Liebe Community,

ich werde in unregelmäßigen Abständen beim Anklicken von Lesezeichen/ von Links auf folgende Seite umgeleitet (verwende Chrome):

de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsdns


Versuche, das Problem mit CCleaner, Malwarebytes, Spybot und Avira zu beheben, waren erfolglos – so bin ich schließlich auf Eure Seite gestoßen und hoffe, Ihr könnt mir helfen.

Hier die OTL.txt-Datei - eine „Extra.txt“-Datei, wie in der Anleitung angegeben, wurde anscheinend nicht erstellt (?).
Ein gmer-Log habe ich erstellt, aber die ist ungeheuer groß und kann hier darum gar nicht gepostet/ eingefügt werden!



OTL logfile created on: 11.02.2013 11:02:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 36,42% Memory free
11,61 Gb Paging File | 9,07 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): c:\pagefile.sys 3965 5947d:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,54 Gb Total Space | 205,62 Gb Free Space | 70,77% Space Free | Partition Type: NTFS
Drive D: | 290,54 Gb Total Space | 286,57 Gb Free Space | 98,63% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.08 15:26:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.02.07 10:53:41 | 000,896,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 15:04:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 15:04:40 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 15:04:40 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.03.26 03:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2006.04.13 16:46:32 | 000,696,320 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files (x86)\mst software\mst Defrag\mstDfrgS.exe
PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.09 08:55:53 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013.01.09 08:55:43 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 08:55:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 08:55:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.09 08:55:33 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 08:55:28 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.26 03:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 03:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV - [2013.02.08 16:03:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.07 17:03:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 10:53:41 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.07 10:53:41 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.11 15:04:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 15:04:40 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.01 14:57:46 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.01 14:59:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.04.13 16:46:32 | 000,696,320 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files (x86)\mst software\mst Defrag\mstDfrgS.exe -- (mstDfrgS)
SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.11 15:04:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 15:04:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.12 05:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.19 01:49:24 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.08.18 09:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.08.13 04:21:40 | 000,364,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.11 09:50:06 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=onetwo_l5710&r=173612100000p0447y175y46611744
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=onetwo_l5710&r=173612100000p0447y175y46611744
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=onetwo_l5710&r=173612100000p0447y175y46611744
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=onetwo_l5710&r=173612100000p0447y175y46611744
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=onetwo_l5710&r=173612100000p0447y175y46611744
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{114EDEB4-E10D-4F74-8D8B-E6B3D2BCF721}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=e97036f6-baf8-43b1-9431-dd6ec4d5b3e2&apn_sauid=5691717D-FC94-471B-84E2-80A9FD225FBD
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D696372 6F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26 726C7A3D314937414350575F64654445343038&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E677561 67657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&s t={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6AEA7FAF-E66B-4CEA-B24A-478E47C366A2}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263682F3F703D7B7365617263685465726D737D2666723D76635F7472616E735F64655F38313937 26747970653D64737365&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{86099BAC-CF57-4971-B47B-6A142DBB8AFB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B8278FA2-D740-4C15-A01D-017B9CD1DF21}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CF1B04EE-1179-4B4E-BF80-3917E9598636}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{E3725267-26F2-4A42-8D14-93136F28C112}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F07E7004-57F9-4B35-AD69-8CBE666D3FA8}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=dshp"
FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: %7Bfc637775-2381-1118-a451-dd123eee5112%7D:1.3
FF - prefs.js..extensions.enabledAddons: dnshelp%40dnshelp.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.13.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {fc637775-2381-1118-a451-dd123eee5112}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.14 16:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\***\AppData\Roaming\Helper [2013.02.07 10:53:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.07 17:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 20:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.18 14:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.07 17:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 20:42:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.18 14:56:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.12.04 10:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.04 10:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.08 06:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions
[2013.02.08 06:30:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.08 06:30:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.10 07:53:28 | 000,000,000 | ---D | M] ("StayInOnlineMode") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\{fc637775-2381-1118-a451-dd123eee5112}
[2012.09.05 09:04:10 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\software@loadtubes.com
[2013.02.08 06:30:32 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\toolbar@ask.com
[2013.02.07 17:06:01 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.07 00:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.j s
[2013.02.07 10:53:44 | 000,002,079 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\ab60ea59-cd55-40cd-8bc8-7a2e1b8fe146.xml
[2013.02.08 06:30:33 | 000,002,413 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\askcom.xml
[2013.02.07 10:53:45 | 000,002,188 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\{03F8E454-BB6A-4D51-997C-6A90A9C6E046}.xml
[2013.02.07 10:53:45 | 000,002,077 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\{823790BA-3A32-466E-B32C-9DBAA4320C5D}.xml
[2013.02.07 10:53:45 | 000,001,870 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\{F3904243-C25D-43A7-970D-09B6039B3137}.xml
[2012.02.18 13:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.07 10:53:44 | 000,000,000 | ---D | M] (Helper) -- C:\USERS\***\APPDATA\ROAMING\HELPER
