 05:59 . 2012-05-16 05:59	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-05-16 05:59 . 2012-05-16 05:59	--------	d-----w-	c:\program files (x86)\Oracle
2012-05-16 05:58 . 2012-04-04 16:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-16 05:55 . 2012-05-17 21:07	--------	d-----w-	c:\users\User\AppData\Roaming\vlc
2012-05-16 05:26 . 2012-05-16 05:26	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-16 05:26 . 2012-05-16 05:26	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-15 15:09 . 2012-05-15 15:09	--------	d-----w-	c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 18:45 . 2012-03-31 03:32	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 18:45 . 2012-01-11 15:18	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:25 . 2012-03-31 04:25	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 12:12 . 2007-04-27 09:43	120200	----a-w-	c:\windows\SysWow64\DLLDEV32i.dll
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-04 16:47 . 2012-01-11 15:21	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-03-31 06:05 . 2012-05-10 19:34	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 19:34	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 19:34	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 19:34	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 19:33	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 19:33	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-14 39408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-01 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe" [2008-08-07 90112]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"AVMFBoxMonitor"="c:\program files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [2009-07-06 1503232]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-12 1038088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:45]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 22:14]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 22:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zvatqlle.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-MusicMaster for Windows - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASCOMP Software\Synchredible\synchredible.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-13  14:29:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-13 12:29
.
Vor Suchlauf: 13 Verzeichnis(se), 113.563.283.456 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 113.479.565.312 Bytes frei
.
- - End Of File - - B58E4233DFD325CA8735FFBE410ACAA2
         
--- --- ---

Alt 14.06.2012, 08:41   #8
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DIRLOOK::
C:\sh4ldr
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 14.06.2012, 09:41   #9
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Hallo!

Hier die gewünschte Auswertung:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-13.05 - User 14.06.2012   9:03.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16383.14050 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\User\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-14 bis 2012-06-14  ))))))))))))))))))))))))))))))
.
.
2012-06-14 07:08 . 2012-06-14 07:08	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-06-14 07:08 . 2012-06-14 07:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-14 05:00 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B913E58-EEAA-4FA5-9497-215491169119}\mpengine.dll
2012-06-10 20:05 . 2012-06-10 20:06	--------	d-----w-	c:\program files (x86)\FRITZ!Box Monitor
2012-06-06 06:06 . 2004-02-26 22:00	962612	----a-w-	c:\windows\SysWow64\mfc42d.dll
2012-06-06 06:06 . 2004-02-16 22:00	434252	----a-w-	c:\windows\SysWow64\MSVCRTD.DLL
2012-06-06 06:06 . 2012-06-06 06:05	24576	----a-w-	c:\windows\SysWow64\AsIO.dll
2012-06-06 06:06 . 2012-06-06 06:05	13368	----a-w-	c:\windows\SysWow64\drivers\AsIO.sys
2012-05-22 19:57 . 2012-05-22 19:57	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2012-05-22 19:57 . 2012-05-22 19:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-22 19:44 . 2012-05-22 19:53	--------	d-----w-	C:\sh4ldr
2012-05-22 19:44 . 2012-05-22 19:44	--------	d-----w-	c:\program files\Enigma Software Group
2012-05-22 19:43 . 2012-05-22 19:53	--------	d-----w-	c:\windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-22 19:43 . 2012-05-22 19:43	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 19:27 . 2012-05-17 19:27	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-17 19:27 . 2012-05-17 19:27	--------	d-----w-	c:\program files (x86)\QuickTime
2012-05-16 12:51 . 2011-04-24 21:13	110992	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-05-16 12:51 . 2011-04-24 21:13	147856	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-05-16 12:51 . 2012-06-14 07:09	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-05-16 12:51 . 2012-05-16 12:51	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2012-05-16 08:23 . 2012-05-16 08:23	--------	d-----w-	c:\users\User\AppData\Local\MGTEK
2012-05-16 08:22 . 2012-05-16 08:22	--------	d-----w-	c:\programdata\MGTEK
2012-05-16 06:39 . 2012-05-16 06:39	--------	d-----w-	c:\users\User\AppData\Roaming\NVIDIA
2012-05-16 05:59 . 2012-05-16 05:59	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-05-16 05:59 . 2012-05-16 05:59	--------	d-----w-	c:\program files (x86)\Oracle
2012-05-16 05:58 . 2012-04-04 16:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-16 05:55 . 2012-05-17 21:07	--------	d-----w-	c:\users\User\AppData\Roaming\vlc
2012-05-16 05:26 . 2012-05-16 05:26	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-16 05:26 . 2012-05-16 05:26	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-15 15:09 . 2012-05-15 15:09	--------	d-----w-	c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 18:45 . 2012-03-31 03:32	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 18:45 . 2012-01-11 15:18	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:25 . 2012-03-31 04:25	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 12:12 . 2007-04-27 09:43	120200	----a-w-	c:\windows\SysWow64\DLLDEV32i.dll
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-04 16:47 . 2012-01-11 15:21	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-03-31 06:05 . 2012-05-10 19:34	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 19:34	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 19:34	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 19:34	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 19:33	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 19:33	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\sh4ldr ----
.
2012-05-22 19:44 . 2012-05-22 19:44	8192	----a-w-	c:\sh4ldr\shldr.mbr
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-13_12.24.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-14 04:55	45572              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-14 04:55	34760              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-11 12:01 . 2012-06-14 04:55	14380              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-801218467-2357481680-3807684844-1000_UserData.bin
- 2012-01-11 18:35 . 2012-06-13 05:30	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-11 18:35 . 2012-06-14 04:57	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-11 18:35 . 2012-06-13 05:30	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 18:35 . 2012-06-14 04:57	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-14 04:57	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-13 05:30	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-14 07:09 . 2012-06-14 07:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-13 12:22 . 2012-06-13 12:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-14 07:09 . 2012-06-14 07:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-13 12:22 . 2012-06-13 12:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-13 12:21	7106896              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-14 07:08	7106896              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-11 15:22 . 2012-06-13 12:22	27814832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-801218467-2357481680-3807684844-1000-8192.dat
+ 2012-01-11 15:22 . 2012-06-14 07:08	27814832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-801218467-2357481680-3807684844-1000-8192.dat
+ 2012-01-11 15:22 . 2012-06-14 07:08	41850160              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-801218467-2357481680-3807684844-1000-4096.dat
- 2012-01-11 15:22 . 2012-06-13 12:22	41850160              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-801218467-2357481680-3807684844-1000-4096.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-14 39408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-01 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe" [2008-08-07 90112]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"AVMFBoxMonitor"="c:\program files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [2009-07-06 1503232]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-12 1038088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:45]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 22:14]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 22:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zvatqlle.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASCOMP Software\Synchredible\synchredible.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-14  09:14:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-14 07:14
ComboFix2.txt  2012-06-13 12:29
.
Vor Suchlauf: 17 Verzeichnis(se), 112.853.180.416 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 112.760.168.448 Bytes frei
.
- - End Of File - - DDD3446F20BFE325DD5AF3844215ADC7
         
