Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.01.2013, 19:30   #1
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



Hallo Zusammen,

hab da ein Problem mit den Dateien bump.exe + find.exe.
Ich tu jetzt schon ewig rum, wie ich das runter bekomm! Hab hier im Forum auch schon über das Problem gelesen. Da ich das natürlich alles gemacht habe, was die Helfer geschrieben haben, weiß ich immer noch nicht, wie ich mein Rechner komplett reinig.
Ich möchte jetzt auch nicht unbedingt mein Rechner ganz platt machen, deswegen hoff ich, jemand kann mir helfen.

Systemscan mit OTL hab ich bereits gemacht.. s. u. die Code-Tags:

Danke schon mal

OTL Logfiles:

Code:
ATTFilter
OTL logfile created on: 13.01.2013 18:50:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dennis\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 66,68% Memory free
7,49 Gb Paging File | 5,69 Gb Available in Paging File | 75,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 73,50 Gb Free Space | 24,67% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe ()
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SystemExplorerHelpService) -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (Mister Group)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Arrakis3) -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb128?a=6PQz5qYp2L&i=26
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5B6855E1-2798-4ACE-B239-444D40B05C0C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=0439F1B7-EA0C-4A33-A1FC-55D812FD74C9&apn_sauid=C88A24A4-3AC8-4B9A-A2FD-A6C096179CEA
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQz5qYp2L&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.4.0.01
FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.13.0.6
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dennis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.15 17:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011.10.18 20:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.18 20:15:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.15 17:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 06:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.18 20:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2013.01.09 22:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\cr1n6dte.default\extensions
[2011.10.18 20:10:21 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\cr1n6dte.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.07.01 13:45:12 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\cr1n6dte.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.11.26 21:29:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\cr1n6dte.default\extensions\engine@conduit.com
[2012.05.31 21:44:27 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\cr1n6dte.default\extensions\ffxtlbr@incredibar.com
[2013.01.01 22:03:19 | 000,216,359 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2013.01.09 22:03:45 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\extensions\toolbar@web.de.xpi
[2013.01.01 22:03:22 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.09 22:06:14 | 000,000,911 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\11-suche.xml
[2012.03.12 18:03:29 | 000,002,401 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\askcom.xml
[2012.02.14 20:58:56 | 000,000,923 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\conduit.xml
[2013.01.09 22:06:14 | 000,002,273 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\englische-ergebnisse.xml
[2013.01.09 22:06:14 | 000,010,563 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\gmx-suche.xml
[2013.01.09 22:06:14 | 000,002,432 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\lastminute.xml
[2012.05.31 21:44:16 | 000,002,203 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\MyStart Search.xml
[2011.10.18 20:10:02 | 000,002,516 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\SearchResults.xml
[2013.01.09 22:06:13 | 000,005,545 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\cr1n6dte.default\searchplugins\webde-suche.xml
[2012.01.18 17:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.12 06:47:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.28 20:59:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.28 20:59:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.28 20:59:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.28 20:59:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 20:10:02 | 000,002,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.28 20:59:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.28 20:59:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
Hosts file not found
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL (SearchCore for Browsers)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (SearchCore for Browsers)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [Chew7Hale] C:\Windows\SysNative\hale.exe ()
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (iMesh, Inc)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{663F5AD1-C700-4128-B544-35EF573728D1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E482F7CB-3493-4E6A-B5CA-439B325DEB0C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (iMesh, Inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bfc2c22-693d-11e1-9a1a-001f16c2b157}\Shell - "" = AutoRun
O33 - MountPoints2\{5bfc2c22-693d-11e1-9a1a-001f16c2b157}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 19:46:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 23:20:36 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Programs
[2013.01.10 23:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.10 23:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.09 22:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2013.01.09 22:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2013.01.09 22:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 18:08:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 18:08:14 | 3018,559,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.13 18:08:13 | 000,495,088 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.01.11 22:10:51 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2013.01.11 22:10:50 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 22:10:50 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 22:10:43 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.01.11 22:10:42 | 039,705,057 | ---- | M] () -- C:\Windows\SysNative\cwlog.dtl
[2013.01.10 23:21:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 23:05:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.09 22:28:26 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2013.01.09 22:00:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 22:00:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.20 18:10:53 | 000,001,857 | ---- | M] () -- C:\Users\Dennis\Desktop\UseNeXT.lnk
[2012.12.15 14:54:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.15 14:54:28 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.15 14:54:28 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.15 14:54:28 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.15 14:54:28 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.01.11 22:10:43 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2013.01.10 23:05:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.09 22:30:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 22:28:26 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2011.09.13 18:39:31 | 000,000,025 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\bdfvconp.ini
[2011.08.27 14:46:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.08.27 12:58:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 18:50:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dennis\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 66,68% Memory free
7,49 Gb Paging File | 5,69 Gb Available in Paging File | 75,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 73,50 Gb Free Space | 24,67% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{319BB010-A0AE-4B31-8797-0B37412CFD97}" = lport=137 | protocol=17 | dir=in | app=system | 
"{32825BAA-D31D-441D-B0B4-5DCFE572176E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3DD48B28-B0DE-42BD-9EA0-7CD416F06313}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3E21ED4B-7D8F-448C-9972-3123D4E0F6EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{46694BB1-8C4C-449D-999D-E207A878C1F1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5CF4E8B7-53FB-4B9E-AE0D-BD54D153F03A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EA4C3E7-39FE-4F9D-AF0E-F367BFF45A45}" = lport=138 | protocol=17 | dir=in | app=system | 
"{786531ED-1DBD-4C7D-8AE2-A2B4FECE2BAF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D64A345-40DA-490B-ACE6-A584C21EBCA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{80E5528B-7A8D-4204-B88C-B7D6DCC96BF2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{83F00260-39FA-485B-8413-1FD399DE0892}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{859209CE-DAB9-4C6B-9035-F8F20AAD7685}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E94DB4B-513B-441F-9B0E-D2124C6E97FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90CCD4E4-CFB6-4847-A68D-1B96A11D7DEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{98548DAD-C5AE-4982-8847-19E5E1E4B03B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA27F6A5-6DE7-45D7-8930-A061EE675BF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B0007453-9ADE-4C55-ABEC-95D0EF3967BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9EA6117-F260-4B7A-A416-3A4AA60B2312}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC4A5E7A-C18B-43A1-9629-821601227CD0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C76AC0FD-BD8B-4C88-94D5-758C170F2693}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C791CB8D-EE82-4172-9976-4082E0D999D0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{CE1CC9E6-D55F-45AF-9CF0-CAD272FEEE0F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CF6F9908-4729-4D97-ABDF-79F86F84FDD3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E7E7B8C9-6900-459F-B41A-D498548161CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A5A068-7E2E-4B9A-9314-3E33F058CE4C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0B198DBD-BF33-4BAC-AF56-629CCF2CE197}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{14DA6041-7189-4A4A-A9BB-04EEA4F51CD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{15D5A8F6-5E41-4E1A-8CB8-D361BDC3DC71}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{18F0CC5C-11E0-4CFF-83F0-45A3E97388A9}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1A94270F-8F13-493E-BEE7-D0A93D821BFF}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{23547509-B099-4F51-B330-BCA16B6460B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3146685B-2298-43CC-BC2C-6E3DB47D123E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3AB1432A-3C04-47BA-8040-170C938654F3}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{3BCED834-4EAC-4A28-BF12-0D5363F7E675}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{3DF084C6-DD66-44A3-BA3D-743CF47527E2}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{488AADBE-1547-49D3-82F2-F05034B7E3C7}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{4E8D85E6-E778-4833-AC60-CC57A8FF10E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5C1E6952-FB86-425E-982B-6F7CE1FD3B69}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{60358958-C98F-4EF2-9D8A-B0C326833284}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{60BEAF03-53F1-4ABE-8B67-B0976A2CCA8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{649744C9-A77C-46DE-879C-D85E1A2A2E0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C5BB1CA-637F-42DA-A148-CA54015B0176}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{6DCCC48B-1082-4562-82C2-4DC1FFD037D5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{98309BED-A6E9-439C-B58B-70448ED414E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9DCD87C1-543A-4D01-8288-DEBC52564DE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9ED1D438-9F45-4443-8492-D27F070F2A68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F45FB61-3556-4063-AAF1-42C8C2EF0EA6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A179DF17-9AF4-4AD6-96A5-E04FCA622008}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{A22E567B-CE9F-4F81-A8BE-8541CB8DFF79}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{A74E7832-C55C-4400-96AB-BED09BE114D0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{AA468596-4B5F-4B6A-AF32-2396A7B1EBC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BC29E2D6-08F4-4F15-AA4C-EC512A8D5CD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAAD679C-3E94-46D2-9598-E062C1C373BA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CCD31DBB-DAB9-4062-9204-3BC4C07663E3}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{D21C607A-EAEA-4274-B643-3DDA33510EF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D46E9FBE-D943-4316-A603-B830CB31D1D1}" = protocol=6 | dir=out | app=system | 
"{D598C2E5-DB72-4146-9C23-21727ADFF2E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9FCE266-96C3-473C-8219-B2DA595C59CE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{E4ED3761-B10F-4BCF-B59E-DA986E89E9F9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E75891E7-736C-4DC0-ABE4-209F1E37F536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7F138E3-907B-4695-AB83-A09231C46348}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E846F1DB-1E6B-4759-A07D-16139CBC23EE}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{EEE49E53-DAC9-47E3-929B-DC072F8E9441}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F381AE24-C538-4BD4-AF3F-8F2E8FB498EA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F7BDE655-21D6-4BAF-918B-92A231A241A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA7DEBEA-B87C-4F74-8C45-00F183C037FC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{FFA070BA-99EB-46BF-9717-A8268C53146F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{7780E2D9-EEEC-4F6A-833B-56E1EBAC37D8}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{79686BD2-CFF5-4342-83C2-76777456F818}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{40D35FF6-A08A-4C1B-AEDF-69A0215FB3E0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{B5781ECC-10EF-45EE-B9A5-16172144973F}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028FF35A-9CFD-4653-9E5B-9667BD72D6AF}" = BitDefender Total Security 2010
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7D088FD6-67B8-4186-947C-5FB4CC7227B5}" = O&O Defrag Professional
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D0A0350-B509-B362-4827-63E4C6520E7B}" = AMD Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{C1124346-2EE7-7D9F-6702-625128046EB0}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"WNLT" = Web Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 4.0.0
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1ClickDownload" = 1ClickDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"iMesh 1 MediaBar" = MediaBar
"incredibar" = Incredibar Toolbar  on IE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.12.1707" = Opera 12.12
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"SearchCore for Browsers" = SearchCore for Browsers
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2012 08:56:45 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37952142
 
Error - 31.12.2012 14:49:56 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2012 14:58:37 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.01.2013 08:04:21 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.01.2013 15:11:27 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2013 14:53:00 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.01.2013 10:26:52 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.01.2013 10:26:52 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4321
 
Error - 06.01.2013 10:26:52 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4321
 
Error - 07.01.2013 15:39:49 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.08.2012 16:24:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   luafv
 
Error - 09.08.2012 16:27:33 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Software Protection erreicht.
 
