Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Claro-Search Virus (?)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.12.2012, 23:25   #1
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hallo alle miteinander

Ich habe vor kurzem ein Programm installieren wollen. Statt mit einem tollen Programm wurde ich aber scheinbar mit einem Virus beschenkt. Jetzt ist es so, dass die Startseite von Internet Explorer und Firefox ständig (auf claro-search.com) geändert wird, sobald der Browser geschlossen wird.
Avira AntiVir und Malwarebytes Anti-Malware haben sich nach jeweils einem kompletten Suchlauf über nichts beschwert, claro scheint unsichtbar zu sein.

Hat jemand schon eine Ahnung von diesem claro-search-Problem und/oder weiß, wie man es los wird? Google ist in dieser Sache wohl gegen mich, ich habe keine Lösung gefunden.


// Edit:
Ich bin mir nicht sicher, ob es sich hier um einen Virus handelt oder nicht....
Jedenfalls hab ich jetzt (durch die Logs, die ich mir gerade mal durchgelesen habe) mal geguckt, was sich da getan hat. Unter Anderem wurde bei der Installation etwas namens "Browser Manager" installiert.
Im Startmenü gibt's dazu einen Deinstaller. Führt man den aus, wird die Startseite nicht mehr ständig durch die claro-search seite ersetzt. Fraglich ist, ob trotzdem noch etwas oder gar ein Virus vorhanden ist.
//


Logs von OTL
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.12.2012 00:04:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,73% Memory free
15,92 Gb Paging File | 14,39 Gb Available in Paging File | 90,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 38,64 Gb Free Space | 38,68% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 683,46 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive E: | 93,99 Gb Total Space | 93,90 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1768,93 Gb Total Space | 1343,81 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
 
Computer Name: *****SPC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 00:03:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.11.27 09:03:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.27 09:03:01 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.27 09:03:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012.10.06 08:13:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:48 | 003,477,640 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) -- D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2012.08.16 16:16:04 | 000,402,944 | ---- | M] (Hauppauge Computer Works) -- D:\Programme\Hauppauge\WinTV\TVServer\CaptureGenUSB.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.09.23 20:43:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.02 15:34:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.27 09:03:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.27 09:03:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.14 22:35:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012.10.06 08:13:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.05 22:40:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.08.24 13:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.21 23:21:05 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2012.11.14 19:06:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.14 19:06:59 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.12 15:19:52 | 000,019,840 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2011.12.12 15:19:22 | 000,658,944 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA D8 16 A8 40 A3 CD 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117452&tt=4812_5&babsrc=SP_ss&mntrId=30a5974a00000000000020cf30bbab81
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\Programme\AmazonMP3Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012.11.14 22:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.12.02 15:38:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.12.02 15:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.01 20:14:25 | 000,000,000 | ---D | M]
 
[2012.10.05 22:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.10.05 23:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hcw1svum.default\extensions
[2012.11.23 19:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions
[2012.10.06 21:12:15 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012.10.06 21:12:16 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yym5pkfn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.10.05 22:51:01 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hcw1svum.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.10.05 23:21:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hcw1svum.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.17 23:01:34 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.11.04 10:15:11 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.12 12:37:32 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.08.15 16:17:17 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012.09.06 16:46:01 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.11.23 19:05:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\yym5pkfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2012.12.02 17:02:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = D:\Programme\Nettalk6\Nettalk.exe (Nicolas Kruse)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC601C21-E265-4961-B40C-AA7D8D16AA40}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.08.23 22:57:54 | 000,000,000 | ---D | M] - G:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.03 00:03:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.12.02 23:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.02 23:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.02 17:13:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.02 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.02 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.02 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.02 16:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.02 16:57:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.02 12:10:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.12.02 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 12:10:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.01 21:21:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Roni Music
[2012.12.01 21:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Roni Music
[2012.12.01 20:14:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012.12.01 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.12.01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Babylon
[2012.12.01 20:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.01 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.11.24 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Amazon MP3
[2012.11.24 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Amazon
[2012.11.24 12:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.11.23 16:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.11.23 15:44:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.11.23 15:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.21 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.11.21 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\LibreOffice
[2012.11.21 17:46:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012.11.19 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.11.17 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.11.17 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012.11.16 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.11.16 17:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.11.16 17:12:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Notepad++
[2012.11.16 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.11.16 17:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.11.16 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.11.15 22:32:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AdobeMuse
[2012.11.15 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Adobe Scripts
[2012.11.15 16:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.15 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.14 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PACE Anti-Piracy
[2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.11.14 22:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2012.11.14 22:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Adobe
[2012.11.14 21:02:15 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012.11.14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.11.14 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.11.14 21:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.11.14 21:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.11.14 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.11.14 20:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.11.14 20:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.11.14 20:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.11.14 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.11.14 20:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.14 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.11.14 20:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.11.14 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.11.14 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 00:03:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.12.03 00:03:09 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2012.12.03 00:02:06 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2012.12.02 23:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.02 23:18:41 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 23:18:41 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.02 23:17:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.02 23:17:19 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.02 23:17:19 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.02 23:17:19 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.02 23:17:19 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.02 23:11:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.02 23:10:59 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.02 17:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.01 20:20:46 | 000,000,054 | ---- | M] () -- C:\Windows\Player.INI
[2012.11.28 20:33:06 | 000,000,132 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.11.28 14:36:48 | 005,473,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.23 16:39:01 | 000,000,600 | ---- | M] () -- C:\Users\*****\AppData\Local\PUTTY.RND
[2012.11.21 23:21:05 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll
[2012.11.21 23:21:05 | 000,015,416 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2012.11.21 23:21:05 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.11.15 16:20:54 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012.11.14 19:06:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 19:06:59 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.12.03 00:03:09 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2012.12.03 00:02:08 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2012.12.02 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.02 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.02 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.02 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.02 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.01 20:20:46 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2012.11.21 23:23:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.11.21 23:23:35 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.11.20 09:01:52 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012.11.17 23:12:10 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.11.16 13:11:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 13:06:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 22:31:15 | 000,001,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk
[2012.11.14 22:36:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012.11.14 22:07:00 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2012.11.14 22:07:00 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2012.11.14 22:07:00 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2012.11.14 20:52:06 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2012.11.14 20:50:48 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2012.11.14 20:46:34 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012.11.14 20:46:07 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.11.14 20:09:41 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2012.11.14 20:09:18 | 000,001,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
[2012.11.14 20:09:02 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012.11.14 20:08:42 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.11.14 20:07:40 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.11.14 20:07:38 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.11.14 20:07:22 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.11.14 19:19:12 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2012.10.10 14:49:29 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Local\PUTTY.RND
[2012.10.07 23:44:40 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.10.07 23:44:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.10.07 23:44:33 | 000,037,513 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.10.07 23:44:24 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2012.10.07 23:40:30 | 000,007,188 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.10.07 01:49:17 | 000,000,332 | ---- | C] () -- C:\Users\*****\SciTE.session
[2012.10.06 08:42:41 | 000,007,606 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012.10.06 08:14:07 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.06 08:13:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.05 23:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.24 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon
[2012.12.01 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2012.11.17 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.11.19 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.11.14 22:48:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2012.12.02 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox
[2012.11.26 14:18:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.11.21 17:51:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice
[2012.12.03 00:04:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nettalk
[2012.11.16 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2012.10.05 23:41:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2012.12.01 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Roni Music
[2012.11.14 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.10.09 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2012.10.05 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2012.12.02 23:54:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:aWucimsIRjTIMuuUuCtzLXHiVGs
@Alternate Data Stream - 1149 bytes -> C:\Users\*****\AppData\Local\uvUzpyhhIja:DBGonlGMksOwm7cjpVhGBqXqB
@Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:8dQf1KHfAltBKxJKR8rdMyqQ

< End of report >
         
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.12.2012 00:04:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,73% Memory free
15,92 Gb Paging File | 14,39 Gb Available in Paging File | 90,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 38,64 Gb Free Space | 38,68% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 683,46 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive E: | 93,99 Gb Total Space | 93,90 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1768,93 Gb Total Space | 1343,81 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
 