[2013.02.07 17:03:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.29 17:25:18 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2013.02.07 17:03:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 17:03:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.07 17:03:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 17:03:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.07 17:03:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 17:03:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D2669653D7574662D38266F653D7574662D382661713D7426726C 733D7B6D6F7A3A646973747269627574696F6E49447D3A7B6D6F7A3A6C6F63616C657D3A7B6D6F7A3A6F6666696369616C7D&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Avira Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.13.34761_0\
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.14_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DNSHelper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo\1.0.0_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: ScriptSafe = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll ()
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B7B4FE4-6079-48E6-B5E1-676AC8B37DA0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDE77562-3C0E-4D99-9BF5-C8EFED64310F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8def599-ab4d-11e1-9ac8-c80aa970abd5}\Shell - "" = AutoRun
O33 - MountPoints2\{c8def599-ab4d-11e1-9ac8-c80aa970abd5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.08 15:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.08 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.08 15:34:11 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.02.08 15:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.08 15:26:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.07 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.07 17:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.02.07 17:07:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\APN
[2013.02.07 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DNSHelper Chrome
[2013.02.07 10:53:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SwvUpdater
[2013.02.07 10:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\preispilot
[2013.02.07 10:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2013.02.07 10:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Helper
[2013.02.07 10:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.07 10:53:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2013.02.07 10:53:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS
[2013.01.20 10:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.20 10:18:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.01.20 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.20 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.18 14:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.12 15:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\AdobeStockPhotos
[2013.01.12 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Updater
[2013.01.12 15:41:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.01.12 15:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.01.12 15:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.01.12 15:24:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.01.12 15:23:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Creative Suite
[2013.01.12 15:17:57 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.11 11:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.11 10:19:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.11 10:17:10 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-365381482-1175887142-2425987651-1001UA.job
[2013.02.11 09:41:29 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.11 09:32:04 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe
[2013.02.11 09:29:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.11 09:28:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 09:28:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 09:27:00 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.11 09:27:00 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.11 09:27:00 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.11 09:27:00 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.11 09:27:00 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 09:21:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.11 09:21:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.11 09:20:55 | 3118,534,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.10 15:17:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-365381482-1175887142-2425987651-1001Core.job
[2013.02.08 15:34:17 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.08 15:26:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.07 17:07:27 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.05 17:42:01 | 000,399,794 | ---- | M] () -- C:\Users\***\Desktop\Onlineabschluss_ESWE_Klima_FairGas_2014_15690762 (1).pdf
[2013.02.05 17:11:31 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer 2013.lnk
[2013.02.03 09:48:38 | 000,019,512 | ---- | M] () -- C:\Users\***\Desktop\Ausgaben 2013.ods
[2013.01.31 21:19:45 | 000,002,423 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.01.27 17:57:21 | 004,804,794 | ---- | M] () -- C:\Users\***\Desktop\usa.pdf
[2013.01.20 10:18:38 | 000,002,128 | ---- | M] () -- C:\Users\***\Desktop\Free Video Dub.lnk
[2013.01.20 10:18:38 | 000,001,211 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.13 09:26:54 | 000,455,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 15:56:41 | 000,002,464 | ---- | M] () -- C:\Users\***\Desktop\Adobe Illustrator CS2.lnk
[2013.01.12 15:54:57 | 000,001,482 | ---- | M] () -- C:\Users\***\Desktop\Photoshop.lnk
[2013.01.12 15:54:36 | 000,001,320 | ---- | M] () -- C:\Users\***\Desktop\Bridge.lnk
[2013.01.12 15:53:55 | 000,001,394 | ---- | M] () -- C:\Users\***\Desktop\InDesign.lnk
[2013.01.12 15:39:01 | 000,001,263 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.11 09:41:29 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.11 09:32:03 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe
[2013.02.11 09:29:45 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.08 15:34:17 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.08 15:34:17 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.05 17:41:59 | 000,399,794 | ---- | C] () -- C:\Users\***\Desktop\Onlineabschluss_ESWE_Klima_FairGas_2014_15690762 (1).pdf
[2013.01.27 17:57:20 | 004,804,794 | ---- | C] () -- C:\Users\***\Desktop\usa.pdf
[2013.01.20 10:18:38 | 000,002,128 | ---- | C] () -- C:\Users\***\Desktop\Free Video Dub.lnk
[2013.01.20 10:18:38 | 000,001,211 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.12 15:56:41 | 000,002,464 | ---- | C] () -- C:\Users\***\Desktop\Adobe Illustrator CS2.lnk
[2013.01.12 15:54:36 | 000,001,320 | ---- | C] () -- C:\Users\***\Desktop\Bridge.lnk
[2013.01.12 15:53:55 | 000,001,394 | ---- | C] () -- C:\Users\***\Desktop\InDesign.lnk
[2013.01.12 15:53:31 | 000,001,482 | ---- | C] () -- C:\Users\***\Desktop\Photoshop.lnk
[2013.01.12 15:42:39 | 000,002,482 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2013.01.12 15:41:24 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2013.01.12 15:40:27 | 000,000,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2013.01.12 15:39:27 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.01.12 15:39:27 | 000,001,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.01.12 15:39:10 | 000,001,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.01.12 15:39:01 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.12 15:38:50 | 000,001,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012.09.28 14:06:13 | 000,159,347 | ---- | C] () -- C:\Windows\FolienViewer2 Uninstaller.exe
[2012.08.24 11:05:13 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.11 19:41:34 | 000,000,923 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.07.10 16:06:11 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.09.03 14:33:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{AB723628-94A4-442F-82C1-8FD6E008D569}
[2011.02.07 16:10:43 | 000,095,232 | ---- | C] () -- C:\Users\***\PaukerplanerDateien.ppdb
[2010.12.03 20:47:56 | 907,200,512 | ---- | C] () -- C:\Users\***\paukerplaner-daten.ppdb