Error - 09.08.2012 16:27:33 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 09.08.2012 16:32:01 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 09.08.2012 16:32:27 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   luafv
 
Error - 09.08.2012 16:45:48 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Basisfiltermodul" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.08.2012 16:45:48 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Diagnoserichtliniendienst" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 09.08.2012 16:45:48 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Firewall" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.08.2012 16:47:50 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Basisfiltermodul" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 09.08.2012 17:59:53 | Computer Name = Dennis-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Install:

Code:
ATTFilter
1ClickDownloader	1ClickDownload	31.05.2012		2.1 Build 26473
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.01.2013	6,00MB	11.5.502.146
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146
Adobe Reader X (10.1.0) - Deutsch	Adobe Systems Incorporated	27.08.2011	118MB	10.1.0
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	27.08.2011	22,6MB	3.0.838.0
Apple Application Support	Apple Inc.	28.11.2012	65,0MB	2.2.2
Apple Mobile Device Support	Apple Inc.	28.11.2012	23,7MB	6.0.0.59
Apple Software Update	Apple Inc.	27.08.2011	2,38MB	2.1.3.127
Ashampoo Burning Studio Elements 10.0.9	Ashampoo GmbH & Co. KG	26.11.2011	161MB	3.1.1
Avira Free Antivirus	Avira	12.12.2012	122MB	13.0.0.2890
BitDefender Total Security 2010	BitDefender	27.08.2011	161MB	13.0.21
Bonjour	Apple Inc.	28.11.2012	2,00MB	3.0.0.10
CCleaner	Piriform	19.12.2012		3.26
DriverTuner 3.1.0.0	LionSea SoftWare	07.05.2012	24,7MB	3.1.0.0
Incredibar Toolbar  on IE		31.05.2012		
iTunes	Apple Inc.	28.11.2012	182MB	10.7.0.21
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	09.01.2013	19,4MB	1.65.1.1000
MediaBar	iMesh Inc.	18.10.2011		3.0.0.116189
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.04.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	08.04.2011	2,93MB	4.0.30319
Microsoft Office Professional Plus 2010	Microsoft Corporation	27.08.2011		14.0.4763.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.11.2011	344KB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	27.08.2011	708KB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	27.08.2011	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.08.2011	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.11.2011	588KB	9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	27.08.2011	13,6MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.11.2011	11,1MB	10.0.40219
Mozilla Firefox 11.0 (x86 de)	Mozilla	12.04.2012	35,8MB	11.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.11.2011	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2011	1,33MB	4.20.9876.0
MyAshampoo Toolbar	MyAshampoo	26.11.2011		6.3.2.90
O&O Defrag Professional	O&O Software GmbH	27.08.2011	46,4MB	14.5.543
Opera 12.12	Opera Software ASA	10.01.2013		12.12.1707
QuickPar 0.9	Peter B. Clements	21.09.2011		0.9
QuickTime	Apple Inc.	27.08.2011	73,0MB	7.70.80.34
RealPlayer	RealNetworks	18.10.2011		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.08.2011		6.0.1.5911
Samsung ML-1610 Series		07.05.2012		
SearchCore for Browsers	iMesh Inc.	18.10.2011		3.0.0.116189
System Explorer 4.0.0	Mister Group	09.01.2013	6,14MB	
Unity Web Player	Unity Technologies ApS	24.02.2012	12,0MB	
VLC media player 1.1.11	VideoLAN	27.08.2011		1.1.11
Web Assistant 2.0.0.485	IncrediBar	15.09.2012	2,04MB	2.0.0.485
Web Optimizer		27.09.2012		2.0.0.2
WinRAR 4.01 (64-Bit)	win.rar GmbH	27.08.2011		4.01.0
         

Alt 14.01.2013, 19:59   #2
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



Hi
malwarebytes öffnen, logdateien, poste Berichte mit Funden
was hast du noch gemacht, logs bitte nachreichen
__________________

__________________

Alt 15.01.2013, 19:31   #3
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



Das is es ja.. Malwarebytes hat keine Funde!
Hab mir Panda Internet Security noch geladen, aber auch der hat keine Funde gemeldet.
__________________

Alt 15.01.2013, 20:57   #4
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



von uns hat jemand zu panda geraten? du sagst, du hast "alles" gemacht, was heißt das genau?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 20:15   #5
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



naja was heißt alles.. ich hab gemacht:

Systemscan mit OTL (Logfiles im ersten Thread)
meine installierten programme mit CCleaner rauskopiert (ebenfalls im ersten)
ja und dann hab ich mir Malwarebytes geholt und den noch drüber laufen lassen.. wie gesagt keine Funde?!?!

und das mit Panda hab ich in nem anderen Forum gelesen.. auch erfolglos..

was kann ich tun??


Alt 16.01.2013, 21:34   #6
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %

Alt 17.01.2013, 18:19   #7
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



Code:
ATTFilter
19:11:29.0600 4896  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:11:31.0603 4896  ============================================================
19:11:31.0603 4896  Current date / time: 2013/01/17 19:11:31.0603
19:11:31.0603 4896  SystemInfo:
19:11:31.0603 4896  
19:11:31.0603 4896  OS Version: 6.1.7601 ServicePack: 1.0
19:11:31.0603 4896  Product type: Workstation
19:11:31.0603 4896  ComputerName: DENNIS-PC
19:11:31.0604 4896  UserName: Dennis
19:11:31.0604 4896  Windows directory: C:\Windows
19:11:31.0604 4896  System windows directory: C:\Windows
19:11:31.0604 4896  Running under WOW64
19:11:31.0604 4896  Processor architecture: Intel x64
19:11:31.0604 4896  Number of processors: 2
19:11:31.0604 4896  Page size: 0x1000
19:11:31.0604 4896  Boot type: Normal boot
19:11:31.0604 4896  ============================================================
19:11:37.0551 4896  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:11:37.0560 4896  ============================================================
19:11:37.0560 4896  \Device\Harddisk0\DR0:
19:11:37.0561 4896  MBR partitions:
19:11:37.0561 4896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:11:37.0561 4896  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:11:37.0561 4896  ============================================================
19:11:37.0680 4896  C: <-> \Device\Harddisk0\DR0\Partition2
19:11:37.0680 4896  ============================================================
19:11:37.0680 4896  Initialize success
19:11:37.0681 4896  ============================================================
19:13:12.0372 5884  ============================================================
19:13:12.0372 5884  Scan started
19:13:12.0373 5884  Mode: Manual; SigCheck; TDLFS; 
19:13:12.0373 5884  ============================================================
19:13:15.0127 5884  ================ Scan system memory ========================
19:13:15.0127 5884  System memory - ok
19:13:15.0128 5884  ================ Scan services =============================
19:13:15.0417 5884  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:13:16.0329 5884  1394ohci - ok
19:13:16.0399 5884  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:13:16.0729 5884  ACPI - ok
19:13:16.0820 5884  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:13:16.0974 5884  AcpiPmi - ok
19:13:17.0114 5884  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:13:17.0213 5884  AdobeARMservice - ok
19:13:17.0413 5884  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:13:17.0572 5884  AdobeFlashPlayerUpdateSvc - ok
19:13:17.0623 5884  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:13:17.0874 5884  adp94xx - ok
19:13:17.0939 5884  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:13:18.0049 5884  adpahci - ok
19:13:18.0058 5884  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:13:18.0173 5884  adpu320 - ok
19:13:18.0227 5884  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:13:18.0625 5884  AeLookupSvc - ok
19:13:18.0765 5884  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:13:19.0471 5884  AFD - ok
19:13:19.0545 5884  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:13:20.0192 5884  AgereSoftModem - ok
19:13:20.0242 5884  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:13:20.0310 5884  agp440 - ok
19:13:20.0347 5884  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:13:20.0454 5884  ALG - ok
19:13:20.0499 5884  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:13:20.0536 5884  aliide - ok
19:13:20.0603 5884  [ A2F5BEA5B45A8E7C4776F39C25E8699D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:13:20.0667 5884  AMD External Events Utility - ok
19:13:20.0740 5884  AMD FUEL Service - ok
19:13:20.0754 5884  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:13:20.0815 5884  amdide - ok
19:13:20.0852 5884  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
19:13:22.0260 5884  amdiox64 - ok
19:13:22.0290 5884  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:13:22.0452 5884  AmdK8 - ok
19:13:22.0754 5884  [ 5B03217859B014B090CB5060C1D96875 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:23.0875 5884  amdkmdag - ok
19:13:23.0997 5884  [ 35D2184A99AD4CD5D17284D6C9F382C9 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:13:24.0166 5884  amdkmdap - ok
19:13:24.0216 5884  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:13:24.0345 5884  AmdPPM - ok
19:13:24.0430 5884  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:13:24.0491 5884  amdsata - ok
19:13:24.0539 5884  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:13:25.0251 5884  amdsbs - ok
19:13:25.0323 5884  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:13:25.0373 5884  amdxata - ok
19:13:25.0441 5884  [ 208D5E390FE712A826A1D26397E533E2 ] AmFSM           C:\Windows\system32\DRIVERS\amm6460.sys
19:13:25.0509 5884  AmFSM - ok
19:13:25.0698 5884  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:13:25.0741 5884  AntiVirSchedulerService - ok
19:13:25.0814 5884  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:13:25.0908 5884  AntiVirService - ok
19:13:25.0998 5884  [ B1A935537BE5C168C223946572E2EDD1 ] APPFLT          C:\Windows\system32\Drivers\APPFLT64.SYS
19:13:26.0055 5884  APPFLT - ok
19:13:26.0125 5884  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:13:26.0218 5884  AppID - ok
19:13:26.0243 5884  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:13:26.0335 5884  AppIDSvc - ok
19:13:26.0350 5884  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:13:26.0440 5884  Appinfo - ok
19:13:26.0575 5884  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:26.0738 5884  Apple Mobile Device - ok
19:13:26.0801 5884  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:13:26.0907 5884  AppMgmt - ok
19:13:26.0961 5884  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:13:27.0043 5884  arc - ok
19:13:27.0061 5884  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:13:27.0127 5884  arcsas - ok
19:13:27.0226 5884  [ 02FAF198A7F7EC16BD89F6E98B98060A ] Arrakis3        C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
19:13:28.0193 5884  Arrakis3 - ok
19:13:28.0226 5884  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:28.0343 5884  AsyncMac - ok
19:13:28.0407 5884  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:13:28.0443 5884  atapi - ok
19:13:28.0544 5884  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:13:28.0763 5884  athr - ok
19:13:29.0049 5884  [ 5B03217859B014B090CB5060C1D96875 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:29.0297 5884  atikmdag - ok
19:13:29.0367 5884  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:13:29.0517 5884  AudioEndpointBuilder - ok
19:13:29.0567 5884  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:13:29.0661 5884  AudioSrv - ok
19:13:29.0719 5884  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:13:29.0784 5884  avgntflt - ok
19:13:29.0843 5884  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:13:29.0911 5884  avipbb - ok
19:13:29.0939 5884  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:13:29.0990 5884  avkmgr - ok
19:13:30.0078 5884  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:13:30.0186 5884  AxInstSV - ok
19:13:30.0265 5884  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:13:31.0129 5884  b06bdrv - ok
19:13:31.0196 5884  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:13:31.0379 5884  b57nd60a - ok
19:13:31.0434 5884  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:13:31.0752 5884  BDESVC - ok
19:13:31.0831 5884  [ F050E487A787239C182C279CA97E8CF4 ] BDFM            C:\Windows\system32\DRIVERS\bdfm.sys
19:13:31.0914 5884  BDFM - ok
19:13:32.0086 5884  [ ABD97BFB299713A51FE36AAAB71F73A2 ] bdfsfltr        C:\Windows\system32\DRIVERS\bdfsfltr.sys
19:13:32.0175 5884  bdfsfltr - ok
19:13:32.0318 5884  [ B89DEFF4817B4CC6FC2BCD8F83B4E75D ] BDVEDISK        C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
19:13:32.0385 5884  BDVEDISK - ok
19:13:32.0518 5884  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:13:32.0596 5884  Beep - ok
19:13:32.0715 5884  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:13:32.0818 5884  BFE - ok
19:13:32.0864 5884  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:13:33.0064 5884  BITS - ok
19:13:33.0102 5884  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:13:33.0237 5884  blbdrive - ok
19:13:33.0326 5884  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:13:34.0062 5884  Bonjour Service - ok
19:13:34.0127 5884  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:13:34.0276 5884  bowser - ok
19:13:34.0314 5884  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:13:34.0363 5884  BrFiltLo - ok
19:13:34.0415 5884  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:13:34.0488 5884  BrFiltUp - ok
19:13:34.0548 5884  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
19:13:34.0726 5884  Browser - ok
19:13:34.0748 5884  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:13:35.0186 5884  Brserid - ok
19:13:35.0201 5884  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:13:35.0298 5884  BrSerWdm - ok
19:13:35.0327 5884  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:13:35.0433 5884  BrUsbMdm - ok
19:13:35.0453 5884  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:13:35.0535 5884  BrUsbSer - ok
19:13:35.0578 5884  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:13:35.0801 5884  BTHMODEM - ok
19:13:35.0896 5884  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:13:36.0068 5884  bthserv - ok
19:13:36.0098 5884  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:13:36.0210 5884  cdfs - ok
19:13:36.0268 5884  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:13:36.0465 5884  cdrom - ok
19:13:36.0514 5884  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:13:36.0622 5884  CertPropSvc - ok
19:13:36.0688 5884  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:13:36.0857 5884  circlass - ok
19:13:36.0884 5884  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:13:36.0926 5884  CLFS - ok
19:13:37.0058 5884  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:37.0175 5884  clr_optimization_v2.0.50727_32 - ok
19:13:37.0266 5884  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:13:37.0352 5884  clr_optimization_v2.0.50727_64 - ok
19:13:37.0429 5884  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:38.0942 5884  clr_optimization_v4.0.30319_32 - ok
19:13:39.0086 5884  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:13:39.0126 5884  clr_optimization_v4.0.30319_64 - ok
19:13:39.0180 5884  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:13:39.0246 5884  CmBatt - ok
19:13:39.0261 5884  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:13:39.0312 5884  cmdide - ok
19:13:39.0365 5884  [ C4943B6C962E4B82197542447AD599F4 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:13:39.0609 5884  CNG - ok
19:13:39.0773 5884  [ 8A64C45F467FB30C47A30AE2819DDD62 ] ComFiltr        C:\Windows\system32\DRIVERS\COMFiltr.sys
19:13:39.0809 5884  ComFiltr - ok
19:13:39.0873 5884  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:13:39.0934 5884  Compbatt - ok
19:13:39.0989 5884  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:13:40.0182 5884  CompositeBus - ok
19:13:40.0210 5884  COMSysApp - ok
19:13:40.0229 5884  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:13:40.0282 5884  crcdisk - ok
19:13:40.0351 5884  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:13:40.0715 5884  CryptSvc - ok
19:13:40.0749 5884  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:13:40.0871 5884  CSC - ok
19:13:40.0929 5884  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:13:41.0075 5884  CscService - ok
19:13:41.0151 5884  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:13:41.0524 5884  DcomLaunch - ok
19:13:41.0691 5884  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:13:41.0903 5884  defragsvc - ok
19:13:41.0979 5884  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:13:42.0145 5884  DfsC - ok
19:13:42.0201 5884  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
19:13:42.0316 5884  DgiVecp - ok
19:13:42.0400 5884  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:13:42.0556 5884  Dhcp - ok
19:13:42.0597 5884  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:13:42.0731 5884  discache - ok
19:13:42.0797 5884  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:13:42.0855 5884  Disk - ok
19:13:42.0888 5884  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:13:43.0135 5884  dmvsc - ok
19:13:43.0172 5884  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:13:43.0300 5884  Dnscache - ok
19:13:43.0355 5884  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:13:43.0478 5884  dot3svc - ok
19:13:43.0503 5884  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:13:43.0607 5884  DPS - ok
19:13:43.0681 5884  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:13:43.0738 5884  drmkaud - ok
19:13:43.0779 5884  [ 64648B677D5005749F2FE412254512B7 ] DSAFLT          C:\Windows\system32\Drivers\DSAFLT64.SYS
19:13:43.0851 5884  DSAFLT - ok
19:13:43.0915 5884  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:13:44.0080 5884  DXGKrnl - ok
19:13:44.0129 5884  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
19:13:44.0232 5884  E1G60 - ok
19:13:44.0283 5884  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:13:44.0398 5884  EapHost - ok
19:13:44.0519 5884  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:13:48.0755 5884  ebdrv - ok
19:13:48.0794 5884  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:13:48.0831 5884  EFS - ok
19:13:49.0028 5884  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:13:49.0181 5884  ehRecvr - ok
19:13:49.0201 5884  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:13:49.0282 5884  ehSched - ok
19:13:49.0338 5884  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:13:49.0414 5884  elxstor - ok
19:13:49.0513 5884  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:13:49.0598 5884  ErrDev - ok
19:13:49.0683 5884  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:13:49.0792 5884  EventSystem - ok
19:13:49.0822 5884  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:13:49.0959 5884  exfat - ok
19:13:49.0985 5884  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:13:50.0154 5884  fastfat - ok
19:13:50.0213 5884  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:13:50.0335 5884  Fax - ok
19:13:50.0353 5884  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:13:50.0419 5884  fdc - ok
19:13:50.0439 5884  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:13:50.0503 5884  fdPHost - ok
19:13:50.0521 5884  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:13:50.0616 5884  FDResPub - ok
19:13:50.0644 5884  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:13:50.0699 5884  FileInfo - ok
19:13:50.0716 5884  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:13:50.0815 5884  Filetrace - ok
19:13:50.0829 5884  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:13:50.0894 5884  flpydisk - ok
19:13:50.0934 5884  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:13:51.0313 5884  FltMgr - ok
19:13:51.0357 5884  [ 50C6C310A98108A94E985FD46B4E150C ] FNETMON         C:\Windows\system32\Drivers\fnetm64.SYS
19:13:51.0410 5884  FNETMON - ok
19:13:51.0465 5884  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:13:51.0576 5884  FontCache - ok
19:13:51.0640 5884  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:13:51.0720 5884  FontCache3.0.0.0 - ok
19:13:51.0744 5884  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:13:51.0790 5884  FsDepends - ok
19:13:51.0826 5884  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:13:51.0893 5884  Fs_Rec - ok
19:13:51.0943 5884  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:13:52.0044 5884  fvevol - ok
19:13:52.0088 5884  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:13:52.0134 5884  gagp30kx - ok
19:13:52.0202 5884  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:13:52.0260 5884  GEARAspiWDM - ok
19:13:52.0352 5884  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:13:52.0510 5884  gpsvc - ok
19:13:52.0528 5884  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:13:52.0645 5884  hcw85cir - ok
19:13:52.0722 5884  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:13:52.0820 5884  HdAudAddService - ok
19:13:52.0847 5884  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:52.0889 5884  HDAudBus - ok
19:13:52.0918 5884  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:13:52.0979 5884  HidBatt - ok
19:13:52.0999 5884  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:13:53.0107 5884  HidBth - ok
19:13:53.0126 5884  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:13:53.0181 5884  HidIr - ok
19:13:53.0201 5884  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:13:53.0275 5884  hidserv - ok
19:13:53.0315 5884  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:13:53.0362 5884  HidUsb - ok
19:13:53.0439 5884  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:13:53.0572 5884  hkmsvc - ok
19:13:53.0615 5884  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:13:53.0711 5884  HomeGroupListener - ok
19:13:53.0739 5884  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:13:53.0813 5884  HomeGroupProvider - ok
19:13:53.0861 5884  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:13:53.0907 5884  HpSAMD - ok
19:13:53.0982 5884  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:13:54.0739 5884  HTTP - ok