Computer Name: *****SPC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078BF4CF-E043-4DEB-9B43-B0143A0523B4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0842347E-CF96-4D80-BBC8-C85CDA77B023}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12E64484-54E1-4517-B279-EE28D3BB2BBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2166F564-A03A-42F2-A71E-6F0C1C3F6B0C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{313D82E4-8CBE-4C78-A0CC-25126AF10632}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32913AB2-FDE6-4B3E-B6B8-CA0F6B04AC2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34B79B1C-6353-4A43-9B5B-EDCFFB7E3E70}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3C3B7ED3-3317-423F-A7A8-7E5952A928BC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3CE01325-B938-4389-A4E2-6AE9B5956397}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{46DB5FE9-89E8-47BD-AC5D-34244ACE4F7C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{64193C10-D820-4E62-A03B-29C4B3A0B7B9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9C576E1B-5A21-4A3B-9DAE-6336F29224B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A963D44D-0289-4531-A5F6-6B8786209DD7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ACC6D569-BB6F-4940-8DE9-5560BD1C892F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BA686935-F419-46D4-BF39-F57E6CB2E895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9370CDD-B350-4AC6-971C-0A1016F80904}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DBB91DDE-9CA1-4419-BD9F-C36B874EC512}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EDE197A3-A652-4067-B9F8-C073AF1F311C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EEE6F6C1-B96B-4793-AFF5-72DBBC83C683}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F735079D-D85A-458A-A5B7-98B1D2DCD374}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FEFF8103-394C-49B2-84DB-D47237458CA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B1E1D7-9E19-4A3C-B4D9-EF94D5486FFF}" = protocol=6 | dir=out | app=system | 
"{0A2F0E1F-555F-43DD-936B-82D17BC93501}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1EB90DB1-CA3D-4AAA-9E87-3508698FE886}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{25C6DC92-2561-4F67-B4CD-E0D69DE3806C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E996DC8-BEA3-4EC9-9986-F33B408D5F44}" = protocol=17 | dir=in | app=d:\programme\utorrent\utorrent.exe | 
"{35C39396-479A-40A2-844D-AEF0CC1A1A99}" = protocol=6 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe | 
"{379EFF94-842D-4B6A-A366-3E9A0DBCF365}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{383D0AF8-B0A0-4CB0-8C0D-306152EA7692}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{39DA69F6-F978-43AE-A3BA-C25465576595}" = protocol=6 | dir=in | app=d:\programme\utorrent\utorrent.exe | 
"{3F72D32E-DD15-464E-837A-5B93329363A9}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{43FFC225-4FDF-49E3-88A4-CB644F0D5CBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{454F7D1A-4122-4D3F-8117-1D398E4C8BC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{530C708B-AB24-421B-A766-E4FAB47965B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{58B7120A-C3F6-4834-96D5-DA69B89A5F9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5B3CC59F-E6BD-4B73-8D2A-FC745F5092C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{78B8850C-6EA7-477F-B1AC-80EFC24382DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A0A014A-AF2C-4AAB-86B0-7496BD4BB167}" = protocol=6 | dir=in | app=d:\programme\origin games\battlefield 3\bf3.exe | 
"{7E241A9D-CB1B-4783-87FF-FDA2F9EA8782}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{830BE7F4-C424-41B0-A41E-A7FA60F982F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{92F5D16D-FC0D-4C48-B0A4-B4D13B64A54F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{93990FCB-07D1-46B7-BA68-3CC11DD00A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98B1298C-FA27-4239-991D-F53FEC632BB2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A64CAE97-824F-4D1F-80A7-C8C75BEB48D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7DB77C4-16EF-48CC-8CDA-4323495D841F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AE77738C-6794-4C80-AEE7-F4196A946878}" = protocol=17 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe | 
"{B9BB67EB-4636-4494-9EC1-4E8C43BC74D7}" = protocol=17 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe | 
"{BA7DFCAF-4395-4158-AF3D-C27FC431C533}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{BE228CF6-32BA-4EA8-95DA-07A8DAF0FC86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BFB57565-0D1D-4688-A1F1-36147CCCC725}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C27396A8-0110-4174-8662-98A80E47DB6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4A1B32B-22FD-40ED-A455-F3D066043B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C83CCF96-2E02-451B-BCDC-A70159036536}" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{CC818797-C05A-4B4A-AD9F-BC51ECB3D3CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D15C8E63-69EC-494C-AF1E-5D63283D3334}" = protocol=17 | dir=in | app=d:\programme\origin games\battlefield 3\bf3.exe | 
"{D4F2AD35-F09B-4D9C-97E4-5B2D35634C22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D6DA4BD7-C4A6-43C6-801F-D2A7167E4D79}" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{E5A1BB83-C7D4-4B00-AC63-A033D214A236}" = protocol=6 | dir=in | app=d:\programme\hauppauge\wintv\wintv7\wintv7.exe | 
"{E7934C3D-DE26-430D-84D9-8FDBF3F6715E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EB66313C-54AF-4E3D-A538-0A8B2920FB8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FCEA371A-71D8-43B7-95C9-657605092EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEB12B1C-2AE3-4876-B015-6232503D7B92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{34B9585A-32CA-4AF1-8805-731F4928537B}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{61C00CA8-421E-44DE-9EFB-187D4D8B15E1}G:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{7FC04818-804E-4401-900E-A3E8C6DC94B1}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe | 
"TCP Query User{96C78E79-67D7-46DF-B03C-E3B036787505}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{A2069BCE-5B3E-453D-A490-FAEE9A9190B6}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{70249A02-C2B4-40A4-BC12-74F19B20C1AF}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{765B3F03-628C-47FF-85B1-5145BD0915EC}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe | 
"UDP Query User{A5AE6585-DD75-4A8E-A12E-CC90209A019D}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D9E55894-D4EA-4D40-95C1-777D8FE8134D}G:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{DE2C2123-5A9C-491F-903B-C73410328EF7}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoItv3" = AutoIt v3.3.8.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0
"Fraps" = Fraps (remove only)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 18.0 (x86 de)" = Mozilla Thunderbird 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"Notepad++" = Notepad++
"Origin" = Origin
"PuTTY_is1" = PuTTY version 0.62
"uTorrent" = µTorrent
"xampp" = XAMPP 1.8.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.11.2012 16:37:48 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015
 
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
 
Error - 30.11.2012 16:37:49 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
 
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
 
Error - 30.11.2012 16:37:50 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
 
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13011
 
Error - 30.11.2012 16:37:51 | Computer Name = *****sPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13011
 
[ System Events ]
Error - 02.12.2012 10:43:17 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 02.12.2012 10:43:20 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 02.12.2012 10:43:23 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 02.12.2012 10:43:25 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 02.12.2012 10:43:28 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 02.12.2012 10:43:31 | Computer Name = *****sPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 02.12.2012 11:57:23 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 02.12.2012 12:00:08 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 02.12.2012 12:02:01 | Computer Name = *****sPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.12.2012 12:02:28 | Computer Name = *****sPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         
--- --- ---


Falls noch Fragen offen sind, bitte bescheidgeben, danke.

Viele Grüße,
Weesel

Geändert von Weesel (02.12.2012 um 23:55 Uhr)

Alt 03.12.2012, 14:57   #2
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 03.12.2012, 15:13   #3
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hi markusg,

danke für deine Antwort.
Hier der Inhalt des tdsskiller-logs:

Code:
ATTFilter
16:09:31.0839 4316  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:09:32.0011 4316  ============================================================
16:09:32.0011 4316  Current date / time: 2012/12/03 16:09:32.0011
16:09:32.0011 4316  SystemInfo:
16:09:32.0011 4316  
16:09:32.0011 4316  OS Version: 6.1.7601 ServicePack: 1.0
16:09:32.0011 4316  Product type: Workstation
16:09:32.0011 4316  ComputerName: *****SPC
16:09:32.0011 4316  UserName: *****
16:09:32.0011 4316  Windows directory: C:\Windows
16:09:32.0011 4316  System windows directory: C:\Windows
16:09:32.0011 4316  Running under WOW64
16:09:32.0011 4316  Processor architecture: Intel x64
16:09:32.0011 4316  Number of processors: 8
16:09:32.0011 4316  Page size: 0x1000
16:09:32.0011 4316  Boot type: Normal boot
16:09:32.0011 4316  ============================================================
16:09:33.0461 4316  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:33.0461 4316  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:33.0461 4316  ============================================================
16:09:33.0461 4316  \Device\Harddisk0\DR0:
16:09:33.0461 4316  MBR partitions:
16:09:33.0461 4316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:09:33.0461 4316  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
16:09:33.0461 4316  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x67F05000
16:09:33.0461 4316  \Device\Harddisk1\DR1:
16:09:33.0461 4316  MBR partitions:
16:09:33.0461 4316  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:09:33.0461 4316  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDD1DA800
16:09:33.0461 4316  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xDD20D000, BlocksNum 0xBBFA800
16:09:33.0461 4316  ============================================================
16:09:33.0477 4316  C: <-> \Device\Harddisk0\DR0\Partition2
16:09:33.0493 4316  D: <-> \Device\Harddisk0\DR0\Partition3
16:09:33.0524 4316  G: <-> \Device\Harddisk1\DR1\Partition2
16:09:33.0539 4316  E: <-> \Device\Harddisk1\DR1\Partition3
16:09:33.0539 4316  ============================================================
16:09:33.0539 4316  Initialize success
16:09:33.0539 4316  ============================================================
16:10:13.0631 4496  ============================================================
16:10:13.0631 4496  Scan started
16:10:13.0631 4496  Mode: Manual; SigCheck; TDLFS; 
16:10:13.0631 4496  ============================================================
16:10:14.0443 4496  ================ Scan system memory ========================
16:10:14.0443 4496  System memory - ok
16:10:14.0443 4496  ================ Scan services =============================
16:10:14.0661 4496  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:10:14.0895 4496  1394ohci - ok
16:10:14.0911 4496  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:10:14.0926 4496  ACPI - ok
16:10:14.0957 4496  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:10:15.0035 4496  AcpiPmi - ok
16:10:15.0098 4496  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:10:15.0129 4496  AdobeARMservice - ok
16:10:15.0223 4496  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:15.0254 4496  AdobeFlashPlayerUpdateSvc - ok
16:10:15.0301 4496  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:10:15.0363 4496  adp94xx - ok
16:10:15.0363 4496  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:10:15.0379 4496  adpahci - ok
16:10:15.0379 4496  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:10:15.0394 4496  adpu320 - ok
16:10:15.0410 4496  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:10:15.0519 4496  AeLookupSvc - ok
16:10:15.0566 4496  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:10:15.0628 4496  AFD - ok
16:10:15.0644 4496  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:10:15.0675 4496  agp440 - ok
16:10:15.0675 4496  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:10:15.0737 4496  ALG - ok
16:10:15.0769 4496  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:10:15.0784 4496  aliide - ok
16:10:15.0800 4496  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:10:15.0878 4496  AMD External Events Utility - ok
16:10:15.0893 4496  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:10:15.0909 4496  amdide - ok
16:10:15.0925 4496  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:10:15.0971 4496  AmdK8 - ok
16:10:16.0112 4496  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:16.0346 4496  amdkmdag - ok
16:10:16.0361 4496  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:10:16.0377 4496  amdkmdap - ok
16:10:16.0408 4496  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:10:16.0439 4496  AmdPPM - ok
16:10:16.0455 4496  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:10:16.0486 4496  amdsata - ok
16:10:16.0486 4496  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:10:16.0517 4496  amdsbs - ok
16:10:16.0533 4496  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:10:16.0549 4496  amdxata - ok
16:10:16.0595 4496  [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:10:16.0627 4496  AntiVirSchedulerService - ok
16:10:16.0642 4496  [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:10:16.0658 4496  AntiVirService - ok
16:10:16.0705 4496  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:10:16.0923 4496  AppID - ok
16:10:16.0939 4496  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:10:17.0001 4496  AppIDSvc - ok
16:10:17.0032 4496  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:10:17.0110 4496  Appinfo - ok
16:10:17.0157 4496  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:17.0173 4496  Apple Mobile Device - ok
16:10:17.0219 4496  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:10:17.0251 4496  arc - ok
16:10:17.0251 4496  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:10:17.0266 4496  arcsas - ok
16:10:17.0313 4496  [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
16:10:17.0344 4496  AsIO - ok
16:10:17.0360 4496  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:17.0407 4496  AsyncMac - ok
16:10:17.0422 4496  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:10:17.0438 4496  atapi - ok
16:10:17.0453 4496  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:10:17.0469 4496  AtiHDAudioService - ok
16:10:17.0516 4496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:10:17.0625 4496  AudioEndpointBuilder - ok
16:10:17.0656 4496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:10:17.0672 4496  AudioSrv - ok
16:10:17.0687 4496  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:10:17.0687 4496  avgntflt - ok
16:10:17.0719 4496  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:10:17.0750 4496  avipbb - ok
16:10:17.0765 4496  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:10:17.0781 4496  avkmgr - ok
16:10:17.0812 4496  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:10:17.0937 4496  AxInstSV - ok
16:10:17.0953 4496  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:10:17.0984 4496  b06bdrv - ok
16:10:18.0015 4496  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:18.0046 4496  b57nd60a - ok
16:10:18.0093 4496  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:10:18.0140 4496  BDESVC - ok
16:10:18.0155 4496  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:10:18.0218 4496  Beep - ok
16:10:18.0265 4496  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:10:18.0311 4496  BFE - ok
16:10:18.0327 4496  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
16:10:18.0374 4496  BITS - ok
16:10:18.0389 4496  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:18.0405 4496  blbdrive - ok
16:10:18.0467 4496  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:10:18.0483 4496  Bonjour Service - ok
16:10:18.0514 4496  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:10:18.0545 4496  bowser - ok
16:10:18.0561 4496  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:10:18.0623 4496  BrFiltLo - ok
16:10:18.0623 4496  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:10:18.0655 4496  BrFiltUp - ok
16:10:18.0655 4496  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:10:18.0701 4496  BridgeMP - ok
16:10:18.0717 4496  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:10:18.0748 4496  Browser - ok
16:10:18.0748 4496  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:10:18.0795 4496  Brserid - ok
16:10:18.0795 4496  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:18.0826 4496  BrSerWdm - ok
16:10:18.0826 4496  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:18.0842 4496  BrUsbMdm - ok
16:10:18.0842 4496  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:18.0857 4496  BrUsbSer - ok
16:10:18.0873 4496  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:10:18.0889 4496  BTHMODEM - ok
16:10:18.0904 4496  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:10:18.0935 4496  bthserv - ok
16:10:18.0951 4496  catchme - ok
16:10:18.0967 4496  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:10:18.0982 4496  cdfs - ok
16:10:19.0013 4496  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:10:19.0045 4496  cdrom - ok
16:10:19.0076 4496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:10:19.0138 4496  CertPropSvc - ok
16:10:19.0138 4496  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:10:19.0201 4496  circlass - ok
16:10:19.0201 4496  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:10:19.0232 4496  CLFS - ok
16:10:19.0294 4496  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:19.0341 4496  clr_optimization_v2.0.50727_32 - ok
16:10:19.0372 4496  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:19.0403 4496  clr_optimization_v2.0.50727_64 - ok
16:10:19.0450 4496  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:19.0528 4496  clr_optimization_v4.0.30319_32 - ok
16:10:19.0559 4496  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:19.0575 4496  clr_optimization_v4.0.30319_64 - ok
16:10:19.0591 4496  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:19.0622 4496  CmBatt - ok
16:10:19.0653 4496  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:10:19.0669 4496  cmdide - ok
16:10:19.0700 4496  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:10:19.0747 4496  CNG - ok
16:10:19.0762 4496  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:10:19.0762 4496  Compbatt - ok
16:10:19.0793 4496  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:10:19.0840 4496  CompositeBus - ok
16:10:19.0856 4496  COMSysApp - ok
16:10:19.0871 4496  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:10:19.0887 4496  crcdisk - ok
16:10:19.0918 4496  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:10:19.0949 4496  CryptSvc - ok
16:10:19.0981 4496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:10:20.0043 4496  DcomLaunch - ok
16:10:20.0074 4496  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:10:20.0105 4496  defragsvc - ok
16:10:20.0137 4496  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:10:20.0168 4496  DfsC - ok
16:10:20.0199 4496  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:10:20.0261 4496  Dhcp - ok
16:10:20.0277 4496  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:10:20.0324 4496  discache - ok
16:10:20.0339 4496  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:10:20.0355 4496  Disk - ok
16:10:20.0386 4496  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:10:20.0433 4496  Dnscache - ok
16:10:20.0464 4496  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:10:20.0527 4496  dot3svc - ok
16:10:20.0558 4496  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:10:20.0620 4496  DPS - ok
16:10:20.0667 4496  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:10:20.0683 4496  drmkaud - ok