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.09.22 13:30:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.10.17 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.08.24 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert
[2013.02.07 10:53:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2013.02.07 11:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNSHelper Chrome
[2013.01.20 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.11.16 15:49:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.07.11 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.03.08 12:16:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2012.12.10 18:56:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Finder
[2011.09.01 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2013.02.07 10:53:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2010.12.03 16:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OEM
[2012.04.08 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeRecovery
[2012.04.08 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeRecovery.c3b78c2a
[2012.10.27 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.02.07 10:53:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.16 18:03:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic
[2010.12.04 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.02.17 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TouchGadget
[2010.12.16 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1

< End of report >

Hi,

es sind mehrer Auffälligkeiten im Log, bitte folgendes File untersuchen lassen:

Dateien Online überprüfen lassen:

• Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

• Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
         

• Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

• Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

• Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Poste bitte das LOG vom letzten Suchlauf mit MAM!

AdwareCleaner (AdwCleaner)
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!
Poste die Logfiles in Code-Tags
Download über AdwCleaner by Xplode zum Desktop.

Starte AdwCleaner und klicke Search
Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum.

chris

Hallo Chris,

schonmal Danke für's Helfen!

Hier das Ergebnis von Virustotal:


SHA256: d8da0a4c78fd21a51e9a4f2c6680e06b4eed0e17a76a33c8cd4f71b1eac60e83
SHA1: da594e71e8b8b76c9fe92a4d02e93ed5f23992ef
MD5: dbd5934d88cdd8b8c255d857df9f689b
File size: 875.5 KB ( 896512 bytes )
File name: AddonsHelper
File type: Win32 EXE
Detection ratio: 0 / 45
Analysis date: 2013-02-11 13:59:59 UTC ( 0 Minuten ago )
More details
Analysis
Comments
Votes
Additional information
Antivirus Result Update
Agnitum - 20130210
AhnLab-V3 - 20130211
AntiVir - 20130211
Antiy-AVL - 20130211
Avast - 20130211
AVG - 20130211
BitDefender - 20130211
ByteHero - 20130211
CAT-QuickHeal - 20130211
ClamAV - 20130211
Commtouch - 20130210
Comodo - 20130211
DrWeb - 20130211
Emsisoft - 20130211
eSafe - 20130206
ESET-NOD32 - 20130211
F-Prot - 20130211
F-Secure - 20130211
Fortinet - 20130211
GData - 20130211
Ikarus - 20130211
Jiangmin - 20130211
K7AntiVirus - 20130209
Kaspersky - 20130211
Kingsoft - 20130204
Malwarebytes - 20130211
McAfee - 20130211
McAfee-GW-Edition - 20130211
Microsoft - 20130211
MicroWorld-eScan - 20130211
NANO-Antivirus - 20130211
Norman - 20130211
nProtect - 20130211
Panda - 20130211
Rising - 20130205
Sophos - 20130211
SUPERAntiSpyware - 20130211
Symantec - 20130211
TheHacker - 20130211
TotalDefense - 20130210
TrendMicro - 20130211
TrendMicro-HouseCall - 20130211
VBA32 - 20130211
VIPRE - 20130211
ViRobot - 20130211

Wenn das Log von "MAM" das von Malewarebytes ist (?): Leider hab ich das bereits wieder deinstalliert.

Adware:AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.112 - Datei am 11/02/2013 um 15:06:26 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\Local\APN
Ordner Gefunden : C:\Users\***\AppData\Local\SwvUpdater
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\Roaming\Media Finder
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\software@loadtubes.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\MediaFinder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.apn_dbr", "cr_24.0.1312.57");
Gefunden : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gefunden : user_pref("extensions.asktb.cbid", "^AGY");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.cr-o", "APN10267");
Gefunden : user_pref("extensions.asktb.crumb", "2013.02.07+08.06.00-toolbar019iad-NL-QW1zdGVyZGFtLE5ldGhlcmxhbm[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^NL");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "e97036f6-baf8-43b1-9431-dd6ec4d5b3e2");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "ovw");
Gefunden : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1360301433297");
Gefunden : user_pref("extensions.asktb.locale", "de_NL");
Gefunden : user_pref("extensions.asktb.localePref", true);
Gefunden : user_pref("extensions.asktb.location", "Amsterdam,Netherlands");
Gefunden : user_pref("extensions.asktb.new-tab-opt-out", true);
Gefunden : user_pref("extensions.asktb.o", "APN10267");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "6");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "5691717D-FC94-471B-84E2-80A9FD225FBD");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gefunden : user_pref("extensions.asktb.socialmini-first", true);
Gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.socialmini-speed", "5000");
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "07.02.2013 17:07:09");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.13.100015");
Gefunden : user_pref("extensions.asktb.version", "5.15.13.33021");
Gefunden : user_pref("extensions.enabledAddons", "software%40loadtubes.com:1.01,%7Bfc637775-2381-1118-a451-dd12[...]

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9745 octets] - [11/02/2013 15:06:26]

########## EOF - C:\AdwCleaner[R1].txt - [9805 octets] ##########
         

--- --- ---

Hallo,

poste noch das letzte Log vom MAM-Suchlauf...

AdwareCleaner
Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)

• Klicke Delete

• Klicke bei:AdwCleaner-Information OK

• Klicke bei:AdwCleaner-Restart Required OK

Alle Icons werden kurzzeitig verschwinden...
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum.

chris

Hier noch das MAM-File, hatte es doch noch gespeichert:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

07.02.2013 16:22:31
mbam-log-2013-02-07 (16-22-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419884
Laufzeit: 1 Stunde(n), 2 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)


Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: îÍïßÏÈOˆ*˜rƒr -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\***\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 21
C:\Users\***\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Und hier das AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.112 - Datei am 11/02/2013 um 17:01:16 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\software@loadtubes.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ts0lxuvz.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "cr_24.0.1312.57");
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "^AGY");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.cr-o", "APN10267");
Gelöscht : user_pref("extensions.asktb.crumb", "2013.02.07+08.06.00-toolbar019iad-NL-QW1zdGVyZGFtLE5ldGhlcmxhbm[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^NL");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "e97036f6-baf8-43b1-9431-dd6ec4d5b3e2");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "ovw");
Gelöscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1360301433297");
Gelöscht : user_pref("extensions.asktb.locale", "de_NL");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Amsterdam,Netherlands");
Gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true);
Gelöscht : user_pref("extensions.asktb.o", "APN10267");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "6");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "5691717D-FC94-471B-84E2-80A9FD225FBD");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "07.02.2013 17:07:09");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.13.100015");
Gelöscht : user_pref("extensions.asktb.version", "5.15.13.33021");
Gelöscht : user_pref("extensions.enabledAddons", "software%40loadtubes.com:1.01,%7Bfc637775-2381-1118-a451-dd12[...]

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9864 octets] - [11/02/2013 15:06:26]
AdwCleaner[S1].txt - [9807 octets] - [11/02/2013 17:01:16]

########## EOF - C:\AdwCleaner[S1].txt - [9867 octets] ##########
         

--- --- ---

Hi,

was machen die Umleitungen?

Erstelle und poste ein neues OTL-Log...

chris

Leider immer noch...