19:13:54.0762 5884  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:13:54.0811 5884  hwpolicy - ok
19:13:54.0841 5884  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:54.0896 5884  i8042prt - ok
19:13:54.0979 5884  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:13:55.0616 5884  iaStorV - ok
19:13:55.0724 5884  [ E3FC339DAC4DDF4A12188313DC4DA94F ] IDSFLT          C:\Windows\system32\Drivers\IDSFLT64.SYS
19:13:56.0194 5884  IDSFLT - ok
19:13:56.0270 5884  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:13:56.0422 5884  idsvc - ok
19:13:56.0481 5884  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:13:57.0008 5884  iirsp - ok
19:13:57.0070 5884  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:13:57.0256 5884  IKEEXT - ok
19:13:57.0356 5884  [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:13:57.0560 5884  IntcAzAudAddService - ok
19:13:57.0641 5884  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:13:57.0724 5884  intelide - ok
19:13:57.0772 5884  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
19:13:57.0918 5884  intelppm - ok
19:13:57.0952 5884  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:13:58.0079 5884  IPBusEnum - ok
19:13:58.0105 5884  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:58.0854 5884  IpFilterDriver - ok
19:13:58.0897 5884  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:13:59.0052 5884  iphlpsvc - ok
19:13:59.0092 5884  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:13:59.0154 5884  IPMIDRV - ok
19:13:59.0179 5884  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:13:59.0768 5884  IPNAT - ok
19:13:59.0848 5884  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:13:59.0918 5884  iPod Service - ok
19:14:00.0008 5884  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:14:00.0103 5884  IRENUM - ok
19:14:00.0118 5884  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:14:00.0174 5884  isapnp - ok
19:14:00.0203 5884  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:14:00.0284 5884  iScsiPrt - ok
19:14:00.0323 5884  [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:14:00.0399 5884  k57nd60a - ok
19:14:00.0435 5884  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:14:00.0516 5884  kbdclass - ok
19:14:00.0554 5884  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:14:00.0607 5884  kbdhid - ok
19:14:00.0625 5884  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:14:00.0657 5884  KeyIso - ok
19:14:00.0689 5884  KMService - ok
19:14:00.0724 5884  [ DA1E991A61CFDD755A589E206B97644B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:14:00.0767 5884  KSecDD - ok
19:14:00.0802 5884  [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:14:00.0863 5884  KSecPkg - ok
19:14:00.0898 5884  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:14:00.0989 5884  ksthunk - ok
19:14:01.0045 5884  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:14:01.0204 5884  KtmRm - ok
19:14:01.0245 5884  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:14:01.0356 5884  LanmanServer - ok
19:14:01.0406 5884  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:14:01.0507 5884  LanmanWorkstation - ok
19:14:01.0606 5884  [ 7CEF520FBF872FA709301D427C7E16F8 ] LIVESRV         C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
19:14:02.0435 5884  LIVESRV - ok
19:14:02.0506 5884  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:14:02.0620 5884  lltdio - ok
19:14:02.0682 5884  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:14:02.0784 5884  lltdsvc - ok
19:14:02.0799 5884  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:14:02.0894 5884  lmhosts - ok
19:14:02.0945 5884  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:14:03.0012 5884  LSI_FC - ok
19:14:03.0025 5884  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:14:03.0130 5884  LSI_SAS - ok
19:14:03.0153 5884  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:14:03.0220 5884  LSI_SAS2 - ok
19:14:03.0230 5884  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:14:03.0281 5884  LSI_SCSI - ok
19:14:03.0321 5884  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:14:03.0424 5884  luafv - ok
19:14:03.0481 5884  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:14:03.0519 5884  MBAMProtector - ok
19:14:03.0621 5884  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:14:03.0749 5884  MBAMScheduler - ok
19:14:03.0799 5884  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:14:03.0881 5884  MBAMService - ok
19:14:03.0954 5884  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:14:04.0043 5884  Mcx2Svc - ok
19:14:04.0068 5884  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:14:04.0119 5884  megasas - ok
19:14:04.0154 5884  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:14:04.0707 5884  MegaSR - ok
19:14:04.0747 5884  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:14:04.0833 5884  MMCSS - ok
19:14:04.0847 5884  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:14:04.0927 5884  Modem - ok
19:14:04.0972 5884  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:14:05.0033 5884  monitor - ok
19:14:05.0061 5884  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:14:05.0121 5884  mouclass - ok
19:14:05.0170 5884  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
19:14:05.0260 5884  mouhid - ok
19:14:05.0283 5884  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:14:05.0333 5884  mountmgr - ok
19:14:05.0349 5884  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:14:05.0429 5884  mpio - ok
19:14:05.0453 5884  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:14:05.0538 5884  mpsdrv - ok
19:14:05.0582 5884  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:14:05.0735 5884  MpsSvc - ok
19:14:05.0772 5884  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:14:05.0844 5884  MRxDAV - ok
19:14:05.0874 5884  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:05.0986 5884  mrxsmb - ok
19:14:05.0996 5884  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:06.0073 5884  mrxsmb10 - ok
19:14:06.0081 5884  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:06.0126 5884  mrxsmb20 - ok
19:14:06.0140 5884  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:14:06.0183 5884  msahci - ok
19:14:06.0210 5884  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:14:06.0263 5884  msdsm - ok
19:14:06.0288 5884  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:14:06.0362 5884  MSDTC - ok
19:14:06.0387 5884  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:14:06.0483 5884  Msfs - ok
19:14:06.0503 5884  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:14:06.0586 5884  mshidkmdf - ok
19:14:06.0601 5884  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:14:06.0689 5884  msisadrv - ok
19:14:06.0739 5884  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:14:06.0839 5884  MSiSCSI - ok
19:14:06.0846 5884  msiserver - ok
19:14:06.0879 5884  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:14:06.0995 5884  MSKSSRV - ok
19:14:07.0122 5884  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:07.0222 5884  MSPCLOCK - ok
19:14:07.0266 5884  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:14:07.0354 5884  MSPQM - ok
19:14:07.0381 5884  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:14:07.0460 5884  MsRPC - ok
19:14:07.0482 5884  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:14:07.0514 5884  mssmbios - ok
19:14:07.0530 5884  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:14:07.0626 5884  MSTEE - ok
19:14:07.0649 5884  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:14:07.0730 5884  MTConfig - ok
19:14:07.0752 5884  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:14:07.0829 5884  Mup - ok
19:14:07.0894 5884  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:14:08.0026 5884  napagent - ok
19:14:08.0097 5884  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:14:08.0182 5884  NativeWifiP - ok
19:14:08.0242 5884  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:14:08.0344 5884  NDIS - ok
19:14:08.0394 5884  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:14:08.0502 5884  NdisCap - ok
19:14:08.0544 5884  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:08.0612 5884  NdisTapi - ok
19:14:08.0681 5884  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:08.0786 5884  Ndisuio - ok
19:14:08.0801 5884  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:08.0905 5884  NdisWan - ok
19:14:08.0922 5884  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:14:09.0000 5884  NDProxy - ok
19:14:09.0026 5884  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:14:09.0147 5884  NetBIOS - ok
19:14:09.0174 5884  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:14:09.0285 5884  NetBT - ok
19:14:09.0339 5884  [ BA99A34A9B5EB737CE54BC0A7C596609 ] NETFLTDI        C:\Windows\system32\Drivers\NETTDI64.SYS
19:14:09.0906 5884  NETFLTDI - ok
19:14:09.0976 5884  [ FD0BFED656D9B26C22E439CC0EF5C771 ] NETIMFLT01060044 C:\Windows\system32\DRIVERS\n64i1644.sys
19:14:10.0007 5884  NETIMFLT01060044 - ok
19:14:10.0064 5884  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:14:10.0097 5884  Netlogon - ok
19:14:10.0146 5884  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:14:10.0250 5884  Netman - ok
19:14:10.0288 5884  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:14:10.0428 5884  netprofm - ok
19:14:10.0505 5884  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:10.0573 5884  NetTcpPortSharing - ok
19:14:10.0620 5884  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:14:10.0697 5884  nfrd960 - ok
19:14:10.0781 5884  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:14:10.0920 5884  NlaSvc - ok
19:14:10.0969 5884  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:14:11.0043 5884  Npfs - ok
19:14:11.0060 5884  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:14:11.0192 5884  nsi - ok
19:14:11.0207 5884  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:14:11.0325 5884  nsiproxy - ok
19:14:11.0390 5884  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:14:12.0033 5884  Ntfs - ok
19:14:12.0140 5884  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:14:12.0253 5884  Null - ok
19:14:12.0283 5884  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:14:12.0489 5884  nvraid - ok
19:14:12.0532 5884  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:14:12.0593 5884  nvstor - ok
19:14:12.0630 5884  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:14:12.0731 5884  nv_agp - ok
19:14:12.0753 5884  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:14:12.0841 5884  ohci1394 - ok
19:14:12.0956 5884  [ 1CD34A17B36DD143CE212AE776A97F9E ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
19:14:13.0665 5884  OODefragAgent - ok
19:14:14.0144 5884  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:15.0675 5884  ose - ok
19:14:16.0248 5884  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:14:16.0822 5884  osppsvc - ok
19:14:16.0900 5884  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:14:16.0970 5884  p2pimsvc - ok
19:14:17.0004 5884  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:14:17.0082 5884  p2psvc - ok
19:14:17.0466 5884  [ 54F00466439F749EDDF29CBA0BC1A28A ] Panda Software Controller C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe
19:14:17.0542 5884  Panda Software Controller - ok
19:14:17.0581 5884  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:14:17.0703 5884  Parport - ok
19:14:17.0723 5884  [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:14:17.0773 5884  partmgr - ok
19:14:17.0823 5884  [ 337A81B3FF34F9851D245D42A725FC22 ] pavboot         C:\Windows\system32\Drivers\pavboot64.sys
19:14:17.0866 5884  pavboot - ok
19:14:17.0933 5884  [ F458128A5321BB48DF7B3D8E279F6393 ] PAVFNSVR        C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
19:14:18.0002 5884  PAVFNSVR - ok
19:14:18.0055 5884  [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv        C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
19:14:18.0111 5884  PavPrSrv - ok
19:14:18.0432 5884  [ 4D8C2645A12FDDF9CD4A68DDE8496BEF ] PAVSRV          C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
19:14:19.0023 5884  PAVSRV - ok
19:14:19.0033 5884  PavTPK.sys - ok
19:14:19.0069 5884  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:14:19.0151 5884  PcaSvc - ok
19:14:19.0174 5884  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:14:19.0251 5884  pci - ok
19:14:19.0278 5884  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:14:19.0500 5884  pciide - ok
19:14:19.0520 5884  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:14:19.0647 5884  pcmcia - ok
19:14:19.0677 5884  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:14:19.0718 5884  pcw - ok
19:14:19.0755 5884  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:14:19.0892 5884  PEAUTH - ok
19:14:20.0044 5884  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:14:20.0149 5884  PeerDistSvc - ok
19:14:20.0243 5884  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:14:20.0322 5884  PerfHost - ok
19:14:20.0424 5884  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:14:20.0699 5884  pla - ok
19:14:20.0782 5884  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:14:20.0901 5884  PlugPlay - ok
19:14:20.0992 5884  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:14:21.0079 5884  PNRPAutoReg - ok
19:14:21.0133 5884  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:14:21.0241 5884  PNRPsvc - ok
19:14:21.0285 5884  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:14:21.0416 5884  PolicyAgent - ok
19:14:21.0494 5884  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:14:21.0598 5884  Power - ok
19:14:21.0649 5884  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:14:21.0802 5884  PptpMiniport - ok
19:14:21.0825 5884  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:14:21.0974 5884  Processor - ok
19:14:22.0019 5884  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
19:14:22.0137 5884  ProfSvc - ok
19:14:22.0164 5884  Prot6Flt - ok
19:14:22.0205 5884  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:14:22.0240 5884  ProtectedStorage - ok
19:14:22.0263 5884  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:14:22.0358 5884  Psched - ok
19:14:22.0449 5884  [ 532053E8E3BB8FA7166AB4E7685FDDCC ] PSHost          c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.EXE
19:14:22.0530 5884  PSHost - ok
19:14:22.0588 5884  [ 196C450F2779D0B462C444DA4906EA7F ] PSIMSVC         C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe
19:14:23.0026 5884  PSIMSVC - ok
19:14:23.0091 5884  [ 341457B79B3FC31A80C346C767045879 ] PskSvcRetail    C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe
19:14:23.0169 5884  PskSvcRetail - ok
19:14:23.0247 5884  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:14:24.0041 5884  ql2300 - ok
19:14:24.0076 5884  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:14:24.0679 5884  ql40xx - ok
19:14:24.0705 5884  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:14:24.0814 5884  QWAVE - ok
19:14:24.0828 5884  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:14:24.0952 5884  QWAVEdrv - ok
19:14:24.0968 5884  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:14:25.0077 5884  RasAcd - ok
19:14:25.0118 5884  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:14:25.0208 5884  RasAgileVpn - ok
19:14:25.0250 5884  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:14:25.0412 5884  RasAuto - ok
19:14:25.0430 5884  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:25.0582 5884  Rasl2tp - ok
19:14:25.0606 5884  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:14:25.0736 5884  RasMan - ok
19:14:25.0761 5884  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:25.0862 5884  RasPppoe - ok
19:14:25.0908 5884  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:14:25.0994 5884  RasSstp - ok
19:14:26.0022 5884  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:14:26.0175 5884  rdbss - ok
19:14:26.0202 5884  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:14:26.0304 5884  rdpbus - ok
19:14:26.0316 5884  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:26.0404 5884  RDPCDD - ok
19:14:26.0433 5884  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:14:26.0511 5884  RDPDR - ok
19:14:26.0531 5884  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:14:26.0620 5884  RDPENCDD - ok
19:14:26.0703 5884  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:14:26.0775 5884  RDPREFMP - ok
19:14:26.0843 5884  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:14:27.0046 5884  RdpVideoMiniport - ok
19:14:27.0093 5884  [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:14:27.0204 5884  RDPWD - ok
19:14:27.0244 5884  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:14:27.0294 5884  rdyboost - ok
19:14:27.0378 5884  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:14:27.0553 5884  RemoteAccess - ok
19:14:27.0587 5884  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:14:27.0803 5884  RemoteRegistry - ok
19:14:27.0842 5884  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:14:27.0931 5884  RpcEptMapper - ok
19:14:27.0980 5884  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:14:28.0096 5884  RpcLocator - ok
19:14:28.0126 5884  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:14:28.0214 5884  RpcSs - ok
19:14:28.0264 5884  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:14:28.0376 5884  rspndr - ok
19:14:28.0392 5884  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:14:28.0488 5884  s3cap - ok