16:10:20.0714 4496  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:10:20.0745 4496  DXGKrnl - ok
16:10:20.0761 4496  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:10:20.0792 4496  EapHost - ok
16:10:20.0823 4496  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:10:20.0917 4496  ebdrv - ok
16:10:20.0948 4496  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:10:20.0963 4496  EFS - ok
16:10:21.0010 4496  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:10:21.0073 4496  ehRecvr - ok
16:10:21.0104 4496  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:10:21.0151 4496  ehSched - ok
16:10:21.0166 4496  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:10:21.0197 4496  elxstor - ok
16:10:21.0229 4496  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:10:21.0260 4496  ErrDev - ok
16:10:21.0275 4496  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:10:21.0338 4496  EventSystem - ok
16:10:21.0338 4496  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:10:21.0369 4496  exfat - ok
16:10:21.0369 4496  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:10:21.0416 4496  fastfat - ok
16:10:21.0447 4496  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:10:21.0463 4496  Fax - ok
16:10:21.0463 4496  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:10:21.0478 4496  fdc - ok
16:10:21.0494 4496  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:10:21.0525 4496  fdPHost - ok
16:10:21.0525 4496  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:10:21.0556 4496  FDResPub - ok
16:10:21.0572 4496  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:10:21.0587 4496  FileInfo - ok
16:10:21.0603 4496  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:10:21.0681 4496  Filetrace - ok
16:10:21.0681 4496  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:10:21.0697 4496  flpydisk - ok
16:10:21.0728 4496  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:10:21.0775 4496  FltMgr - ok
16:10:22.0976 4496  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:10:23.0054 4496  FontCache - ok
16:10:23.0085 4496  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:23.0116 4496  FontCache3.0.0.0 - ok
16:10:23.0132 4496  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:10:23.0147 4496  FsDepends - ok
16:10:23.0179 4496  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:10:23.0194 4496  Fs_Rec - ok
16:10:23.0225 4496  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:10:23.0257 4496  fvevol - ok
16:10:23.0272 4496  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:10:23.0288 4496  gagp30kx - ok
16:10:23.0319 4496  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:10:23.0335 4496  GEARAspiWDM - ok
16:10:23.0366 4496  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:10:23.0444 4496  gpsvc - ok
16:10:23.0537 4496  [ CCEEE2B29DC6A6F6F702D282CA407033 ] HauppaugeTVServer D:\Programme\Hauppauge\WinTV\TVServer\HauppaugeTVServer.exe
16:10:23.0569 4496  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
16:10:23.0569 4496  HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
16:10:23.0584 4496  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:10:23.0631 4496  hcw85cir - ok
16:10:23.0678 4496  [ C4A20A7C685FE8EB60ED9564F25DE298 ] hcw95bda        C:\Windows\system32\Drivers\hcw95bda.sys
16:10:23.0725 4496  hcw95bda - ok
16:10:23.0740 4496  [ F6EFDCF33CD1CB40F3F623CF9E077D1F ] hcw95rc         C:\Windows\system32\DRIVERS\hcw95rc.sys
16:10:23.0771 4496  hcw95rc - ok
16:10:23.0803 4496  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:10:23.0849 4496  HdAudAddService - ok
16:10:23.0865 4496  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:10:23.0896 4496  HDAudBus - ok
16:10:23.0912 4496  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:10:23.0927 4496  HECIx64 - ok
16:10:23.0943 4496  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:10:23.0959 4496  HidBatt - ok
16:10:23.0974 4496  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:10:23.0990 4496  HidBth - ok
16:10:24.0005 4496  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:10:24.0037 4496  HidIr - ok
16:10:24.0068 4496  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
16:10:24.0115 4496  hidserv - ok
16:10:24.0115 4496  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:10:24.0130 4496  HidUsb - ok
16:10:24.0161 4496  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:10:24.0193 4496  hkmsvc - ok
16:10:24.0224 4496  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:10:24.0271 4496  HomeGroupListener - ok
16:10:24.0286 4496  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:10:24.0317 4496  HomeGroupProvider - ok
16:10:24.0333 4496  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:10:24.0349 4496  HpSAMD - ok
16:10:24.0364 4496  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:10:24.0442 4496  HTTP - ok
16:10:24.0458 4496  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:10:24.0473 4496  hwpolicy - ok
16:10:24.0489 4496  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:10:24.0505 4496  i8042prt - ok
16:10:24.0520 4496  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:10:24.0536 4496  iaStorV - ok
16:10:24.0551 4496  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:24.0614 4496  idsvc - ok
16:10:24.0614 4496  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:10:24.0629 4496  iirsp - ok
16:10:24.0645 4496  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:10:24.0707 4496  IKEEXT - ok
16:10:24.0707 4496  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:10:24.0723 4496  intelide - ok
16:10:24.0739 4496  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:10:24.0754 4496  intelppm - ok
16:10:24.0770 4496  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:10:24.0817 4496  IPBusEnum - ok
16:10:24.0848 4496  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:24.0910 4496  IpFilterDriver - ok
16:10:24.0926 4496  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:10:24.0988 4496  iphlpsvc - ok
16:10:25.0004 4496  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:10:25.0051 4496  IPMIDRV - ok
16:10:25.0066 4496  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:10:25.0129 4496  IPNAT - ok
16:10:25.0222 4496  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:10:25.0285 4496  iPod Service - ok
16:10:25.0300 4496  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:10:25.0394 4496  IRENUM - ok
16:10:25.0441 4496  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:10:25.0456 4496  isapnp - ok
16:10:25.0519 4496  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:10:25.0550 4496  iScsiPrt - ok
16:10:25.0581 4496  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:10:25.0597 4496  kbdclass - ok
16:10:25.0612 4496  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:10:25.0659 4496  kbdhid - ok
16:10:25.0659 4496  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:10:25.0690 4496  KeyIso - ok
16:10:25.0706 4496  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:10:25.0737 4496  KSecDD - ok
16:10:25.0753 4496  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:10:25.0768 4496  KSecPkg - ok
16:10:25.0784 4496  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:10:25.0831 4496  ksthunk - ok
16:10:25.0846 4496  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:10:25.0893 4496  KtmRm - ok
16:10:25.0924 4496  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:10:25.0955 4496  LanmanServer - ok
16:10:25.0987 4496  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:10:26.0018 4496  LanmanWorkstation - ok
16:10:26.0033 4496  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:10:26.0065 4496  lltdio - ok
16:10:26.0096 4496  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:10:26.0174 4496  lltdsvc - ok
16:10:26.0174 4496  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:10:26.0205 4496  lmhosts - ok
16:10:26.0221 4496  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:10:26.0236 4496  LSI_FC - ok
16:10:26.0236 4496  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:10:26.0252 4496  LSI_SAS - ok
16:10:26.0252 4496  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:10:26.0267 4496  LSI_SAS2 - ok
16:10:26.0267 4496  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:10:26.0283 4496  LSI_SCSI - ok
16:10:26.0283 4496  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:10:26.0314 4496  luafv - ok
16:10:26.0330 4496  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:10:26.0345 4496  MBAMProtector - ok
16:10:26.0392 4496  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:10:26.0423 4496  MBAMScheduler - ok
16:10:26.0455 4496  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:10:26.0470 4496  MBAMService - ok
16:10:26.0486 4496  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:10:26.0517 4496  Mcx2Svc - ok
16:10:26.0533 4496  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:10:26.0548 4496  megasas - ok
16:10:26.0564 4496  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:10:26.0579 4496  MegaSR - ok
16:10:26.0595 4496  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:10:26.0626 4496  MMCSS - ok
16:10:26.0626 4496  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:10:26.0657 4496  Modem - ok
16:10:26.0673 4496  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:10:26.0689 4496  monitor - ok
16:10:26.0720 4496  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:10:26.0735 4496  mouclass - ok
16:10:26.0735 4496  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:10:26.0751 4496  mouhid - ok
16:10:26.0782 4496  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:10:26.0813 4496  mountmgr - ok
16:10:26.0860 4496  [ 45A25F0152975F2181F12F56E81CF22D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:10:26.0891 4496  MozillaMaintenance - ok
16:10:26.0923 4496  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:10:26.0954 4496  mpio - ok
16:10:26.0969 4496  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:10:27.0032 4496  mpsdrv - ok
16:10:27.0047 4496  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:10:27.0110 4496  MpsSvc - ok
16:10:27.0141 4496  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:10:27.0188 4496  MRxDAV - ok
16:10:27.0203 4496  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:27.0235 4496  mrxsmb - ok
16:10:27.0266 4496  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:27.0281 4496  mrxsmb10 - ok
16:10:27.0313 4496  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:27.0328 4496  mrxsmb20 - ok
16:10:27.0344 4496  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:10:27.0359 4496  msahci - ok
16:10:27.0375 4496  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:10:27.0391 4496  msdsm - ok
16:10:27.0422 4496  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:10:27.0437 4496  MSDTC - ok
16:10:27.0453 4496  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:10:27.0500 4496  Msfs - ok
16:10:27.0500 4496  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:10:27.0547 4496  mshidkmdf - ok
16:10:27.0562 4496  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:10:27.0593 4496  msisadrv - ok
16:10:27.0656 4496  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:10:27.0718 4496  MSiSCSI - ok
16:10:27.0718 4496  msiserver - ok
16:10:27.0734 4496  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:10:27.0765 4496  MSKSSRV - ok
16:10:27.0796 4496  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:27.0859 4496  MSPCLOCK - ok
16:10:27.0859 4496  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:10:27.0890 4496  MSPQM - ok
16:10:27.0921 4496  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:10:27.0952 4496  MsRPC - ok