Hier das OTL-File:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 12.02.2013 08:59:03 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 51,82% Memory free
11,61 Gb Paging File | 9,24 Gb Available in Paging File | 79,58% Paging File free
Paging file location(s): c:\pagefile.sys 3965 5947d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,54 Gb Total Space | 205,12 Gb Free Space | 70,60% Space Free | Partition Type: NTFS
Drive D: | 290,54 Gb Total Space | 286,57 Gb Free Space | 98,63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 15:26:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.02.07 10:53:41 | 000,896,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 15:04:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 15:04:40 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 15:04:40 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.03.26 03:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2006.04.13 16:46:32 | 000,696,320 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files (x86)\mst software\mst Defrag\mstDfrgS.exe
PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013.01.09 08:55:53 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013.01.09 08:55:43 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 08:55:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 08:55:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.09 08:55:33 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 08:55:28 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.26 03:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 03:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.08 16:03:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.07 17:03:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 10:53:41 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.07 10:53:41 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.11 15:04:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 15:04:40 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.01 14:57:46 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.01 14:59:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.04.13 16:46:32 | 000,696,320 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files (x86)\mst software\mst Defrag\mstDfrgS.exe -- (mstDfrgS)
SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.11 15:04:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 15:04:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.12 05:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.19 01:49:24 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.08.18 09:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.08.13 04:21:40 | 000,364,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.11 09:50:06 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{114EDEB4-E10D-4F74-8D8B-E6B3D2BCF721}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=e97036f6-baf8-43b1-9431-dd6ec4d5b3e2&apn_sauid=5691717D-FC94-471B-84E2-80A9FD225FBD
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937414350575F64654445343038&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6AEA7FAF-E66B-4CEA-B24A-478E47C366A2}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263682F3F703D7B7365617263685465726D737D2666723D76635F7472616E735F64655F3831393726747970653D64737365&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{86099BAC-CF57-4971-B47B-6A142DBB8AFB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B8278FA2-D740-4C15-A01D-017B9CD1DF21}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CF1B04EE-1179-4B4E-BF80-3917E9598636}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{E3725267-26F2-4A42-8D14-93136F28C112}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F07E7004-57F9-4B35-AD69-8CBE666D3FA8}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=dshp"
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {fc637775-2381-1118-a451-dd123eee5112}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.14 16:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\***\AppData\Roaming\Helper [2013.02.07 10:53:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.07 17:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 20:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.18 14:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.07 17:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 20:42:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.18 14:56:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.04 10:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.04 10:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.11 17:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions
[2013.02.08 06:30:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.08 06:30:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.10 07:53:28 | 000,000,000 | ---D | M] ("StayInOnlineMode") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ts0lxuvz.default\extensions\{fc637775-2381-1118-a451-dd123eee5112}
[2013.02.07 17:06:01 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.07 10:53:44 | 000,002,079 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\ab60ea59-cd55-40cd-8bc8-7a2e1b8fe146.xml
[2013.02.07 10:53:45 | 000,002,188 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\{03F8E454-BB6A-4D51-997C-6A90A9C6E046}.xml
[2013.02.07 10:53:45 | 000,002,077 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\{823790BA-3A32-466E-B32C-9DBAA4320C5D}.xml
[2013.02.07 10:53:45 | 000,001,870 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ts0lxuvz.default\searchplugins\{F3904243-C25D-43A7-970D-09B6039B3137}.xml
[2012.02.18 13:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.07 10:53:44 | 000,000,000 | ---D | M] (Helper) -- C:\USERS\***\APPDATA\ROAMING\HELPER
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TS0LXUVZ.DEFAULT\EXTENSIONS\SOFTWARE@LOADTUBES.COM
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TS0LXUVZ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2013.02.07 17:03:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.29 17:25:18 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2013.02.07 17:03:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.07 17:03:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.07 17:03:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.07 17:03:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.07 17:03:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.07 17:03:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D2669653D7574662D38266F653D7574662D382661713D7426726C733D7B6D6F7A3A646973747269627574696F6E49447D3A7B6D6F7A3A6C6F63616C657D3A7B6D6F7A3A6F6666696369616C7D&st={searchTerms}&clid=b6351e9c-4ea7-47e4-a919-dd02802b58c2&pid=freewarede&k=0
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.14_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DNSHelper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo\1.0.0_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: ScriptSafe = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll ()
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B7B4FE4-6079-48E6-B5E1-676AC8B37DA0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDE77562-3C0E-4D99-9BF5-C8EFED64310F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8def599-ab4d-11e1-9ac8-c80aa970abd5}\Shell - "" = AutoRun
O33 - MountPoints2\{c8def599-ab4d-11e1-9ac8-c80aa970abd5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.11 15:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.11 15:23:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.11 15:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 15:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.08 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.08 15:34:11 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.02.08 15:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.08 15:26:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.07 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.07 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DNSHelper Chrome
[2013.02.07 10:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\preispilot
[2013.02.07 10:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2013.02.07 10:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Helper
[2013.02.07 10:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.07 10:53:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2013.02.07 10:53:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS
[2013.01.20 10:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.20 10:18:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.01.20 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.20 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.18 14:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.12 09:03:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.12 09:00:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 09:00:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 08:59:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.12 08:59:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.12 08:59:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.12 08:59:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.12 08:59:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 08:53:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.12 08:53:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.12 08:52:57 | 3118,534,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.11 18:13:45 | 000,019,512 | ---- | M] () -- C:\Users\***\Desktop\Ausgaben 2013.ods
[2013.02.11 17:19:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.11 17:17:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-365381482-1175887142-2425987651-1001UA.job
[2013.02.11 15:23:04 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 15:17:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-365381482-1175887142-2425987651-1001Core.job
[2013.02.11 15:04:12 | 000,587,659 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.02.11 09:41:29 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.11 09:32:04 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe
[2013.02.11 09:29:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.08 15:34:17 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.08 15:26:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.07 17:07:27 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.05 17:42:01 | 000,399,794 | ---- | M] () -- C:\Users\***\Desktop\Onlineabschluss_ESWE_Klima_FairGas_2014_15690762 (1).pdf
[2013.02.05 17:11:31 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer 2013.lnk
[2013.01.31 21:19:45 | 000,002,423 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.01.27 17:57:21 | 004,804,794 | ---- | M] () -- C:\Users\***\Desktop\usa.pdf
[2013.01.20 10:18:38 | 000,002,128 | ---- | M] () -- C:\Users\***\Desktop\Free Video Dub.lnk
[2013.01.20 10:18:38 | 000,001,211 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.13 09:26:54 | 000,455,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.11 15:23:04 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 15:04:06 | 000,587,659 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.02.11 09:41:29 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.11 09:32:03 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe
[2013.02.11 09:29:45 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.08 15:34:17 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.08 15:34:17 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.05 17:41:59 | 000,399,794 | ---- | C] () -- C:\Users\***\Desktop\Onlineabschluss_ESWE_Klima_FairGas_2014_15690762 (1).pdf
[2013.01.27 17:57:20 | 004,804,794 | ---- | C] () -- C:\Users\***\Desktop\usa.pdf
[2013.01.20 10:18:38 | 000,002,128 | ---- | C] () -- C:\Users\***\Desktop\Free Video Dub.lnk
[2013.01.20 10:18:38 | 000,001,211 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.12 15:41:24 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012.09.28 14:06:13 | 000,159,347 | ---- | C] () -- C:\Windows\FolienViewer2 Uninstaller.exe
[2012.08.24 11:05:13 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.11 19:41:34 | 000,000,923 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.07.10 16:06:11 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.09.03 14:33:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{AB723628-94A4-442F-82C1-8FD6E008D569}
[2011.02.07 16:10:43 | 000,095,232 | ---- | C] () -- C:\Users\***\PaukerplanerDateien.ppdb
[2010.12.03 20:47:56 | 907,200,512 | ---- | C] () -- C:\Users\***\paukerplaner-daten.ppdb
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.22 13:30:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.10.17 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.08.24 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert
[2013.02.07 10:53:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2013.02.07 11:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNSHelper Chrome
[2013.01.20 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.11.16 15:49:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.07.11 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.03.08 12:16:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2011.09.01 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2013.02.07 10:53:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2010.12.03 16:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OEM
[2012.04.08 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeRecovery
[2012.04.08 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeRecovery.c3b78c2a
[2012.10.27 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.02.07 10:53:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.16 18:03:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic
[2010.12.04 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.02.17 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TouchGadget
[2010.12.16 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
         

--- --- ---

Hi,

kennst Du das Chrom-Plugin "DNSHelper Chrome"? Installiert am 2013.02.07 um 11:50:40 Uhr?