19:14:28.0509 5884  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:14:28.0554 5884  SamSs - ok
19:14:28.0578 5884  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:14:28.0642 5884  sbp2port - ok
19:14:28.0727 5884  [ CC0F90969C8C951217B53EB6A4487328 ] scan            C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
19:14:28.0825 5884  scan ( UnsignedFile.Multi.Generic ) - warning
19:14:28.0826 5884  scan - detected UnsignedFile.Multi.Generic (1)
19:14:28.0860 5884  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:14:29.0042 5884  SCardSvr - ok
19:14:29.0161 5884  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:14:29.0308 5884  scfilter - ok
19:14:29.0351 5884  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:14:29.0625 5884  Schedule - ok
19:14:29.0664 5884  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:14:29.0733 5884  SCPolicySvc - ok
19:14:29.0834 5884  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:14:30.0005 5884  SDRSVC - ok
19:14:30.0048 5884  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:14:30.0120 5884  secdrv - ok
19:14:30.0140 5884  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:14:30.0217 5884  seclogon - ok
19:14:30.0239 5884  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:14:30.0338 5884  SENS - ok
19:14:30.0378 5884  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:14:30.0463 5884  SensrSvc - ok
19:14:30.0499 5884  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:14:30.0559 5884  Serenum - ok
19:14:30.0587 5884  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:14:30.0780 5884  Serial - ok
19:14:30.0829 5884  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:14:30.0906 5884  sermouse - ok
19:14:30.0957 5884  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:14:31.0075 5884  SessionEnv - ok
19:14:31.0237 5884  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:14:31.0302 5884  sffdisk - ok
19:14:31.0312 5884  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:14:31.0392 5884  sffp_mmc - ok
19:14:31.0411 5884  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:14:31.0477 5884  sffp_sd - ok
19:14:31.0483 5884  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:14:31.0543 5884  sfloppy - ok
19:14:31.0563 5884  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:14:31.0681 5884  SharedAccess - ok
19:14:31.0726 5884  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:14:31.0839 5884  ShellHWDetection - ok
19:14:31.0925 5884  [ 03639A3B26AA808BAE79D89FDB4B151C ] ShldFlt         C:\Windows\system32\DRIVERS\ShldFlt.sys
19:14:31.0975 5884  ShldFlt - ok
19:14:32.0023 5884  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:14:32.0071 5884  SiSRaid2 - ok
19:14:32.0087 5884  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:14:32.0140 5884  SiSRaid4 - ok
19:14:32.0163 5884  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:14:32.0261 5884  Smb - ok
19:14:32.0312 5884  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:14:32.0385 5884  SNMPTRAP - ok
19:14:32.0404 5884  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:14:32.0445 5884  spldr - ok
19:14:32.0477 5884  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
19:14:32.0580 5884  Spooler - ok
19:14:32.0716 5884  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:14:32.0971 5884  sppsvc - ok
19:14:33.0006 5884  [ 0133DE7BB39F869975D8AF4BC9F0B0DB ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:14:33.0063 5884  sppuinotify ( UnsignedFile.Multi.Generic ) - warning
19:14:33.0063 5884  sppuinotify - detected UnsignedFile.Multi.Generic (1)
19:14:33.0121 5884  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:14:33.0796 5884  srv - ok
19:14:33.0850 5884  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:14:33.0903 5884  srv2 - ok
19:14:33.0930 5884  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:14:33.0980 5884  srvnet - ok
19:14:34.0032 5884  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:14:34.0118 5884  SSDPSRV - ok
19:14:34.0143 5884  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
19:14:34.0186 5884  SSPORT - ok
19:14:34.0204 5884  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:14:34.0303 5884  SstpSvc - ok
19:14:34.0347 5884  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:14:34.0410 5884  stexstor - ok
19:14:34.0470 5884  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:14:34.0600 5884  stisvc - ok
19:14:34.0680 5884  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:14:34.0823 5884  storflt - ok
19:14:34.0859 5884  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
19:14:34.0937 5884  StorSvc - ok
19:14:35.0070 5884  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:14:35.0127 5884  storvsc - ok
19:14:35.0153 5884  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:14:35.0267 5884  swenum - ok
19:14:35.0303 5884  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:14:35.0462 5884  swprv - ok
19:14:35.0533 5884  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
19:14:35.0729 5884  Synth3dVsc - ok
19:14:35.0921 5884  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:14:36.0136 5884  SysMain - ok
19:14:36.0269 5884  [ 196E20CE11EDB0EA3EDA491FCD3C943B ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
19:14:36.0396 5884  SystemExplorerHelpService - ok
19:14:36.0580 5884  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:14:36.0722 5884  TabletInputService - ok
19:14:36.0752 5884  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:14:36.0873 5884  TapiSrv - ok
19:14:36.0898 5884  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:14:36.0976 5884  TBS - ok
19:14:37.0040 5884  [ FC62769E7BFF2896035AEED399108162 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:14:37.0904 5884  Tcpip - ok
19:14:37.0986 5884  [ FC62769E7BFF2896035AEED399108162 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:14:38.0090 5884  TCPIP6 - ok
19:14:38.0136 5884  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:14:38.0222 5884  tcpipreg - ok
19:14:38.0246 5884  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:14:38.0304 5884  TDPIPE - ok
19:14:38.0345 5884  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:14:38.0398 5884  TDTCP - ok
19:14:38.0437 5884  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:14:38.0530 5884  tdx - ok
19:14:38.0545 5884  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:14:38.0623 5884  TermDD - ok
19:14:38.0640 5884  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
19:14:38.0723 5884  terminpt - ok
19:14:38.0774 5884  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:14:38.0864 5884  TermService - ok
19:14:38.0881 5884  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:14:38.0943 5884  Themes - ok
19:14:38.0958 5884  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:14:39.0030 5884  THREADORDER - ok
19:14:39.0207 5884  [ 71D19B5D542B6EEA00C99D9984DC901F ] TPSrv           C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
19:14:39.0269 5884  TPSrv - ok
19:14:39.0361 5884  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:14:39.0468 5884  TrkWks - ok
19:14:39.0542 5884  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:14:39.0642 5884  TrustedInstaller - ok
19:14:39.0678 5884  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:39.0782 5884  tssecsrv - ok
19:14:39.0825 5884  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:14:40.0021 5884  TsUsbFlt - ok
19:14:40.0052 5884  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:14:40.0148 5884  TsUsbGD - ok
19:14:40.0178 5884  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
19:14:40.0368 5884  tsusbhub - ok
19:14:40.0425 5884  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:14:40.0987 5884  tunnel - ok
19:14:41.0008 5884  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:14:41.0074 5884  uagp35 - ok
19:14:41.0130 5884  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:14:41.0237 5884  udfs - ok
19:14:41.0289 5884  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:14:41.0360 5884  UI0Detect - ok
19:14:41.0402 5884  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:14:41.0525 5884  uliagpkx - ok
19:14:41.0576 5884  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:14:41.0702 5884  umbus - ok
19:14:41.0734 5884  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:14:41.0803 5884  UmPass - ok
19:14:41.0824 5884  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:14:41.0897 5884  UmRdpService - ok
19:14:41.0968 5884  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:14:42.0093 5884  upnphost - ok
19:14:42.0150 5884  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:14:42.0291 5884  USBAAPL64 - ok
19:14:42.0322 5884  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:42.0468 5884  usbccgp - ok
19:14:42.0502 5884  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:14:42.0831 5884  usbcir - ok
19:14:42.0847 5884  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:14:42.0959 5884  usbehci - ok
19:14:42.0995 5884  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:14:43.0144 5884  usbhub - ok
19:14:43.0159 5884  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:14:43.0210 5884  usbohci - ok
19:14:43.0260 5884  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:14:43.0309 5884  usbprint - ok
19:14:43.0329 5884  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:43.0421 5884  USBSTOR - ok
19:14:43.0449 5884  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:14:43.0511 5884  usbuhci - ok
19:14:43.0587 5884  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:14:43.0732 5884  usbvideo - ok
19:14:43.0766 5884  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:14:43.0957 5884  UxSms - ok
19:14:43.0975 5884  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:14:44.0044 5884  VaultSvc - ok
19:14:44.0101 5884  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:14:44.0207 5884  vdrvroot - ok
19:14:44.0274 5884  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:14:44.0479 5884  vds - ok
19:14:44.0533 5884  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:44.0586 5884  vga - ok
19:14:44.0593 5884  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:14:44.0687 5884  VgaSave - ok
19:14:44.0695 5884  VGPU - ok
19:14:44.0719 5884  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:14:44.0798 5884  vhdmp - ok
19:14:44.0829 5884  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:14:44.0874 5884  viaide - ok
19:14:44.0904 5884  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:14:45.0627 5884  vmbus - ok
19:14:45.0672 5884  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:14:45.0718 5884  VMBusHID - ok
19:14:45.0739 5884  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:14:45.0815 5884  volmgr - ok
19:14:45.0837 5884  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:14:45.0911 5884  volmgrx - ok
19:14:45.0943 5884  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:14:46.0027 5884  volsnap - ok
19:14:46.0074 5884  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:14:46.0132 5884  vsmraid - ok
19:14:46.0204 5884  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:14:46.0434 5884  VSS - ok
19:14:46.0559 5884  [ A1A4177638E5662EE5205E1E6C5CF965 ] VSSERV          C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
19:14:47.0126 5884  VSSERV - ok
19:14:47.0163 5884  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:14:47.0265 5884  vwifibus - ok
19:14:47.0300 5884  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:14:47.0372 5884  vwififlt - ok
19:14:47.0400 5884  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:14:47.0490 5884  W32Time - ok
19:14:47.0519 5884  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:14:47.0577 5884  WacomPen - ok
19:14:47.0669 5884  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:14:47.0764 5884  WANARP - ok
19:14:47.0779 5884  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:14:47.0836 5884  Wanarpv6 - ok
19:14:47.0925 5884  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:14:48.0181 5884  wbengine - ok
19:14:48.0208 5884  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:14:48.0284 5884  WbioSrvc - ok
19:14:48.0322 5884  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:14:48.0413 5884  wcncsvc - ok
19:14:48.0439 5884  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:14:48.0576 5884  WcsPlugInService - ok
19:14:48.0606 5884  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:14:48.0660 5884  Wd - ok
19:14:48.0687 5884  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:14:48.0804 5884  Wdf01000 - ok
19:14:48.0825 5884  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:14:48.0982 5884  WdiServiceHost - ok
19:14:48.0990 5884  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:14:49.0105 5884  WdiSystemHost - ok
19:14:49.0195 5884  [ 5941B8AA229C6E5D7924919D3EDE0843 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
19:14:49.0352 5884  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
19:14:49.0353 5884  Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
19:14:49.0377 5884  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:14:49.0489 5884  WebClient - ok
19:14:49.0573 5884  [ 688399FF25A4012AF16DA2E5C3DAF050 ] WebOptimizer    C:\Windows\system32\dmwu.exe
19:14:49.0652 5884  WebOptimizer - ok
19:14:49.0679 5884  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:14:49.0834 5884  Wecsvc - ok
19:14:49.0852 5884  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:14:49.0925 5884  wercplsupport - ok
19:14:49.0984 5884  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:14:50.0063 5884  WerSvc - ok
19:14:50.0132 5884  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:14:50.0226 5884  WfpLwf - ok
19:14:50.0242 5884  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:14:50.0290 5884  WIMMount - ok
19:14:50.0314 5884  WinDefend - ok
19:14:50.0334 5884  WinHttpAutoProxySvc - ok
19:14:50.0442 5884  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:14:50.0576 5884  Winmgmt - ok
19:14:50.0813 5884  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:14:51.0162 5884  WinRM - ok
19:14:51.0246 5884  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:14:51.0408 5884  WinUsb - ok
19:14:51.0452 5884  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:14:51.0644 5884  Wlansvc - ok
19:14:51.0711 5884  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:14:51.0758 5884  WmiAcpi - ok
19:14:51.0844 5884  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:14:52.0001 5884  wmiApSrv - ok
19:14:52.0044 5884  WMPNetworkSvc - ok
19:14:52.0092 5884  [ C1B61612FCCC6E750AD0A6E19C77EE85 ] WNMFLT          C:\Windows\system32\Drivers\WNMFLT64.SYS
19:14:52.0132 5884  WNMFLT - ok
19:14:52.0158 5884  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:14:52.0233 5884  WPCSvc - ok
19:14:52.0258 5884  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:14:52.0326 5884  WPDBusEnum - ok
19:14:52.0360 5884  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:14:52.0451 5884  ws2ifsl - ok
19:14:52.0472 5884  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:14:52.0564 5884  wscsvc - ok
19:14:52.0571 5884  WSearch - ok
19:14:52.0683 5884  [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:14:52.0955 5884  wuauserv - ok
19:14:53.0033 5884  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:14:53.0150 5884  WudfPf - ok
19:14:53.0217 5884  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:53.0311 5884  WUDFRd - ok
19:14:53.0332 5884  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:14:53.0462 5884  wudfsvc - ok
19:14:53.0492 5884  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:14:53.0595 5884  WwanSvc - ok
19:14:53.0621 5884  ================ Scan global ===============================
19:14:53.0677 5884  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:14:53.0711 5884  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:14:53.0800 5884  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:14:53.0850 5884  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:14:53.0914 5884  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:14:53.0930 5884  [Global] - ok
19:14:53.0930 5884  ================ Scan MBR ==================================
19:14:53.0972 5884  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:14:54.0708 5884  \Device\Harddisk0\DR0 - ok
19:14:54.0709 5884  ================ Scan VBR ==================================
19:14:54.0743 5884  [ 5388230C779048D942EE6EEF7E4081BB ] \Device\Harddisk0\DR0\Partition1
19:14:54.0745 5884  \Device\Harddisk0\DR0\Partition1 - ok
19:14:54.0756 5884  [ 56C1475FA6AE5D8A261F26BE156B540D ] \Device\Harddisk0\DR0\Partition2
19:14:54.0758 5884  \Device\Harddisk0\DR0\Partition2 - ok
19:14:54.0762 5884  ============================================================
19:14:54.0762 5884  Scan finished
19:14:54.0762 5884  ============================================================
19:14:54.0778 6024  Detected object count: 3
19:14:54.0778 6024  Actual detected object count: 3
19:15:52.0177 6024  scan ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:52.0177 6024  scan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:15:52.0178 6024  sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:52.0178 6024  sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:15:52.0182 6024  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:52.0182 6024  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.01.2013, 19:36   #8
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