16:10:27.0968 4496  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:10:27.0983 4496  mssmbios - ok
16:10:27.0983 4496  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:10:28.0030 4496  MSTEE - ok
16:10:28.0030 4496  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:10:28.0046 4496  MTConfig - ok
16:10:28.0077 4496  [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
16:10:28.0108 4496  MTsensor - ok
16:10:28.0108 4496  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:10:28.0139 4496  Mup - ok
16:10:28.0155 4496  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:10:28.0202 4496  napagent - ok
16:10:28.0233 4496  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:10:28.0249 4496  NativeWifiP - ok
16:10:28.0295 4496  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:10:28.0327 4496  NDIS - ok
16:10:28.0342 4496  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:10:28.0373 4496  NdisCap - ok
16:10:28.0405 4496  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:28.0451 4496  NdisTapi - ok
16:10:28.0467 4496  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:28.0514 4496  Ndisuio - ok
16:10:28.0529 4496  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:28.0561 4496  NdisWan - ok
16:10:28.0592 4496  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:10:28.0623 4496  NDProxy - ok
16:10:28.0623 4496  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:10:28.0654 4496  NetBIOS - ok
16:10:28.0685 4496  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:10:28.0717 4496  NetBT - ok
16:10:28.0717 4496  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:10:28.0732 4496  Netlogon - ok
16:10:28.0763 4496  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:10:28.0810 4496  Netman - ok
16:10:28.0826 4496  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:10:28.0857 4496  netprofm - ok
16:10:28.0873 4496  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:10:28.0888 4496  NetTcpPortSharing - ok
16:10:28.0919 4496  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:10:28.0919 4496  nfrd960 - ok
16:10:28.0951 4496  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:10:28.0997 4496  NlaSvc - ok
16:10:29.0013 4496  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:10:29.0060 4496  Npfs - ok
16:10:29.0075 4496  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:10:29.0122 4496  nsi - ok
16:10:29.0138 4496  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:10:29.0169 4496  nsiproxy - ok
16:10:29.0216 4496  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:10:29.0294 4496  Ntfs - ok
16:10:29.0294 4496  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:10:29.0325 4496  Null - ok
16:10:29.0372 4496  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:10:29.0372 4496  nvraid - ok
16:10:29.0387 4496  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:10:29.0403 4496  nvstor - ok
16:10:29.0419 4496  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:10:29.0434 4496  nv_agp - ok
16:10:29.0450 4496  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:10:29.0465 4496  ohci1394 - ok
16:10:29.0481 4496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:10:29.0512 4496  p2pimsvc - ok
16:10:29.0528 4496  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:10:29.0528 4496  p2psvc - ok
16:10:29.0559 4496  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:10:29.0575 4496  Parport - ok
16:10:29.0606 4496  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:10:29.0621 4496  partmgr - ok
16:10:29.0621 4496  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:10:29.0653 4496  PcaSvc - ok
16:10:29.0653 4496  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:10:29.0668 4496  pci - ok
16:10:29.0684 4496  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:10:29.0699 4496  pciide - ok
16:10:29.0699 4496  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:10:29.0715 4496  pcmcia - ok
16:10:29.0731 4496  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:10:29.0731 4496  pcw - ok
16:10:29.0762 4496  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:10:29.0793 4496  PEAUTH - ok
16:10:29.0918 4496  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:10:29.0949 4496  PerfHost - ok
16:10:30.0043 4496  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:10:30.0121 4496  pla - ok
16:10:30.0152 4496  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:10:30.0230 4496  PlugPlay - ok
16:10:30.0245 4496  PnkBstrA - ok
16:10:30.0261 4496  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:10:30.0292 4496  PNRPAutoReg - ok
16:10:30.0323 4496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:10:30.0339 4496  PNRPsvc - ok
16:10:30.0386 4496  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:10:30.0464 4496  PolicyAgent - ok
16:10:30.0479 4496  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:10:30.0511 4496  Power - ok
16:10:30.0542 4496  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:10:30.0573 4496  PptpMiniport - ok
16:10:30.0589 4496  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:10:30.0620 4496  Processor - ok
16:10:30.0620 4496  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:10:30.0667 4496  ProfSvc - ok
16:10:30.0667 4496  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:10:30.0682 4496  ProtectedStorage - ok
16:10:30.0713 4496  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:10:30.0760 4496  Psched - ok
16:10:30.0776 4496  [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:10:30.0791 4496  PxHlpa64 - ok
16:10:30.0823 4496  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:10:30.0869 4496  ql2300 - ok
16:10:30.0885 4496  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:10:30.0885 4496  ql40xx - ok
16:10:30.0901 4496  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:10:30.0916 4496  QWAVE - ok
16:10:30.0932 4496  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:10:30.0947 4496  QWAVEdrv - ok
16:10:30.0947 4496  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:10:30.0979 4496  RasAcd - ok
16:10:31.0010 4496  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:10:31.0057 4496  RasAgileVpn - ok
16:10:31.0057 4496  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:10:31.0088 4496  RasAuto - ok
16:10:31.0103 4496  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:31.0135 4496  Rasl2tp - ok
16:10:31.0166 4496  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:10:31.0197 4496  RasMan - ok
16:10:31.0197 4496  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:31.0228 4496  RasPppoe - ok
16:10:31.0244 4496  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:10:31.0275 4496  RasSstp - ok
16:10:31.0291 4496  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:10:31.0337 4496  rdbss - ok
16:10:31.0353 4496  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:10:31.0369 4496  rdpbus - ok
16:10:31.0384 4496  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:31.0415 4496  RDPCDD - ok
16:10:31.0415 4496  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:10:31.0447 4496  RDPENCDD - ok
16:10:31.0462 4496  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:10:31.0493 4496  RDPREFMP - ok
16:10:31.0509 4496  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:10:31.0525 4496  RDPWD - ok
16:10:31.0556 4496  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:10:31.0603 4496  rdyboost - ok
16:10:31.0603 4496  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:10:31.0665 4496  RemoteAccess - ok
16:10:31.0665 4496  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:10:31.0696 4496  RemoteRegistry - ok
16:10:31.0712 4496  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:10:31.0774 4496  RpcEptMapper - ok
16:10:31.0790 4496  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:10:31.0805 4496  RpcLocator - ok
16:10:31.0821 4496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:10:31.0852 4496  RpcSs - ok
16:10:31.0868 4496  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:10:31.0883 4496  rspndr - ok
16:10:31.0899 4496  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:10:31.0915 4496  RTL8167 - ok
16:10:31.0930 4496  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:10:31.0930 4496  SamSs - ok
16:10:31.0946 4496  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:10:31.0961 4496  sbp2port - ok
16:10:31.0977 4496  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:10:32.0008 4496  SCardSvr - ok
16:10:32.0024 4496  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:10:32.0055 4496  scfilter - ok
16:10:32.0086 4496  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:10:32.0149 4496  Schedule - ok
16:10:32.0164 4496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:10:32.0195 4496  SCPolicySvc - ok
16:10:32.0211 4496  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:10:32.0258 4496  SDRSVC - ok
16:10:32.0273 4496  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:10:32.0336 4496  secdrv - ok
16:10:32.0367 4496  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:10:32.0429 4496  seclogon - ok
16:10:32.0445 4496  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
16:10:32.0461 4496  SENS - ok
16:10:32.0476 4496  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:10:32.0507 4496  SensrSvc - ok
16:10:32.0539 4496  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:10:32.0570 4496  Serenum - ok
16:10:32.0585 4496  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:10:32.0617 4496  Serial - ok
16:10:32.0663 4496  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:10:32.0695 4496  sermouse - ok
16:10:32.0726 4496  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:10:32.0804 4496  SessionEnv - ok
16:10:32.0819 4496  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:10:32.0851 4496  sffdisk - ok
16:10:32.0882 4496  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:10:32.0897 4496  sffp_mmc - ok
16:10:32.0913 4496  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:10:32.0944 4496  sffp_sd - ok
16:10:32.0944 4496  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:10:32.0975 4496  sfloppy - ok
16:10:32.0991 4496  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:10:33.0069 4496  SharedAccess - ok
16:10:33.0085 4496  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:10:33.0194 4496  ShellHWDetection - ok
16:10:33.0225 4496  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:10:33.0225 4496  SiSRaid2 - ok
16:10:33.0241 4496  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:10:33.0256 4496  SiSRaid4 - ok
16:10:33.0272 4496  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:10:33.0303 4496  Smb - ok
16:10:33.0334 4496  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:10:33.0365 4496  SNMPTRAP - ok
16:10:33.0365 4496  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:10:33.0381 4496  spldr - ok
16:10:33.0412 4496  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:10:33.0521 4496  Spooler - ok
16:10:33.0599 4496  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:10:33.0677 4496  sppsvc - ok
16:10:33.0677 4496  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:10:33.0724 4496  sppuinotify - ok
16:10:33.0740 4496  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:10:33.0755 4496  srv - ok
16:10:33.0787 4496  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:10:33.0818 4496  srv2 - ok
16:10:33.0818 4496  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:10:33.0833 4496  srvnet - ok
16:10:33.0865 4496  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:10:33.0880 4496  SSDPSRV - ok
16:10:33.0896 4496  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:10:33.0911 4496  SstpSvc - ok