Hat einer der Scanner (Malwarebytes, Spybot und Avira) was gefunden, wenn ja bitte Log posten...

Fix für OTL:

• Doppelklick auf die OTL.exe, um das Programm auszuführen.

• Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

• Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse
IE - HKCU\..\SearchScopes\{114EDEB4-E10D-4F74-8D8B-E6B3D2BCF721}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=e97036f6-baf8-43b1-9431-dd6ec4d5b3e2&apn_sauid=5691717D-FC94-471B-84E2-80A9FD225FBD
FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=dshp"
CHR - default_search_provider: suggest_url = 

:Commands
[emptytemp]
[Reboot]
         

• Den roten Run Fixes! Button anklicken.

• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

• Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

• %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

chris

Von einem DNS-Helper weiß ich nichts, habe ich (jedenfalls nicht absichtlich) installiert!

OTS-Log:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{721061fb-eb79-4568-a03c-3ce26d68dae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{114EDEB4-E10D-4F74-8D8B-E6B3D2BCF721}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{114EDEB4-E10D-4F74-8D8B-E6B3D2BCF721}\ not found.
Prefs.js: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=dshp" removed from browser.startup.homepage
Use Chrome's Settings page to remove the default_search_provider items.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 3075042 bytes
->Temporary Internet Files folder emptied: 709215 bytes
->Java cache emptied: 22055365 bytes
->FireFox cache emptied: 52296537 bytes
->Google Chrome cache emptied: 218814490 bytes
->Flash cache emptied: 677 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1899588 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 547094 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 11949639 bytes

Total Files Cleaned = 297,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122013_120330

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
File\Folder C:\Windows\temp\hsperfdata_***-PC$\1584 not found!
File\Folder C:\Windows\temp\ib10 not found!
File\Folder C:\Windows\temp\ib8 not found!
File\Folder C:\Windows\temp\ib9 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Hier das Log vom TDSS-Killer:

12:13:03.0184 4700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:13:03.0346 4700 ============================================================
12:13:03.0347 4700 Current date / time: 2013/02/12 12:13:03.0346
12:13:03.0347 4700 SystemInfo:
12:13:03.0347 4700
12:13:03.0347 4700 OS Version: 6.1.7601 ServicePack: 1.0
12:13:03.0347 4700 Product type: Workstation
12:13:03.0347 4700 ComputerName: ***-PC
12:13:03.0347 4700 UserName: ***
12:13:03.0347 4700 Windows directory: C:\Windows
12:13:03.0347 4700 System windows directory: C:\Windows
12:13:03.0347 4700 Running under WOW64
12:13:03.0347 4700 Processor architecture: Intel x64
12:13:03.0347 4700 Number of processors: 2
12:13:03.0347 4700 Page size: 0x1000
12:13:03.0347 4700 Boot type: Normal boot
12:13:03.0347 4700 ============================================================
12:13:05.0785 4700 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:13:05.0807 4700 ============================================================
12:13:05.0807 4700 \Device\Harddisk0\DR0:
12:13:05.0807 4700 MBR partitions:
12:13:05.0807 4700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
12:13:05.0807 4700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x24512000
12:13:05.0807 4700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x26344800, BlocksNum 0x24513000
12:13:05.0807 4700 ============================================================
12:13:05.0841 4700 C: <-> \Device\Harddisk0\DR0\Partition2
12:13:05.0873 4700 D: <-> \Device\Harddisk0\DR0\Partition3
12:13:05.0873 4700 ============================================================
12:13:05.0873 4700 Initialize success
12:13:05.0873 4700 ============================================================
12:13:28.0555 1788 ============================================================
12:13:28.0555 1788 Scan started
12:13:28.0555 1788 Mode: Manual; SigCheck; TDLFS;
12:13:28.0555 1788 ============================================================
12:13:28.0924 1788 ================ Scan services =============================
12:13:29.0104 1788 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:13:29.0227 1788 1394ohci - ok
12:13:29.0246 1788 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:13:29.0263 1788 ACPI - ok
12:13:29.0292 1788 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:13:29.0381 1788 AcpiPmi - ok
12:13:29.0501 1788 AddonsHelper - ok
12:13:29.0579 1788 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:13:29.0604 1788 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:13:29.0604 1788 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:13:29.0692 1788 [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 c:\Users\***\Desktop\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe
12:13:29.0716 1788 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
12:13:29.0716 1788 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
12:13:29.0790 1788 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:13:29.0800 1788 AdobeActiveFileMonitor8.0 - ok
12:13:29.0848 1788 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:13:29.0858 1788 AdobeARMservice - ok
12:13:29.0977 1788 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:13:29.0989 1788 AdobeFlashPlayerUpdateSvc - ok
12:13:30.0036 1788 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:13:30.0062 1788 adp94xx - ok
12:13:30.0098 1788 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:13:30.0119 1788 adpahci - ok
12:13:30.0134 1788 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:13:30.0154 1788 adpu320 - ok
12:13:30.0176 1788 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:13:30.0316 1788 AeLookupSvc - ok
12:13:30.0351 1788 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:13:30.0421 1788 AFD - ok
12:13:30.0445 1788 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:13:30.0461 1788 agp440 - ok
12:13:30.0481 1788 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:13:30.0531 1788 ALG - ok
12:13:30.0552 1788 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:13:30.0567 1788 aliide - ok
12:13:30.0572 1788 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:13:30.0586 1788 amdide - ok
12:13:30.0609 1788 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:13:30.0664 1788 AmdK8 - ok
12:13:30.0670 1788 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:13:30.0740 1788 AmdPPM - ok
12:13:30.0775 1788 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:13:30.0792 1788 amdsata - ok
12:13:30.0804 1788 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:13:30.0824 1788 amdsbs - ok
12:13:30.0832 1788 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:13:30.0846 1788 amdxata - ok
12:13:30.0910 1788 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:13:30.0920 1788 AntiVirSchedulerService - ok
12:13:30.0955 1788 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:13:30.0964 1788 AntiVirService - ok
12:13:31.0000 1788 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:13:31.0131 1788 AppID - ok
12:13:31.0159 1788 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:13:31.0224 1788 AppIDSvc - ok
12:13:31.0254 1788 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:13:31.0305 1788 Appinfo - ok
12:13:31.0352 1788 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:13:31.0369 1788 arc - ok
12:13:31.0384 1788 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:13:31.0401 1788 arcsas - ok
12:13:31.0417 1788 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:31.0478 1788 AsyncMac - ok
12:13:31.0509 1788 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:13:31.0523 1788 atapi - ok
12:13:31.0665 1788 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
12:13:31.0829 1788 atikmdag - ok
12:13:31.0861 1788 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:13:31.0934 1788 AudioEndpointBuilder - ok
12:13:31.0944 1788 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:13:31.0980 1788 AudioSrv - ok
12:13:32.0020 1788 [ 44327DA6A9C742CF4FA2B79FDB1BD1D3 ] AVerPola C:\Windows\system32\DRIVERS\AVerPola.sys
12:13:32.0089 1788 AVerPola - ok
12:13:32.0158 1788 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:13:32.0176 1788 avgntflt - ok
12:13:32.0194 1788 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:13:32.0210 1788 avipbb - ok
12:13:32.0236 1788 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:13:32.0250 1788 avkmgr - ok
12:13:32.0283 1788 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:13:32.0355 1788 AxInstSV - ok
12:13:32.0379 1788 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:13:32.0434 1788 b06bdrv - ok
12:13:32.0469 1788 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:13:32.0523 1788 b57nd60a - ok
12:13:32.0558 1788 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:13:32.0612 1788 BDESVC - ok
12:13:32.0623 1788 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:13:32.0675 1788 Beep - ok
12:13:32.0721 1788 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:13:32.0777 1788 BFE - ok
12:13:32.0817 1788 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:13:32.0873 1788 BITS - ok
12:13:32.0907 1788 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:32.0923 1788 blbdrive - ok
12:13:32.0945 1788 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:13:32.0991 1788 bowser - ok
12:13:33.0029 1788 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:13:33.0068 1788 BrFiltLo - ok
12:13:33.0087 1788 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:13:33.0103 1788 BrFiltUp - ok
12:13:33.0124 1788 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:13:33.0185 1788 Browser - ok
12:13:33.0197 1788 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:13:33.0269 1788 Brserid - ok
12:13:33.0283 1788 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:33.0315 1788 BrSerWdm - ok
12:13:33.0334 1788 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:33.0380 1788 BrUsbMdm - ok
12:13:33.0399 1788 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:33.0414 1788 BrUsbSer - ok
12:13:33.0424 1788 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:13:33.0462 1788 BTHMODEM - ok
12:13:33.0502 1788 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:13:33.0546 1788 bthserv - ok
12:13:33.0552 1788 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:13:33.0594 1788 cdfs - ok
12:13:33.0645 1788 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:13:33.0685 1788 cdrom - ok
12:13:33.0723 1788 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:13:33.0773 1788 CertPropSvc - ok
12:13:33.0819 1788 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:13:33.0841 1788 circlass - ok
12:13:33.0877 1788 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:13:33.0902 1788 CLFS - ok
12:13:33.0974 1788 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:33.0994 1788 clr_optimization_v2.0.50727_32 - ok
12:13:34.0031 1788 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:13:34.0057 1788 clr_optimization_v2.0.50727_64 - ok
12:13:34.0120 1788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:34.0132 1788 clr_optimization_v4.0.30319_32 - ok
12:13:34.0157 1788 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:13:34.0167 1788 clr_optimization_v4.0.30319_64 - ok