sieht ok aus.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 22:34   #9
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



[code]ComboFix 13-01-17.03 - Dennis 17.01.2013 22:55:26.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.3838.2330 [GMT 1:00]
ausgeführt von:: c:\users\Dennis\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-17 bis 2013-01-17 ))))))))))))))))))))))))))))))
.
.
2013-01-17 22:07 . 2013-01-17 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-17 21:24 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3228450F-DA53-40F3-99AB-45E7E2A8038E}\mpengine.dll
2013-01-17 21:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-17 21:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-01-17 21:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-01-17 21:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-17 21:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-01-17 21:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-01-17 21:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-01-17 21:09 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-17 21:09 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-01-13 20:14 . 2013-01-13 20:14 -------- d-----w- C:\Panda Software
2013-01-13 19:58 . 2013-01-13 19:58 -------- d-----w- c:\windows\FltMgr
2013-01-13 19:55 . 2013-01-13 19:55 -------- d-----w- c:\programdata\Backup
2013-01-13 19:54 . 2013-01-17 21:43 -------- d-----w- c:\program files (x86)\Panda Security
2013-01-11 18:46 . 2013-01-11 18:46 -------- d-----w- C:\_OTL
2013-01-10 22:20 . 2013-01-10 22:20 -------- d-----w- c:\users\Dennis\AppData\Local\Programs
2013-01-10 22:05 . 2013-01-10 22:05 -------- d-----w- c:\program files\CCleaner
2013-01-09 21:28 . 2013-01-09 21:30 -------- d-----w- c:\programdata\SystemExplorer
2013-01-09 21:28 . 2013-01-09 21:28 -------- d-----w- c:\program files (x86)\System Explorer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:00 . 2012-05-29 17:36 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:00 . 2011-08-27 13:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-11 15:25 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
2012-11-11 15:25 . 2009-07-13 23:51 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
2012-11-11 15:25 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-11-11 15:25 . 2010-11-21 03:24 1008128 ----a-w- c:\windows\system32\user32.dll
2012-11-11 15:25 . 2009-07-13 23:52 142336 ----a-w- c:\windows\system32\sppwmi.dll
2012-11-11 15:25 . 2010-11-21 03:24 15360 ----a-w- c:\windows\system32\slwga.dll
2012-11-11 15:25 . 2009-06-10 20:59 107946 ----a-w- c:\windows\system32\slmgr.vbs
2012-11-11 15:25 . 2010-11-21 03:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2012-11-11 15:25 . 2010-11-21 03:24 349696 ----a-w- c:\windows\system32\slui.exe
2012-11-11 15:25 . 2009-07-13 23:57 2048 ----a-w- c:\windows\system32\winver.exe
2012-11-11 15:25 . 2012-11-11 15:25 2169856 --sha-w- c:\windows\system32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2012-11-11 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-11-11 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-08-03 11:31 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 16:54 175912 ----a-w- c:\program files (x86)\MyAshampoo\prxtbMyAs.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-08-03 89008]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2012-12-02 2846168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-18 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-09-03 188760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-06-29 3246920]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-11-25 821720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 21:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-06-29 3992904]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-11-11 2169856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6PQz5qYp2L&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=2&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQz5qYp2L&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3ae2060900000000000000265e8ccdf4
FF - user.js: extensions.incredibar_i.instlDay - 15491
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:44
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQz5qYp2L
FF - user.js: extensions.incredibar_i.upn2n - 92542981609424111
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Web Assistant\Extension32.dll
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-10 - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Toolbar-10 - (no file)
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="065296DE5A7623D427802500561757E860D5022CD2A5823047974503D26E45B099ACE4897CDE2FB01BED5AD88BB821139540C31DCC9842FBD40 32768AC487DCBC64A35D3D9E09B651D6DAAEB6D465CC903E2B3F5AFE5B1FD65EBEC7D62CB7C44CB13EA35A009E1A3B97551A8CCE9ABC327E207BBFEBC9E127BECC74CFEBC9E127BECC74CF EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407DDF2F6E9753734DF8DFED34 68E43EF71D7262AAA442A8D5361D4BDB1911AB6F60A423E45579ACFAC68A7A6F4522F24253B44379E233F9AC28031EC69E4D388B814829F0A54A5857CD7C11C5E02F7D8077530D9D69F44F 464B2D83F294FBA7C1343F7ED619108E5B5C42EAEB1B4791C14B4065924E064C0EB00C76108A9E3F20EA59B60463AE428535F833D7006059DDB669A5C2E933B491DBB2D64F35059EBC38B1 A8F8CF9D22965198A8BEF925DB082BDF26F6F665B7950F7ECBF2A249A8E618953F9D585DCE58F27C0C0DAFE3ACC4032CA83B70E4863758E9D4A3F8A97A42B7BDC041D0F03810804D6E82D7 0490FE27F106CA841FA3B8C9A0C431CEAB71A75FBFDF22DD236431AEEB472B913A8B648A3E4623A3C61D92AFB37CA7AB2D3042BECB3EFA98DDF16A568F1B127936EA766E19F82363F5CBC7 85752E7ECD1BB164B732F0B8401D9099DB85DDDED26A0E9C443CBCD3A0CC0043416C58254BDAF2B667854368872734F89E7F6915D81BC297F10A7A63C6C58F52FE12BE86A6EE7C0A5AA3BC 6512B6F3E05C4F44E945FB1B5475A2556002A5FF9CD2DD4CB3A610CF840F8B0F84FF984523EE142F48B7FE482E173EB8AA296061D0B2AC3C0A3163B198699366AC8B0DE2AF916FACE0D23A CA825F155D19183729172523141D912078CD9067F9D55A39C870E79EF85331257637DB2EF228E4A3EAA26E108AA655E765F317A7578E22D5053E66CA72AF2162292ECD400523345F4E25B5 8E7BE238682449579B446B0AA8216030F5BAE917EC2BB87B9F920685698555BF823A2C09C9A1127C78CB4D4FD2D01F44979EB279E6104F38A09ABEC5E1DC482CD435F42331E41166D02D5B 60D3F6665C3231D23CB19B96FB08CF854466D1543A283E201E4E56F2AB74F2094419C3B90EDAC60C660FA4A4A5C16EF05F9E54F2286D27F274D3BE03D3ADEEF7E889A9C4379213A283C0A4 CE780EBDDB968561FB9CED368358D5A79BC46D101D8D38749615C3D9131C1BE75C2540973808605D73692DEB8FECA7743AC787DF75D199E23635173321E5706A3E4531D44BDCA2AECD72F8 0ECAC2CB7EC222BE9D898D215B1D355E6CA02E7BDD5EFBB88492731F377F644F567B9DFB5C7C782D2906BFC119FD2ABF46FC2E2BC2F9712645F473881B5F935B5EC74"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-17 23:26:38
ComboFix-quarantined-files.txt 2013-01-17 22:26
.
Vor Suchlauf: 12 Verzeichnis(se), 79.166.451.712 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 79.069.880.320 Bytes frei
.
- - End Of File - - 7169D7A21A49878953ABC9ACA943E9EB
[code/]

oh.. hier nochmal richtig

Code:
ATTFilter
ComboFix 13-01-17.03 - Dennis 17.01.2013  22:55:26.1.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.3838.2330 [GMT 1:00]
ausgeführt von:: c:\users\Dennis\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-17 bis 2013-01-17  ))))))))))))))))))))))))))))))
.
.
2013-01-17 22:07 . 2013-01-17 22:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-17 21:24 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3228450F-DA53-40F3-99AB-45E7E2A8038E}\mpengine.dll
2013-01-17 21:10 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-01-17 21:10 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-01-17 21:10 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-01-17 21:10 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-01-17 21:09 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2013-01-17 21:09 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2013-01-17 21:09 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2013-01-17 21:09 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2013-01-17 21:09 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2013-01-13 20:14 . 2013-01-13 20:14	--------	d-----w-	C:\Panda Software
2013-01-13 19:58 . 2013-01-13 19:58	--------	d-----w-	c:\windows\FltMgr
2013-01-13 19:55 . 2013-01-13 19:55	--------	d-----w-	c:\programdata\Backup
2013-01-13 19:54 . 2013-01-17 21:43	--------	d-----w-	c:\program files (x86)\Panda Security
2013-01-11 18:46 . 2013-01-11 18:46	--------	d-----w-	C:\_OTL
2013-01-10 22:20 . 2013-01-10 22:20	--------	d-----w-	c:\users\Dennis\AppData\Local\Programs
2013-01-10 22:05 . 2013-01-10 22:05	--------	d-----w-	c:\program files\CCleaner
2013-01-09 21:28 . 2013-01-09 21:30	--------	d-----w-	c:\programdata\SystemExplorer
2013-01-09 21:28 . 2013-01-09 21:28	--------	d-----w-	c:\program files (x86)\System Explorer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:00 . 2012-05-29 17:36	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:00 . 2011-08-27 13:19	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-11 15:25 . 2009-07-13 23:52	65536	----a-w-	c:\windows\system32\sppuinotify.dll
2012-11-11 15:25 . 2009-07-13 23:51	381952	----a-w-	c:\windows\system32\sppcommdlg.dll
2012-11-11 15:25 . 2010-11-21 03:24	419840	----a-w-	c:\windows\system32\systemcpl.dll
2012-11-11 15:25 . 2010-11-21 03:24	1008128	----a-w-	c:\windows\system32\user32.dll
2012-11-11 15:25 . 2009-07-13 23:52	142336	----a-w-	c:\windows\system32\sppwmi.dll
2012-11-11 15:25 . 2010-11-21 03:24	15360	----a-w-	c:\windows\system32\slwga.dll
2012-11-11 15:25 . 2009-06-10 20:59	107946	----a-w-	c:\windows\system32\slmgr.vbs
2012-11-11 15:25 . 2010-11-21 03:24	389632	----a-w-	c:\windows\system32\winlogon.exe
2012-11-11 15:25 . 2010-11-21 03:24	349696	----a-w-	c:\windows\system32\slui.exe
2012-11-11 15:25 . 2009-07-13 23:57	2048	----a-w-	c:\windows\system32\winver.exe
2012-11-11 15:25 . 2012-11-11 15:25	2169856	--sha-w-	c:\windows\system32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2012-11-11 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-11-11 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-08-03 11:31	89008	----a-w-	c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 16:54	175912	----a-w-	c:\program files (x86)\MyAshampoo\prxtbMyAs.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-08-03 89008]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2012-12-02 2846168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-18 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-09-03 188760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-06-29 3246920]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-11-25 821720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 21:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-06-29 3992904]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-11-11 2169856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6PQz5qYp2L&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=2&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQz5qYp2L&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3ae2060900000000000000265e8ccdf4
FF - user.js: extensions.incredibar_i.instlDay - 15491
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:44
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQz5qYp2L
FF - user.js: extensions.incredibar_i.upn2n - 92542981609424111
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Web Assistant\Extension32.dll
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-10 - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Toolbar-10 - (no file)
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="065296DE5A7623D427802500561757E860D5022CD2A5823047974503D26E45B099ACE4897CDE2FB01BED5AD88BB821139540C31DCC9842FBD4032768AC487DCBC64A35D3D9E09B651D6DAAEB6D465CC903E2B3F5AFE5B1FD65EBEC7D62CB7C44CB13EA35A009E1A3B97551A8CCE9ABC327E207BBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407DDF2F6E9753734DF8DFED3468E43EF71D7262AAA442A8D5361D4BDB1911AB6F60A423E45579ACFAC68A7A6F4522F24253B44379E233F9AC28031EC69E4D388B814829F0A54A5857CD7C11C5E02F7D8077530D9D69F44F464B2D83F294FBA7C1343F7ED619108E5B5C42EAEB1B4791C14B4065924E064C0EB00C76108A9E3F20EA59B60463AE428535F833D7006059DDB669A5C2E933B491DBB2D64F35059EBC38B1A8F8CF9D22965198A8BEF925DB082BDF26F6F665B7950F7ECBF2A249A8E618953F9D585DCE58F27C0C0DAFE3ACC4032CA83B70E4863758E9D4A3F8A97A42B7BDC041D0F03810804D6E82D70490FE27F106CA841FA3B8C9A0C431CEAB71A75FBFDF22DD236431AEEB472B913A8B648A3E4623A3C61D92AFB37CA7AB2D3042BECB3EFA98DDF16A568F1B127936EA766E19F82363F5CBC785752E7ECD1BB164B732F0B8401D9099DB85DDDED26A0E9C443CBCD3A0CC0043416C58254BDAF2B667854368872734F89E7F6915D81BC297F10A7A63C6C58F52FE12BE86A6EE7C0A5AA3BC6512B6F3E05C4F44E945FB1B5475A2556002A5FF9CD2DD4CB3A610CF840F8B0F84FF984523EE142F48B7FE482E173EB8AA296061D0B2AC3C0A3163B198699366AC8B0DE2AF916FACE0D23ACA825F155D19183729172523141D912078CD9067F9D55A39C870E79EF85331257637DB2EF228E4A3EAA26E108AA655E765F317A7578E22D5053E66CA72AF2162292ECD400523345F4E25B58E7BE238682449579B446B0AA8216030F5BAE917EC2BB87B9F920685698555BF823A2C09C9A1127C78CB4D4FD2D01F44979EB279E6104F38A09ABEC5E1DC482CD435F42331E41166D02D5B60D3F6665C3231D23CB19B96FB08CF854466D1543A283E201E4E56F2AB74F2094419C3B90EDAC60C660FA4A4A5C16EF05F9E54F2286D27F274D3BE03D3ADEEF7E889A9C4379213A283C0A4CE780EBDDB968561FB9CED368358D5A79BC46D101D8D38749615C3D9131C1BE75C2540973808605D73692DEB8FECA7743AC787DF75D199E23635173321E5706A3E4531D44BDCA2AECD72F80ECAC2CB7EC222BE9D898D215B1D355E6CA02E7BDD5EFBB88492731F377F644F567B9DFB5C7C782D2906BFC119FD2ABF46FC2E2BC2F9712645F473881B5F935B5EC74"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-17  23:26:38
ComboFix-quarantined-files.txt  2013-01-17 22:26
.
Vor Suchlauf: 12 Verzeichnis(se), 79.166.451.712 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 79.069.880.320 Bytes frei
.
- - End Of File - - 7169D7A21A49878953ABC9ACA943E9EB
         