16:10:33.0943 4496  Steam Client Service - ok
16:10:33.0958 4496  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:10:33.0974 4496  stexstor - ok
16:10:34.0021 4496  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:10:34.0067 4496  stisvc - ok
16:10:34.0099 4496  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:10:34.0114 4496  swenum - ok
16:10:34.0145 4496  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:10:34.0192 4496  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:10:34.0192 4496  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:10:34.0208 4496  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:10:34.0270 4496  swprv - ok
16:10:34.0317 4496  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:10:34.0379 4496  SysMain - ok
16:10:34.0411 4496  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:10:34.0442 4496  TabletInputService - ok
16:10:34.0473 4496  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:10:34.0551 4496  TapiSrv - ok
16:10:34.0551 4496  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:10:34.0582 4496  TBS - ok
16:10:34.0645 4496  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:10:34.0754 4496  Tcpip - ok
16:10:34.0785 4496  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:10:34.0801 4496  TCPIP6 - ok
16:10:34.0832 4496  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:10:34.0847 4496  tcpipreg - ok
16:10:34.0847 4496  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:10:34.0863 4496  TDPIPE - ok
16:10:34.0879 4496  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:10:34.0910 4496  TDTCP - ok
16:10:34.0925 4496  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:10:34.0957 4496  tdx - ok
16:10:34.0972 4496  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:10:34.0972 4496  TermDD - ok
16:10:35.0003 4496  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:10:35.0081 4496  TermService - ok
16:10:35.0081 4496  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:10:35.0113 4496  Themes - ok
16:10:35.0128 4496  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:10:35.0144 4496  THREADORDER - ok
16:10:35.0175 4496  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:10:35.0206 4496  TrkWks - ok
16:10:35.0237 4496  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:10:35.0300 4496  TrustedInstaller - ok
16:10:35.0315 4496  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:35.0347 4496  tssecsrv - ok
16:10:35.0347 4496  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:10:35.0393 4496  TsUsbFlt - ok
16:10:35.0425 4496  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:10:35.0487 4496  tunnel - ok
16:10:35.0503 4496  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:10:35.0503 4496  uagp35 - ok
16:10:35.0518 4496  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:10:35.0581 4496  udfs - ok
16:10:35.0596 4496  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:10:35.0612 4496  UI0Detect - ok
16:10:35.0627 4496  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:10:35.0643 4496  uliagpkx - ok
16:10:35.0659 4496  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:10:35.0674 4496  umbus - ok
16:10:35.0705 4496  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:10:35.0705 4496  UmPass - ok
16:10:35.0721 4496  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:10:35.0752 4496  upnphost - ok
16:10:35.0783 4496  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:10:35.0799 4496  usbaudio - ok
16:10:35.0799 4496  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:35.0815 4496  usbccgp - ok
16:10:35.0846 4496  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:10:35.0893 4496  usbcir - ok
16:10:35.0893 4496  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:10:35.0924 4496  usbehci - ok
16:10:35.0939 4496  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:10:35.0971 4496  usbhub - ok
16:10:35.0986 4496  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:10:36.0017 4496  usbohci - ok
16:10:36.0017 4496  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:10:36.0033 4496  usbprint - ok
16:10:36.0049 4496  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:36.0064 4496  USBSTOR - ok
16:10:36.0080 4496  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:10:36.0127 4496  usbuhci - ok
16:10:36.0127 4496  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:10:36.0189 4496  UxSms - ok
16:10:36.0205 4496  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:10:36.0205 4496  VaultSvc - ok
16:10:36.0220 4496  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:10:36.0236 4496  vdrvroot - ok
16:10:36.0329 4496  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:10:36.0376 4496  vds - ok
16:10:36.0423 4496  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:36.0439 4496  vga - ok
16:10:36.0454 4496  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:10:36.0517 4496  VgaSave - ok
16:10:36.0548 4496  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:10:36.0563 4496  vhdmp - ok
16:10:36.0579 4496  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:10:36.0579 4496  viaide - ok
16:10:36.0595 4496  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:10:36.0610 4496  volmgr - ok
16:10:36.0626 4496  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:10:36.0657 4496  volmgrx - ok
16:10:36.0673 4496  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:10:36.0688 4496  volsnap - ok
16:10:36.0704 4496  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:10:36.0719 4496  vsmraid - ok
16:10:36.0766 4496  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:10:36.0860 4496  VSS - ok
16:10:36.0875 4496  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:10:36.0907 4496  vwifibus - ok
16:10:36.0922 4496  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:10:37.0016 4496  W32Time - ok
16:10:37.0031 4496  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:10:37.0047 4496  WacomPen - ok
16:10:37.0078 4496  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:10:37.0125 4496  WANARP - ok
16:10:37.0125 4496  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:10:37.0156 4496  Wanarpv6 - ok
16:10:37.0187 4496  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:10:37.0250 4496  wbengine - ok
16:10:37.0265 4496  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:10:37.0281 4496  WbioSrvc - ok
16:10:37.0297 4496  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:10:37.0328 4496  wcncsvc - ok
16:10:37.0328 4496  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:10:37.0359 4496  WcsPlugInService - ok
16:10:37.0359 4496  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:10:37.0375 4496  Wd - ok
16:10:37.0406 4496  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:10:37.0453 4496  Wdf01000 - ok
16:10:37.0453 4496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:10:37.0515 4496  WdiServiceHost - ok
16:10:37.0515 4496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:10:37.0515 4496  WdiSystemHost - ok
16:10:37.0546 4496  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:10:37.0562 4496  WebClient - ok
16:10:37.0577 4496  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:10:37.0624 4496  Wecsvc - ok
16:10:37.0624 4496  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:10:37.0640 4496  wercplsupport - ok
16:10:37.0655 4496  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:10:37.0687 4496  WerSvc - ok
16:10:37.0687 4496  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:10:37.0718 4496  WfpLwf - ok
16:10:37.0718 4496  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:10:37.0733 4496  WIMMount - ok
16:10:37.0733 4496  WinDefend - ok
16:10:37.0733 4496  WinHttpAutoProxySvc - ok
16:10:37.0796 4496  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:10:37.0858 4496  Winmgmt - ok
16:10:37.0905 4496  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:10:38.0014 4496  WinRM - ok
16:10:38.0030 4496  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:10:38.0077 4496  Wlansvc - ok
16:10:38.0186 4496  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:10:38.0264 4496  wlidsvc - ok
16:10:38.0279 4496  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:10:38.0311 4496  WmiAcpi - ok
16:10:38.0326 4496  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:10:38.0373 4496  wmiApSrv - ok
16:10:38.0373 4496  WMPNetworkSvc - ok
16:10:38.0389 4496  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:10:38.0420 4496  WPCSvc - ok
16:10:38.0435 4496  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:10:38.0467 4496  WPDBusEnum - ok
16:10:38.0467 4496  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:10:38.0513 4496  ws2ifsl - ok
16:10:38.0529 4496  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
16:10:38.0545 4496  wscsvc - ok
16:10:38.0545 4496  WSearch - ok
16:10:38.0638 4496  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:10:38.0685 4496  wuauserv - ok
16:10:38.0701 4496  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:10:38.0732 4496  WudfPf - ok
16:10:38.0763 4496  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:38.0794 4496  WUDFRd - ok
16:10:38.0810 4496  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:10:38.0841 4496  wudfsvc - ok
16:10:38.0857 4496  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:10:38.0888 4496  WwanSvc - ok
16:10:38.0903 4496  ================ Scan global ===============================
16:10:38.0919 4496  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:10:38.0950 4496  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:10:38.0966 4496  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:10:38.0997 4496  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:10:39.0028 4496  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:10:39.0044 4496  [Global] - ok
16:10:39.0044 4496  ================ Scan MBR ==================================
16:10:39.0059 4496  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:10:39.0309 4496  \Device\Harddisk0\DR0 - ok
16:10:39.0309 4496  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:10:39.0637 4496  \Device\Harddisk1\DR1 - ok
16:10:39.0637 4496  ================ Scan VBR ==================================
16:10:39.0637 4496  [ 842A5C9346BFD0DAD4F6D8CD15EFB879 ] \Device\Harddisk0\DR0\Partition1
16:10:39.0637 4496  \Device\Harddisk0\DR0\Partition1 - ok
16:10:39.0652 4496  [ 8BC898FE452071C4B2A282532460B6AE ] \Device\Harddisk0\DR0\Partition2
16:10:39.0652 4496  \Device\Harddisk0\DR0\Partition2 - ok
16:10:39.0668 4496  [ 7EFE5AB21F44A76A26FDC4EB29CAC58F ] \Device\Harddisk0\DR0\Partition3
16:10:39.0668 4496  \Device\Harddisk0\DR0\Partition3 - ok
16:10:39.0668 4496  [ 7A77CAD574E1A8067F730D459818E44E ] \Device\Harddisk1\DR1\Partition1
16:10:39.0683 4496  \Device\Harddisk1\DR1\Partition1 - ok
16:10:39.0683 4496  [ A32D7B2E7BA0D340935D21D2924C4AD8 ] \Device\Harddisk1\DR1\Partition2
16:10:39.0683 4496  \Device\Harddisk1\DR1\Partition2 - ok
16:10:39.0683 4496  [ A601477977E48000405642CD63D1240B ] \Device\Harddisk1\DR1\Partition3
16:10:39.0683 4496  \Device\Harddisk1\DR1\Partition3 - ok
16:10:39.0683 4496  ============================================================
16:10:39.0683 4496  Scan finished
16:10:39.0683 4496  ============================================================
16:10:39.0699 4648  Detected object count: 2
16:10:39.0699 4648  Actual detected object count: 2
16:10:53.0411 4648  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:53.0411 4648  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:10:53.0411 4648  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:53.0411 4648  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:11:16.0918 4252  Deinitialize success
         