12:13:34.0193 1788 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:34.0241 1788 CmBatt - ok
12:13:34.0256 1788 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:13:34.0278 1788 cmdide - ok
12:13:34.0321 1788 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:13:34.0362 1788 CNG - ok
12:13:34.0382 1788 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:13:34.0396 1788 Compbatt - ok
12:13:34.0429 1788 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:13:34.0463 1788 CompositeBus - ok
12:13:34.0480 1788 COMSysApp - ok
12:13:34.0492 1788 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:13:34.0512 1788 crcdisk - ok
12:13:34.0536 1788 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:13:34.0601 1788 CryptSvc - ok
12:13:36.0227 1788 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:13:36.0283 1788 DcomLaunch - ok
12:13:36.0318 1788 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:13:36.0380 1788 defragsvc - ok
12:13:36.0418 1788 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:13:36.0467 1788 DfsC - ok
12:13:36.0504 1788 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:13:36.0532 1788 Dhcp - ok
12:13:36.0551 1788 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:13:36.0598 1788 discache - ok
12:13:36.0622 1788 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:13:36.0638 1788 Disk - ok
12:13:36.0655 1788 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:13:36.0711 1788 Dnscache - ok
12:13:36.0737 1788 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:13:36.0792 1788 dot3svc - ok
12:13:36.0825 1788 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:13:36.0871 1788 DPS - ok
12:13:36.0911 1788 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:13:36.0942 1788 drmkaud - ok
12:13:36.0982 1788 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:13:37.0026 1788 DXGKrnl - ok
12:13:37.0048 1788 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:13:37.0092 1788 EapHost - ok
12:13:37.0180 1788 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:13:37.0277 1788 ebdrv - ok
12:13:37.0305 1788 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:13:37.0367 1788 EFS - ok
12:13:37.0420 1788 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:13:37.0539 1788 ehRecvr - ok
12:13:37.0556 1788 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:13:37.0612 1788 ehSched - ok
12:13:37.0640 1788 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:13:37.0665 1788 elxstor - ok
12:13:37.0688 1788 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:13:37.0715 1788 ErrDev - ok
12:13:37.0752 1788 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:13:37.0806 1788 EventSystem - ok
12:13:37.0832 1788 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:13:37.0881 1788 exfat - ok
12:13:37.0897 1788 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:13:37.0957 1788 fastfat - ok
12:13:38.0001 1788 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:13:38.0057 1788 Fax - ok
12:13:38.0076 1788 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:13:38.0092 1788 fdc - ok
12:13:38.0119 1788 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:13:38.0171 1788 fdPHost - ok
12:13:38.0192 1788 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:13:38.0235 1788 FDResPub - ok
12:13:38.0270 1788 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:13:38.0296 1788 FileInfo - ok
12:13:38.0309 1788 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:13:38.0354 1788 Filetrace - ok
12:13:38.0420 1788 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:13:38.0454 1788 FLEXnet Licensing Service - ok
12:13:38.0468 1788 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:38.0503 1788 flpydisk - ok
12:13:38.0549 1788 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:13:38.0572 1788 FltMgr - ok
12:13:38.0603 1788 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:13:38.0670 1788 FontCache - ok
12:13:38.0707 1788 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:13:38.0744 1788 FontCache3.0.0.0 - ok
12:13:38.0772 1788 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:13:38.0788 1788 FsDepends - ok
12:13:38.0808 1788 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:13:38.0833 1788 Fs_Rec - ok
12:13:38.0858 1788 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:13:38.0883 1788 fvevol - ok
12:13:38.0900 1788 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:13:38.0916 1788 gagp30kx - ok
12:13:38.0948 1788 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:13:39.0020 1788 gpsvc - ok
12:13:39.0104 1788 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
12:13:39.0127 1788 Greg_Service - ok
12:13:39.0179 1788 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:13:39.0189 1788 gupdate - ok
12:13:39.0210 1788 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:13:39.0219 1788 gupdatem - ok
12:13:39.0246 1788 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:13:39.0267 1788 gusvc - ok
12:13:39.0281 1788 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:13:39.0349 1788 hcw85cir - ok
12:13:39.0380 1788 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:13:39.0423 1788 HdAudAddService - ok
12:13:39.0442 1788 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:13:39.0470 1788 HDAudBus - ok
12:13:39.0488 1788 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:13:39.0523 1788 HidBatt - ok
12:13:39.0542 1788 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:13:39.0580 1788 HidBth - ok
12:13:39.0621 1788 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:13:39.0639 1788 HidIr - ok
12:13:39.0659 1788 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:13:39.0706 1788 hidserv - ok
12:13:39.0764 1788 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:13:39.0779 1788 HidUsb - ok
12:13:39.0804 1788 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:13:39.0861 1788 hkmsvc - ok
12:13:39.0882 1788 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:13:39.0937 1788 HomeGroupListener - ok
12:13:39.0958 1788 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:13:39.0993 1788 HomeGroupProvider - ok
12:13:40.0019 1788 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:13:40.0035 1788 HpSAMD - ok
12:13:40.0075 1788 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:13:40.0144 1788 HTTP - ok
12:13:40.0167 1788 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:13:40.0180 1788 hwpolicy - ok
12:13:40.0201 1788 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:13:40.0219 1788 i8042prt - ok
12:13:40.0252 1788 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:13:40.0266 1788 iaStor - ok
12:13:40.0300 1788 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:13:40.0324 1788 iaStorV - ok
12:13:40.0367 1788 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:13:40.0417 1788 idsvc - ok
12:13:40.0440 1788 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:13:40.0456 1788 iirsp - ok
12:13:40.0496 1788 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:13:40.0559 1788 IKEEXT - ok
12:13:40.0641 1788 [ 1A6241B70453A6629A83DB942AA6B08C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:13:40.0682 1788 IntcAzAudAddService - ok
12:13:40.0703 1788 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:13:40.0718 1788 intelide - ok
12:13:40.0745 1788 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:13:40.0778 1788 intelppm - ok
12:13:40.0811 1788 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:13:40.0867 1788 IPBusEnum - ok
12:13:40.0911 1788 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:40.0979 1788 IpFilterDriver - ok
12:13:41.0021 1788 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:13:41.0091 1788 iphlpsvc - ok
12:13:41.0108 1788 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:13:41.0140 1788 IPMIDRV - ok
12:13:41.0172 1788 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:13:41.0241 1788 IPNAT - ok
12:13:41.0273 1788 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:13:41.0311 1788 IRENUM - ok
12:13:41.0326 1788 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:13:41.0341 1788 isapnp - ok
12:13:41.0354 1788 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:13:41.0376 1788 iScsiPrt - ok
12:13:41.0407 1788 [ 357F61A9F84D39DD7D9B4F783772BAF2 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
12:13:41.0448 1788 itecir - ok
12:13:41.0467 1788 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
12:13:41.0481 1788 JMCR - ok
12:13:41.0508 1788 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:41.0522 1788 kbdclass - ok
12:13:41.0552 1788 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:41.0567 1788 kbdhid - ok
12:13:41.0581 1788 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:13:41.0592 1788 KeyIso - ok
12:13:41.0639 1788 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:13:41.0690 1788 KSecDD - ok
12:13:41.0710 1788 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:13:41.0729 1788 KSecPkg - ok
12:13:41.0754 1788 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:13:41.0803 1788 ksthunk - ok
12:13:41.0835 1788 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:13:41.0895 1788 KtmRm - ok
12:13:41.0930 1788 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:13:41.0990 1788 LanmanServer - ok