Alt 18.01.2013, 17:55   #10
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



ok
noch einiges an toolbars
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2013, 20:17   #11
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



wie davor schon, wieder keine Funde!

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dennis :: DENNIS-PC [Administrator]

18.01.2013 20:20:27
mbam-log-2013-01-18 (20-20-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322681
Laufzeit: 44 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 19.01.2013, 16:53   #12
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



Ok, nu müssen wir noch adware los werden.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.


öffne Extras, autostart liste, exportieren und posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.01.2013, 17:55   #13
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



CCleaner:

Code:
ATTFilter
1ClickDownloader	1ClickDownload	31.05.2012		2.1 Build 26473
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.01.2013	6,00MB	11.5.502.146					Notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146
Adobe Reader X (10.1.5) - Deutsch	Adobe Systems Incorporated	13.01.2013	191MB	10.1.5
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	27.08.2011	22,6MB	3.0.838.0					Notwendig
Apple Application Support	Apple Inc.	28.11.2012	65,0MB	2.2.2								Unnötig
Apple Mobile Device Support	Apple Inc.	28.11.2012	23,7MB	6.0.0.59							Unnötig
Apple Software Update	Apple Inc.	27.08.2011	2,38MB	2.1.3.127								Unnötig
Ashampoo Burning Studio Elements 10.0.9	Ashampoo GmbH & Co. KG	26.11.2011	161MB	3.1.1						Notwendig
Bonjour	Apple Inc.	28.11.2012	2,00MB	3.0.0.10										Unnötig
CCleaner	Piriform	19.12.2012		3.26										Unnötig
DriverTuner 3.1.0.0	LionSea SoftWare	07.05.2012	24,7MB	3.1.0.0								Notwendig
Incredibar Toolbar  on IE		31.05.2012											Unnötig
iTunes	Apple Inc.	28.11.2012	182MB	10.7.0.21 										Unnötig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	18.01.2013	18,4MB	1.70.0.1100			Notwendig
MediaBar	iMesh Inc.	18.10.2011		3.0.0.116189									Unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.04.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	08.04.2011	2,93MB	4.0.30319
Microsoft Office Professional Plus 2010	Microsoft Corporation	27.08.2011		14.0.4763.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.11.2011	344KB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	27.08.2011	708KB	8.0.56336				Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	27.08.2011	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.08.2011	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.11.2011	588KB	9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	27.08.2011	13,6MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.11.2011	11,1MB	10.0.40219
Mozilla Firefox 11.0 (x86 de)	Mozilla	12.04.2012	35,8MB	11.0									Unnötig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.11.2011	1,27MB	4.20.9870.0						Unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2011	1,33MB	4.20.9876.0
MyAshampoo Toolbar	MyAshampoo	26.11.2011		6.3.2.90								Unnötig
O&O Defrag Professional	O&O Software GmbH	27.08.2011	46,4MB	14.5.543							Unnötig
Opera 12.12	Opera Software ASA	10.01.2013		12.12.1707								Notwendig
QuickPar 0.9	Peter B. Clements	21.09.2011		0.9									Unnötig
QuickTime	Apple Inc.	27.08.2011	73,0MB	7.70.80.34									Unnötig
RealPlayer	RealNetworks	18.10.2011												Unnötig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.08.2011		6.0.1.5911				Notwendig
Samsung ML-1610 Series		07.05.2012												Notwendig
SearchCore for Browsers	iMesh Inc.	18.10.2011		3.0.0.116189								Unbekannt
System Explorer 4.0.0	Mister Group	09.01.2013	6,14MB										Notwendig
Unity Web Player	Unity Technologies ApS	24.02.2012	12,0MB									Unbekannt
VLC media player 1.1.11	VideoLAN	27.08.2011		1.1.1									Notwendig
Web Assistant 2.0.0.485	IncrediBar	15.09.2012	2,04MB	2.0.0.485								Unbekannt
Web Optimizer		27.09.2012		2.0.0.2											Unbekannt
WinRAR 4.01 (64-Bit)	win.rar GmbH	27.08.2011		4.01.0									Notwendig
         
Autostartliste:

Code:
ATTFilter
Ja	HKCU:Run	Sidebar	Microsoft Corporation	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Ja	HKCU:Run	SystemExplorerAutoStart	Mister Group	"C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
Ja	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja	HKLM:Run	APSDaemon	Apple Inc.	"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Nein	HKLM:Run	BCSSync	Microsoft Corporation	"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Nein	HKLM:Run	BDWizReg		"C:\Program Files\BitDefender\BitDefender 2010\bdwizreg.exe" /complete linkinstall
Nein	HKLM:Run	BitDefender Antiphishing Helper		"C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
Nein	HKLM:Run	BitDefender Antiphishing Helper 32		"C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe"
Ja	HKLM:Run	Chew7Hale		"C:\Windows\System32\hale.exe" /nolog
Ja	HKLM:Run	DATAMNGR	iMesh, Inc	C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
Ja	HKLM:Run	iTunesHelper	Apple Inc.	"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Ja	HKLM:Run	OODefragTray	O&O Software GmbH	C:\Program Files\OO Software\Defrag\oodtray.exe
Nein	HKLM:Run	QuickTime Task	Apple Inc.	"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Nein	HKLM:Run	RtHDVCpl	Realtek Semiconductor	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Nein	HKLM:Run	StartCCC	Advanced Micro Devices, Inc.	"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Nein	HKLM:Run	SunJavaUpdateSched		"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Ja	HKLM:Run	TkBellExe	RealNetworks, Inc.	"C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
         

Alt 19.01.2013, 18:41   #14
markusg
/// Malware-holic
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
apple: alle
Bonjour
DriverTuner : ich würde driver direkt vom Hersteller laden.
Incredibar
iTunes
MediaBar
Mozilla Firefox
MyAshampoo
OO
QuickPar
QuickTime
RealPlayer
SearchCore
Unity
Web Assistant
Web Optimizer

autostart liste, alles deaktivieren.
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
poste auch mal die Startup list vom ccleaner.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.01.2013, 23:41   #15
j.dillinger
 
bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Standard

bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %



Adw Cleaner:

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 20/01/2013 um 00:37:56 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzer : Dennis - DENNIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\searchplugins\SearchResults.xml
Ordner Gefunden : C:\Program Files (x86)\1ClickDownload
Ordner Gefunden : C:\Program Files (x86)\iMesh Applications\Mediabar
Ordner Gefunden : C:\Program Files (x86)\MyAshampoo
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Dennis\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Dennis\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Dennis\AppData\LocalLow\MyAshampoo
Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\ConduitCommon
Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\CT2475029
Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\extensions\engine@conduit.com
Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\extensions\ffxtlbr@incredibar.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\MyAshampoo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26648789-D6E7-48A0-B7AF-8CEA04961FAD}
Schlüssel Gefunden : HKLM\Software\MyAshampoo
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26648789-D6E7-48A0-B7AF-8CEA04961FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{911BDA53-F697-4376-A0BB-E64D3C5C5A49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B15C31B-29FE-4665-B930-FDF35283D3BA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-1401229870-835684438-610913941-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKU\S-1-5-21-1401229870-835684438-610913941-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6PQz5qYp2L&i=26