Grüße,
Weesel
__________________

Alt 03.12.2012, 15:43   #4
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.12.2012, 18:18   #5
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hi

als "benötigt" habe ich jetzt mal alle markiert, die ich irgendwie brauche, nutze und haben möchte.

Code:
ATTFilter
Adobe Acrobat XI Pro	Adobe Systems	14.11.2012	1,99GB	11.0.00					-notwendig
Adobe Acrobat XI Pro	Adobe Systems Incorporated	14.11.2012	1,33MB	11.0			-notwendig
Adobe After Effects CS6	Adobe Systems Incorporated	14.11.2012	2,25GB	11			-notwendig
Adobe AIR	Adobe Systems Incorporated	15.11.2012		3.5.0.600			-notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.11.2012	6,00MB	11.5.502.110	-notwendig
Adobe Help Manager	Adobe Systems Incorporated	14.11.2012		4.0.244			-notwendig
Adobe Illustrator CS6	Adobe Systems Incorporated	14.11.2012	2,74GB	16.0			-notwendig
Adobe InDesign CS6	Adobe Systems Incorporated	15.11.2012	2,33GB	8.0			-notwendig
Adobe Photoshop CS6	Adobe Systems Incorporated	14.11.2012	2,85GB	13.0			-notwendig
Adobe Premiere Pro CS6	Adobe Systems Incorporated	14.11.2012	2,67GB	6.0			-notwendig
Adobe® Content Viewer	Adobe Systems Incorporated	20.11.2012		2.9.0			-notwendig
Amazon MP3-Downloader 1.0.17	Amazon Services LLC	24.11.2012		1.0.17			-unnötig
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	06.10.2012	26,3MB	8.0.881.0	-notwendig
Apple Application Support	Apple Inc.	15.11.2012	65,0MB	2.3				-notwendig
Apple Mobile Device Support	Apple Inc.	09.10.2012	23,7MB	6.0.0.59			-notwendig
Apple Software Update	Apple Inc.	09.10.2012	2,38MB	2.1.3.127				-notwendig
AutoIt v3.3.8.1	AutoIt Team	07.10.2012								-unnötig (bzw. nur gaaanz selten gebraucht)
Avira Free Antivirus	Avira	27.11.2012	122MB	13.0.0.2832					-notwendig
Battlefield 3™	Electronic Arts	06.10.2012		1.4.0.0						-unnötig
Battlelog Web Plugins	EA Digital Illusions CE AB	06.10.2012		1.138.0			-unnötig
Bonjour	Apple Inc.	09.10.2012	2,00MB	3.0.0.10						-notwendig
CCleaner	Piriform	25.11.2012		3.25						-notwendig
Dropbox	Dropbox, Inc.	06.10.2012		1.4.17							-notwendig
ESN Sonar	ESN Social Software AB	06.10.2012		0.70.4					-unnötig
FileZilla Client 3.6.0	FileZilla Project	16.11.2012	17,0MB	3.6.0				-notwendig
Fraps (remove only)		06.10.2012								-unnötig
Grand Theft Auto IV	Rockstar Games	06.10.2012		1.00.0000				-notwendig (:P)
Hauppauge WinTV 7	Hauppauge Computer Works	07.10.2012		v7.0.30237 (CD 2.6)	-notwendig
iTunes	Apple Inc.	09.10.2012	182MB	10.7.0.21						-notwendig
LibreOffice 3.6	The Document Foundation	21.11.2012	379MB	3.6.3.2					-notwendig
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	02.12.2012	19,4MB	1.65.1.1000		-notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.10.2012	38,8MB	4.0.30319			-notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	06.10.2012	2,93MB	4.0.30319	-notwendig
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	06.10.2012	31,3MB	3.5.92.0		-notwendig
Microsoft Silverlight	Microsoft Corporation	08.10.2012	50,6MB	5.1.10411.0						-unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	06.10.2012	300KB	8.0.61001			-unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	14.11.2012	572KB	8.0.61000			-unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	14.11.2012	788KB	9.0.30729.4148	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.11.2012	788KB	9.0.30729.6161	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.10.2012	596KB	9.0.30729	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.11.2012	232KB	9.0.30729.4148	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	06.10.2012	600KB	9.0.30729.6161	-unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	16.11.2012	13,8MB	10.0.40219	-unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	06.10.2012	12,2MB	10.0.40219	-unbekannt
Mozilla Firefox 18.0 (x86 de)	Mozilla	02.12.2012	43,7MB	18.0		-notwendig
Mozilla Maintenance Service	Mozilla	02.12.2012	329KB	18.0		-notwendig
Mozilla Thunderbird 18.0 (x86 de)	Mozilla	02.12.2012	44,1MB	18.0	-notwendig
Nettalk 6.7	Nicolas Kruse	06.10.2012	5,70MB				-notwendig
Notepad++		16.11.2012		6.2.1				-notwendig
Origin	Electronic Arts, Inc.	05.10.2012		9.0.13.2142		-unnötig
PuTTY version 0.62	Simon Tatham	10.10.2012	3,43MB	0.62		-notwendig
QuickTime	Apple Inc.	15.11.2012	73,1MB	7.73.80.64		-notwendig
Steam	Valve Corporation	05.10.2012	35,4MB	1.0.0.0			-notwendig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	23.11.2012		3.0.6	-notwendig
Windows Live ID Sign-in Assistant	Microsoft Corporation	06.10.2012	10,0MB	6.500.3165.0	-notwendig
XAMPP 1.8.1		16.11.2012					-notwendig
µTorrent	BitTorrent Inc.	09.10.2012		3.2.1.28086	-notwendig
         


Alt 03.12.2012, 19:04   #6
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hi, es währe ja auch komisch, hättest du nicht benötigte als nötig markiert :-)

deinstaliere:
Amazon
Battlefield
Battlelog
ESN
Fraps
Origin

Öffne CCleaner, analysieren, starten, Pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Claro-Search Virus (?)

Alt 03.12.2012, 20:22   #7
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hallöchen

Hier die Logdatei von AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 03/12/2012 um 21:20:48 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****SPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\bprotector_prefs.js
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\searchplugins\mngr.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKU\S-1-5-21-328837541-1024666478-1337621746-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcw1svum.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : Standard-Benutzer [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117452&tt=481[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "30a5974a00000000000020cf30bbab81");
Gefunden : user_pref("extensions.claro.instlDay", "15675");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "irhnew");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1020:14:19");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117452&tt=4812_5&babsrc=KW_ss&mntrId=30[...]