--- --- ---

Alt 14.06.2012, 09:51   #10
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



VT


Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    c:\sh4ldr\shldr.mbr
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 14.06.2012, 09:59   #11
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



ich hoffe ich habe alles richtig gemacht ... hier die datei:

https://www.virustotal.com/file/11051fcd453bd1b65b03b3b6b6a28286b556875c7a842f6c3cb9666dcd1c3d99/analysis/1339660577/

Alt 14.06.2012, 11:53   #12
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 15.06.2012, 09:03   #13
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Hallo!

MBAM sowie ESET haben keine Fehler gefunden (NO THREATS FOUND)!



MBAM
Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: AUDIOVIDEO-PC [Administrator]

Schutz: Aktiviert

15.06.2012 07:30:47
mbam-log-2012-06-15 (07-30-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 639732
Laufzeit: 1 Stunde(n), 27 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 15.06.2012, 09:54   #14
Psychotic
/// Malwareteam
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Dann sind wir durch!

Deinstalliere noch die alte Java-Version (Java 6 Update 31)!


Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button



ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



AdwCleaner

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.



OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 15.06.2012, 11:18   #15
MrDisc
 
Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Standard

Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein



Hallo!!!!

Vielen, vielen Dank! Es hat alles reibungslos funktioniert, Software ist deinstalliert und so wie es ausschaut ist alles bereinigt.

Wie kann ich mich erkenntlich zeigen? Gibt es hierzu eine Art "Kaffeekasse" oder ein "SupportSchwein" oder ähnliches?

Vielen Dank auch für die ergänzenden Empfehlungen!

Eines würde mich jetzt noch interessieren, mit welchem Programm wurde nun mein "Fremdkörper" entdeckt und breinigt?


Schöne Grüße und wie schon gesagt, vielen Dank!


MrDisc

Antwort

Themen zu Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein
adobe after effects, alternate, avira, avira searchfree toolbar, benutzerregistrierung, bho, bonjour, browser, cs4/contributeieplugin.dll, document, downloader, enigma, error, festplatte, firefox, flash player, home, hängen, install.exe, kaspersky, langs, logfile, microsoft office word, mp3, nvidia update, origin, pixel, popup, problem, realtek, richtlinie, scan, searchscopes, security, senden, software, svchost.exe, third party, trojaner, unten recht, usb 3.0, version=1.0, werbung, windows



Ähnliche Themen: Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein


  1. Windows 8 macht nichts mehr & Werbung links,unten-rechts,unten-mitte
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (11)
  2. Popup-Fenster und Werbung unten links und rechts im Internet-Explorer
    Log-Analyse und Auswertung - 20.04.2013 (11)
  3. *Popup-Fenster und Werbung unten links und Rechts in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (3)
  4. Werbung rechts und links unten im Browser und falsche Weiterleitungen
    Log-Analyse und Auswertung - 18.11.2012 (5)
  5. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (36)
  6. PopUp rechts unten, Weiterleitung von Links
    Log-Analyse und Auswertung - 10.09.2012 (27)
  7. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Mülltonne - 03.09.2012 (1)
  8. Werbung unten rechts und falsche Weiterleitung.
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (26)
  9. Falsche Links und Werbung unten rechts im Browser
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  10. Quälende Werbung Rechts Unten
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (6)
  11. Wieder mal: Popup rechts unten im Browser
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (10)
  12. Popup unten rechts in Firefox - div. Poker-Seiten, etc
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (7)
  13. Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (15)
  14. Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (36)
  15. Werbung rechts unten, falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (9)
  16. lästiges Popup Poker pkr.com rechts unten
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (1)
  17. Bei start von icq öffner sich fenster unten rechts mit werbung
    Log-Analyse und Auswertung - 02.08.2005 (2)

Zum Thema Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein - Hallo zusammen! Dieses Thema habe ich bei Euch und wohl auch schon ein paar erfolgreiche Gegenmaßnahmen gefunden. Allerdings schreibt Ihr, dass jedes Problem etwas anders ist und dass man nicht - Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein...
Archiv
Du betrachtest: Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.