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cr1n6dte.default\prefs.js

Gefunden : user_pref("CT2475029..clientLogIsEnabled", true);
Gefunden : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2475029.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2475029.BrowserCompStateIsOpen_129781019473889442", true);
Gefunden : user_pref("CT2475029.CT2475029", "CT2475029");
Gefunden : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481020.alertChannelId", "874426");
Gefunden : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481024.alertChannelId", "874430");
Gefunden : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481025.alertChannelId", "874431");
Gefunden : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481029.alertChannelId", "874435");
Gefunden : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481031.alertChannelId", "874437");
Gefunden : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481032.alertChannelId", "874438");
Gefunden : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481033.alertChannelId", "874439");
Gefunden : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481034.alertChannelId", "874440");
Gefunden : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481035.alertChannelId", "874441");
Gefunden : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481037.alertChannelId", "874443");
Gefunden : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Wed Jan 09 2013 22:06:16 GMT+0100");
Gefunden : user_pref("CT2475029.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Gefunden : user_pref("CT2475029.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CurrentServerDate", "10-1-2013");
Gefunden : user_pref("CT2475029.DSInstall", true);
Gefunden : user_pref("CT2475029.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2475029.DialogsGetterLastCheckTime", "Wed Jan 09 2013 22:06:17 GMT+0100");
Gefunden : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Gefunden : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Wed Jan 09 2013 22:06:16 GMT+0100");
Gefunden : user_pref("CT2475029.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2475029.EMailNotifierPollDate", "Mon Jun 25 2012 23:22:18 GMT+0200");
Gefunden : user_pref("CT2475029.FeedLastCount129133095456874337", 387);
Gefunden : user_pref("CT2475029.FeedPollDate129132307482029379", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129132307482029381", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129132307482029382", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129133095459686870", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129133095459686871", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137437659687146", "Mon Jun 25 2012 23:12:18 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137437659687147", "Mon Jun 25 2012 23:12:18 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137437659687148", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Gefunden : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Gefunden : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Gefunden : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Gefunden : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Gefunden : user_pref("CT2475029.FirstServerDate", "11-3-2012");
Gefunden : user_pref("CT2475029.FirstTime", true);
Gefunden : user_pref("CT2475029.FirstTimeFF3", true);
Gefunden : user_pref("CT2475029.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2475029.GroupingLastCheckTime", "Wed Jan 09 2013 22:06:16 GMT+0100");
Gefunden : user_pref("CT2475029.GroupingLastErrorCode", "");
Gefunden : user_pref("CT2475029.GroupingLastResponse", false);
Gefunden : user_pref("CT2475029.GroupingLastServerUpdateTime", "129846025250000000");
Gefunden : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2475029.HPChangedManually", true);
Gefunden : user_pref("CT2475029.HPInstall", true);
Gefunden : user_pref("CT2475029.HPProtectChoice", true);
Gefunden : user_pref("CT2475029.HPProtectCount", 1);
Gefunden : user_pref("CT2475029.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2475029.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2475029.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=[...]
Gefunden : user_pref("CT2475029.Initialize", true);
Gefunden : user_pref("CT2475029.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2475029.InstallationType", "Unknown");
Gefunden : user_pref("CT2475029.InstalledDate", "Sun Mar 11 2012 18:23:58 GMT+0100");
Gefunden : user_pref("CT2475029.InvalidateCache", false);
Gefunden : user_pref("CT2475029.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2475029.IsGrouping", true);
Gefunden : user_pref("CT2475029.IsInitSetupIni", true);
Gefunden : user_pref("CT2475029.IsMulticommunity", true);
Gefunden : user_pref("CT2475029.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2475029.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2475029.IsProtectorsInit", true);
Gefunden : user_pref("CT2475029.LanguagePackLastCheckTime", "Wed Jan 09 2013 22:06:17 GMT+0100");
Gefunden : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2475029.LastLogin_3.10.0.1", "Mon Jun 25 2012 23:12:18 GMT+0200");
Gefunden : user_pref("CT2475029.LastLogin_3.13.0.6", "Wed Jan 09 2013 22:06:17 GMT+0100");
Gefunden : user_pref("CT2475029.LatestVersion", "3.16.0.3");
Gefunden : user_pref("CT2475029.Locale", "en");
Gefunden : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2475029.MCDetectTooltipShow", true);
Gefunden : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2475029.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2475029.OriginalFirstVersion", "3.10.0.1");
Gefunden : user_pref("CT2475029.RadioIsPodcast", false);
Gefunden : user_pref("CT2475029.RadioLastCheckTime", "Mon Jun 25 2012 23:12:19 GMT+0200");
Gefunden : user_pref("CT2475029.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2475029.RadioLastUpdateServer", "129054397178370000");
Gefunden : user_pref("CT2475029.RadioMediaID", "13098944");
Gefunden : user_pref("CT2475029.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT247502913098944");
Gefunden : user_pref("CT2475029.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2475029.RadioStationName", "Mellesleg%20-%20Rapp");
Gefunden : user_pref("CT2475029.RadioStationURL", "hxxp://195.228.254.168:8060/");
Gefunden : user_pref("CT2475029.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2475029.SavedHomepage", "hxxp://search.imesh.com");
Gefunden : user_pref("CT2475029.SearchCaption", "MyAshampoo Customized Web Search");
Gefunden : user_pref("CT2475029.SearchEngineBeforeUnload", "MyAshampoo Customized Web Search");
Gefunden : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Gefunden : user_pref("CT2475029.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Wed Jan 09 2013 22:06:16 GMT+0100");
Gefunden : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2475029.SearchProtectorEnabled", true);
Gefunden : user_pref("CT2475029.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2475029.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2475029.ServiceMapLastCheckTime", "Wed Jan 09 2013 22:06:17 GMT+0100");
Gefunden : user_pref("CT2475029.SettingsLastCheckTime", "Wed Jan 09 2013 22:06:15 GMT+0100");
Gefunden : user_pref("CT2475029.SettingsLastUpdate", "1357746818");
Gefunden : user_pref("CT2475029.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13");
Gefunden : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Mon Jun 25 2012 23:12:14 GMT+0200");
Gefunden : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1331805997");
Gefunden : user_pref("CT2475029.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Gefunden : user_pref("CT2475029.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2475029.UserID", "UN58700580165426886");
Gefunden : user_pref("CT2475029.ValidationData_Toolbar", 1);
Gefunden : user_pref("CT2475029.WeatherNetwork", "");
Gefunden : user_pref("CT2475029.WeatherPollDate", "Mon Jun 25 2012 23:12:22 GMT+0200");
Gefunden : user_pref("CT2475029.WeatherUnit", "C");
Gefunden : user_pref("CT2475029.alertChannelId", "868510");
Gefunden : user_pref("CT2475029.components.1000034", true);
Gefunden : user_pref("CT2475029.components.1000234", true);
Gefunden : user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200");
Gefunden : user_pref("CT2475029.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2475029.initDone", true);
Gefunden : user_pref("CT2475029.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2475029.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2475029.myStuffEnabled", true);
Gefunden : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2475029.navigateToUrlOnSearch", false);
Gefunden : user_pref("CT2475029.oldAppsList", "200,129053524177369346,129053524177525597,111,129584873345514033[...]
Gefunden : user_pref("CT2475029.revertSettingsEnabled", true);
Gefunden : user_pref("CT2475029.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2475029.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2475029.testingCtid", "");
Gefunden : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Wed Jan 09 2013 22:06:17 GMT+0100");
Gefunden : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Mon Jun 25 2012 23:12:23 GMT+0200");
Gefunden : user_pref("CT2475029.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2475029&Search[...]
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "MyAshampoo Customized Web Search");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"1-221[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"a62[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"f5a3ae1b7e43e51cb6fc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"031ae72c4cb38df16be[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"6c9c3d5f472455b3361[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"345f12eb4e2bab83bd4[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"663f53ae462ad7724c2[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"a4f6f1159c0318b6eb7[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"7aae674e94c3c7fcd6dfa[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"c7dfec44fb478ceacf400[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dennis\\AppData\\Roaming\\Mozilla\\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2475029");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2475029");
Gefunden : user_pref("CommunityToolbar.globalUserId", "65fe1f12-b157-429d-9d12-b0c4fa8bf2fb");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 25 2012 23:12:1[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 25 2012 23:12:26 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 25 2012 23:12:16 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "f1941cf9-b7a9-472c-9858-cbdfceb83880");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.imesh.com");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Gefunden : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200"[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200")[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Mon Jun 25 2012 23:12:24 GMT+0200")[...]
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.imesh.com");
Gefunden : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,toolbar@web.de:2.3.4,{28387537-e[...]
Gefunden : user_pref("extensions.incredibar.RadioMyStations", "[{\"id\":\"1069\",\"name\":\"ORS Romántica en es[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c", "%7B%22items%22%3A%5B%7B%22i[...]
Gefunden : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid", "2521; expires=Thu, 10 J[...]
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "DE");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10658");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "F74E07B9C7623FFC4F4507458110A117");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "3ae2060900000000000000265e8ccdf4");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15491");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:44:27");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQz5qYp2L&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6PQz5qYp2L");
Gefunden : user_pref("extensions.incredibar.upn2n", "92542981609424111");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:44:27");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10658");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "3ae2060900000000000000265e8ccdf4");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15491");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQz5qYp2L&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6PQz5qYp2L");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92542981609424111");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:44:27");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=2&q=[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.imesh.net[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.12.1707.0

Datei : C:\Users\Dennis\AppData\Roaming\Opera\Opera\operaprefs.ini

Gefunden : Home URL=hxxp://mystart.incredibar.com/mb128?a=6PQz5qYp2L&i=26

*************************

AdwCleaner[R1].txt - [39067 octets] - [20/01/2013 00:27:17]
AdwCleaner[R2].txt - [38933 octets] - [20/01/2013 00:37:56]

########## EOF - C:\AdwCleaner[R2].txt - [38994 octets] ##########
         
Autostart Liste:

Code:
ATTFilter
Nein	HKCU:Run	Sidebar	Microsoft Corporation	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Nein	HKCU:Run	SystemExplorerAutoStart	Mister Group	"C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
Nein	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Nein	HKLM:Run	BCSSync	Microsoft Corporation	"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Nein	HKLM:Run	BDWizReg		"C:\Program Files\BitDefender\BitDefender 2010\bdwizreg.exe" /complete linkinstall
Nein	HKLM:Run	BitDefender Antiphishing Helper		"C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
Nein	HKLM:Run	BitDefender Antiphishing Helper 32		"C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe"
Ja	HKLM:Run	Chew7Hale		"C:\Windows\System32\hale.exe" /nolog
Nein	HKLM:Run	iTunesHelper		"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Nein	HKLM:Run	OODefragTray		C:\Program Files\OO Software\Defrag\oodtray.exe
Nein	HKLM:Run	QuickTime Task		"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Nein	HKLM:Run	RtHDVCpl	Realtek Semiconductor	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Nein	HKLM:Run	StartCCC	Advanced Micro Devices, Inc.	"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Nein	HKLM:Run	SunJavaUpdateSched		"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
         

Antwort

Themen zu bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %
1clickdownload, adobe, antivir, auslastung, avira, basisfiltermodul, bho, bonjour, cpu, defender, desktop, error, firefox, flash player, format, helper, install.exe, object, problem, realtek, registry, rundll, security, server, software, svchost.exe, udp, windows, windows-firewall



Ähnliche Themen: bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %


  1. Explorer stürzt ab -> cmd.exe, bump.exe und find.exe?
    Log-Analyse und Auswertung - 02.02.2014 (7)
  2. Bump.exe aufm pc!!!
    Log-Analyse und Auswertung - 20.01.2013 (3)
  3. CPU Auslastung schwankt zwischen 80-100% - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (1)
  4. find.exe, bump.exe, cmd.exe starten immer wieder und kann nichts auf eine SD Karte schreiben
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  5. Bump.exe, csrss.exe und Find.exe tauchen immer wieder im Task-Manager auf. CPU bei 80%
    Log-Analyse und Auswertung - 13.07.2012 (2)
  6. 100% CPU Auslastung, bump.exe/cmd.exe
    Log-Analyse und Auswertung - 07.03.2012 (1)
  7. bump.exe - 70-90% Systemauslastung
    Log-Analyse und Auswertung - 29.01.2012 (1)
  8. Bump.exe Find.exe Cmd.exe und Co. 100% CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 21.01.2012 (3)
  9. Systemauslastung >80% durch bump.exe und co
    Log-Analyse und Auswertung - 19.01.2012 (18)
  10. Cpu Auslastung steigt beim spielen zwischen 80&100%! Im Leerlauf zwischen 10&40%.
    Log-Analyse und Auswertung - 15.11.2011 (1)
  11. 30% CPU Auslastung durch find.exe
    Plagegeister aller Art und deren Bekämpfung - 10.04.2011 (1)
  12. bump.exe , find.exe und verlangsamtest Internet
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (3)
  13. CPU Auslastung durch bump.exe und find.exe
    Log-Analyse und Auswertung - 08.02.2011 (7)
  14. 70-90% Systemauslastung bump.exe??? bzw. cmd.exe
    Log-Analyse und Auswertung - 21.10.2010 (5)
  15. CPU-Auslastung immmer zwischen 80-100% und Hoch bzw. Herunterfahren dauert enorm lang
    Plagegeister aller Art und deren Bekämpfung - 06.04.2009 (6)
  16. CPU-Auslastung schwankt zwischen 70-90% beim surfen!
    Log-Analyse und Auswertung - 23.01.2008 (6)
  17. WLAN zwischen MAC-OS und XP???
    Alles rund um Windows - 30.09.2006 (4)

Zum Thema bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % - Hallo Zusammen, hab da ein Problem mit den Dateien bump.exe + find.exe. Ich tu jetzt schon ewig rum, wie ich das runter bekomm! Hab hier im Forum auch schon über - bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 %...
Archiv
Du betrachtest: bump.exe + find.exe! CPU Auslastung zwischen 65 - 90 % auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.