*************************

AdwCleaner[R1].txt - [3691 octets] - [03/12/2012 21:20:48]

########## EOF - C:\AdwCleaner[R1].txt - [3751 octets] ##########
         

Alt 03.12.2012, 20:25   #8
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



hi


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.12.2012, 20:48   #9
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Moin

Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 03/12/2012 um 21:44:37 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****SPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\searchplugins\mngr.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcw1svum.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : Standard-Benutzer [Profil par défaut]
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\prefs.js

C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yym5pkfn.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117452&tt=481[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "30a5974a00000000000020cf30bbab81");
Gelöscht : user_pref("extensions.claro.instlDay", "15675");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1020:14:19");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117452&tt=4812_5&babsrc=KW_ss&mntrId=30[...]

*************************

AdwCleaner[S1].txt - [3633 octets] - [03/12/2012 21:44:37]

########## EOF - C:\AdwCleaner[S1].txt - [3693 octets] ##########
         

Alt 03.12.2012, 23:21   #10
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}affID=117452tt=4812_5babsrc=SP_ssmntrId=30a5974a00000000000020cf30bbab81

 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.12.2012, 23:31   #11
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Guten Morgen :P

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 58264 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: *****
->Flash cache emptied: 59853 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: *****
->Temp folder emptied: 2030851 bytes
->Temporary Internet Files folder emptied: 377302 bytes
->FireFox cache emptied: 256343498 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 247,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12042012_002749

Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\JET5ACC.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 03.12.2012, 23:49   #12
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hi,
Browser testen.
Teile mir mit, ob sie wieder funktionieren.
Wenn dem so ist:

lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.12.2012, 00:01   #13
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hi

Die Browser funktionieren einwandfrei.


Hier die Liste der Programme:
Hinter die Programme, hinter denen nichts steht, kann man sich ein "notwendig" denken :P
Code:
ATTFilter
Adobe Acrobat XI Pro	Adobe Systems	14.11.2012	1,99GB	11.0.00
Adobe Acrobat XI Pro	Adobe Systems Incorporated	14.11.2012	1,33MB	11.0
Adobe After Effects CS6	Adobe Systems Incorporated	14.11.2012	2,25GB	11
Adobe AIR	Adobe Systems Incorporated	15.11.2012		3.5.0.600
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.11.2012	6,00MB	11.5.502.110
Adobe Help Manager	Adobe Systems Incorporated	14.11.2012		4.0.244
Adobe Illustrator CS6	Adobe Systems Incorporated	14.11.2012	2,74GB	16.0
Adobe InDesign CS6	Adobe Systems Incorporated	15.11.2012	2,33GB	8.0
Adobe Photoshop CS6	Adobe Systems Incorporated	14.11.2012	2,85GB	13.0
Adobe Premiere Pro CS6	Adobe Systems Incorporated	14.11.2012	2,67GB	6.0
Adobe® Content Viewer	Adobe Systems Incorporated	20.11.2012		2.9.0
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	06.10.2012	26,3MB	8.0.881.0
Apple Application Support	Apple Inc.	15.11.2012	65,0MB	2.3
Apple Mobile Device Support	Apple Inc.	09.10.2012	23,7MB	6.0.0.59
Apple Software Update	Apple Inc.	09.10.2012	2,38MB	2.1.3.127
AutoIt v3.3.8.1	AutoIt Team	07.10.2012		
Avira Free Antivirus	Avira	27.11.2012	122MB	13.0.0.2832
Bonjour	Apple Inc.	09.10.2012	2,00MB	3.0.0.10
CCleaner	Piriform	25.11.2012		3.25
Dropbox	Dropbox, Inc.	06.10.2012		1.4.17
FileZilla Client 3.6.0	FileZilla Project	16.11.2012	17,0MB	3.6.0
Grand Theft Auto IV	Rockstar Games	06.10.2012		1.00.0000
Hauppauge WinTV 7	Hauppauge Computer Works	07.10.2012		v7.0.30237 (CD 2.6)
iTunes	Apple Inc.	09.10.2012	182MB	10.7.0.21
LibreOffice 3.6	The Document Foundation	21.11.2012	379MB	3.6.3.2
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	02.12.2012	19,4MB	1.65.1.1000
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.10.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	06.10.2012	2,93MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	06.10.2012	31,3MB	3.5.92.0
Microsoft Silverlight	Microsoft Corporation	08.10.2012	50,6MB	5.1.10411.0						-unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	06.10.2012	300KB	8.0.61001			-unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	14.11.2012	572KB	8.0.61000			-unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	14.11.2012	788KB	9.0.30729.4148	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.11.2012	788KB	9.0.30729.6161	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.10.2012	596KB	9.0.30729	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.11.2012	232KB	9.0.30729.4148	-unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	06.10.2012	600KB	9.0.30729.6161	-unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	16.11.2012	13,8MB	10.0.40219	-unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	06.10.2012	12,2MB	10.0.40219	-unbekannt
Mozilla Firefox 18.0 (x86 de)	Mozilla	02.12.2012	43,7MB	18.0
Mozilla Maintenance Service	Mozilla	02.12.2012	329KB	18.0
Mozilla Thunderbird 18.0 (x86 de)	Mozilla	02.12.2012	44,1MB	18.0
Nettalk 6.7	Nicolas Kruse	06.10.2012	5,70MB	
Notepad++		16.11.2012		6.2.1
PuTTY version 0.62	Simon Tatham	10.10.2012	3,43MB	0.62
QuickTime	Apple Inc.	15.11.2012	73,1MB	7.73.80.64
Steam	Valve Corporation	05.10.2012	35,4MB	1.0.0.0
TeamSpeak 3 Client	TeamSpeak Systems GmbH	23.11.2012		3.0.6
Windows Live ID Sign-in Assistant	Microsoft Corporation	06.10.2012	10,0MB	6.500.3165.0
XAMPP 1.8.1		16.11.2012		
µTorrent	BitTorrent Inc.	09.10.2012		3.2.1.28086
         
Grüße

Alt 04.12.2012, 00:03   #14
markusg
/// Malware-holic
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Sorry, den hatten wir schon, hatte die falsche Anleitung verwendet.
Öffne otl, bereinigen, pc startet neu, löscht remover.
Wenn alles läuft, wie gewünscht, Gerät absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.12.2012, 00:13   #15
Weesel
 
Claro-Search Virus (?) - Standard

Claro-Search Virus (?)



Hi

uiuiui, das nenne ich mal eine umfassende anleitung! :O
Die werde ich mir "morgen" mal versuchen, abzuarbeiten.
Falls ich dann Fragen habe, melde ich mich.
Bis dahin, ein großes Danke für die Hilfe!

Grüße,
Weesel

Antwort

Themen zu Claro-Search Virus (?)
adobe after effects, antivir, bho, bonjour, browser, browser manager, claro-search, combofix, error, firefox, flash player, frage, google, grand theft auto, helper, home, iexplore.exe, install.exe, launch, logfile, nodrives, popup, programm, realtek, registry, scan, security, software, svchost.exe, teamspeak, virus, windows



Ähnliche Themen: Claro-Search Virus (?)


  1. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (24)
  2. Claro search
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (4)
  3. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (9)
  4. Claro Search eingefangen.
    Log-Analyse und Auswertung - 27.12.2012 (1)
  5. Claro Search Virus
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (1)
  6. infektion durch claro search virus
    Log-Analyse und Auswertung - 10.12.2012 (26)
  7. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (17)
  8. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (23)
  9. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (15)
  10. Claro-Search als Startseite
    Log-Analyse und Auswertung - 22.11.2012 (11)
  11. Claro Search Virus
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (28)
  12. Claro-Search
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (11)
  13. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (23)
  14. Claro Search
    Log-Analyse und Auswertung - 12.11.2012 (27)
  15. Claro-Search (Virus) hat die Kontrolle übernommen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  16. virus auf dem pc search.chatzum.com bei Mozilla Firefox und search.claro.com bei IE
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)
  17. claro-search (Virus?) lässt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (11)

Zum Thema Claro-Search Virus (?) - Hallo alle miteinander Ich habe vor kurzem ein Programm installieren wollen. Statt mit einem tollen Programm wurde ich aber scheinbar mit einem Virus beschenkt. Jetzt ist es so, dass die - Claro-Search Virus (?)...
Archiv
Du betrachtest: Claro-Search Virus (?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.