12:13:42.0021 1788 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:13:42.0075 1788 LanmanWorkstation - ok
12:13:42.0109 1788 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:13:42.0157 1788 lltdio - ok
12:13:42.0191 1788 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:13:42.0247 1788 lltdsvc - ok
12:13:42.0268 1788 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:13:42.0302 1788 lmhosts - ok
12:13:42.0330 1788 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:13:42.0347 1788 LSI_FC - ok
12:13:42.0358 1788 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:13:42.0374 1788 LSI_SAS - ok
12:13:42.0383 1788 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:13:42.0398 1788 LSI_SAS2 - ok
12:13:42.0404 1788 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:13:42.0421 1788 LSI_SCSI - ok
12:13:42.0429 1788 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:13:42.0479 1788 luafv - ok
12:13:42.0531 1788 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:13:42.0543 1788 MBAMProtector - ok
12:13:42.0592 1788 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:13:42.0603 1788 MBAMScheduler - ok
12:13:42.0634 1788 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:13:42.0650 1788 MBAMService - ok
12:13:42.0694 1788 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:13:42.0731 1788 Mcx2Svc - ok
12:13:42.0759 1788 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:13:42.0785 1788 megasas - ok
12:13:42.0803 1788 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:13:42.0826 1788 MegaSR - ok
12:13:42.0851 1788 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:13:42.0901 1788 MMCSS - ok
12:13:42.0934 1788 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:13:42.0986 1788 Modem - ok
12:13:43.0009 1788 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:13:43.0040 1788 monitor - ok
12:13:43.0068 1788 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:13:43.0082 1788 mouclass - ok
12:13:43.0111 1788 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:13:43.0126 1788 mouhid - ok
12:13:43.0147 1788 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:13:43.0164 1788 mountmgr - ok
12:13:43.0204 1788 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:13:43.0221 1788 MozillaMaintenance - ok
12:13:43.0244 1788 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:13:43.0263 1788 mpio - ok
12:13:43.0275 1788 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:13:43.0321 1788 mpsdrv - ok
12:13:43.0366 1788 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:13:43.0438 1788 MpsSvc - ok
12:13:43.0467 1788 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:13:43.0515 1788 MRxDAV - ok
12:13:43.0544 1788 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:43.0626 1788 mrxsmb - ok
12:13:43.0649 1788 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:43.0696 1788 mrxsmb10 - ok
12:13:43.0722 1788 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:43.0752 1788 mrxsmb20 - ok
12:13:43.0762 1788 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:13:43.0776 1788 msahci - ok
12:13:43.0794 1788 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:13:43.0812 1788 msdsm - ok
12:13:43.0825 1788 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:13:43.0857 1788 MSDTC - ok
12:13:43.0895 1788 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:13:43.0929 1788 Msfs - ok
12:13:43.0953 1788 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:13:44.0002 1788 mshidkmdf - ok
12:13:44.0020 1788 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:13:44.0042 1788 msisadrv - ok
12:13:44.0065 1788 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:13:44.0112 1788 MSiSCSI - ok
12:13:44.0116 1788 msiserver - ok
12:13:44.0140 1788 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:13:44.0172 1788 MSKSSRV - ok
12:13:44.0203 1788 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:44.0256 1788 MSPCLOCK - ok
12:13:44.0273 1788 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:13:44.0325 1788 MSPQM - ok
12:13:44.0355 1788 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:13:44.0379 1788 MsRPC - ok
12:13:44.0414 1788 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:13:44.0426 1788 mssmbios - ok
12:13:44.0483 1788 [ 72F6465C814400FBD454CCBFFD3664C3 ] mstDfrgS C:\Program Files (x86)\mst software\mst Defrag\mstDfrgS.exe
12:13:44.0499 1788 mstDfrgS ( UnsignedFile.Multi.Generic ) - warning
12:13:44.0499 1788 mstDfrgS - detected UnsignedFile.Multi.Generic (1)
12:13:44.0529 1788 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:13:44.0581 1788 MSTEE - ok
12:13:44.0604 1788 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:13:44.0622 1788 MTConfig - ok
12:13:44.0642 1788 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:13:44.0660 1788 Mup - ok
12:13:44.0684 1788 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:13:44.0733 1788 napagent - ok
12:13:44.0774 1788 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:13:44.0799 1788 NativeWifiP - ok
12:13:44.0836 1788 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:13:44.0861 1788 NDIS - ok
12:13:44.0889 1788 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:13:44.0941 1788 NdisCap - ok
12:13:44.0976 1788 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:45.0028 1788 NdisTapi - ok
12:13:45.0063 1788 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:45.0096 1788 Ndisuio - ok
12:13:45.0117 1788 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:45.0171 1788 NdisWan - ok
12:13:45.0205 1788 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:13:45.0265 1788 NDProxy - ok
12:13:45.0300 1788 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:13:45.0348 1788 NetBIOS - ok
12:13:45.0405 1788 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:13:45.0465 1788 NetBT - ok
12:13:45.0489 1788 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:13:45.0501 1788 Netlogon - ok
12:13:45.0540 1788 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:13:45.0594 1788 Netman - ok
12:13:45.0631 1788 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:13:45.0695 1788 netprofm - ok
12:13:45.0738 1788 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:13:45.0755 1788 NetTcpPortSharing - ok
12:13:45.0775 1788 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:13:45.0792 1788 nfrd960 - ok
12:13:45.0822 1788 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:13:45.0844 1788 NlaSvc - ok
12:13:45.0860 1788 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:13:45.0893 1788 Npfs - ok
12:13:45.0921 1788 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:13:45.0974 1788 nsi - ok
12:13:45.0996 1788 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:13:46.0049 1788 nsiproxy - ok
12:13:46.0129 1788 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:13:46.0174 1788 Ntfs - ok
12:13:46.0199 1788 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:13:46.0249 1788 Null - ok
12:13:46.0306 1788 [ 181E7FE39211E04128A30708906627D8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
12:13:46.0319 1788 NVHDA - ok
12:13:46.0506 1788 [ 5DCCA70AAB720C07CEA8D4F5EA6DB83D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:13:46.0661 1788 nvlddmkm - ok
12:13:46.0684 1788 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:13:46.0701 1788 nvraid - ok
12:13:46.0723 1788 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:13:46.0742 1788 nvstor - ok
12:13:46.0781 1788 [ 902BB5D857538CC31163009959DF0116 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:13:46.0793 1788 nvsvc - ok
12:13:46.0810 1788 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:13:46.0828 1788 nv_agp - ok
12:13:46.0894 1788 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:13:46.0920 1788 odserv - ok
12:13:46.0944 1788 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:13:46.0979 1788 ohci1394 - ok
12:13:47.0009 1788 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:47.0027 1788 ose - ok
12:13:47.0054 1788 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:13:47.0100 1788 p2pimsvc - ok
12:13:47.0115 1788 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:13:47.0132 1788 p2psvc - ok
12:13:47.0153 1788 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:13:47.0170 1788 Parport - ok
12:13:47.0188 1788 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:13:47.0204 1788 partmgr - ok
12:13:47.0216 1788 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:13:47.0252 1788 PcaSvc - ok
12:13:47.0277 1788 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:13:47.0297 1788 pci - ok
12:13:47.0320 1788 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:13:47.0333 1788 pciide - ok
12:13:47.0346 1788 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:13:47.0366 1788 pcmcia - ok
12:13:47.0381 1788 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:13:47.0395 1788 pcw - ok
12:13:47.0416 1788 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:13:47.0465 1788 PEAUTH - ok
12:13:47.0537 1788 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:13:47.0572 1788 PerfHost - ok
12:13:47.0631 1788 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:13:47.0698 1788 pla - ok
12:13:47.0745 1788 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:13:47.0775 1788 PlugPlay - ok
12:13:47.0797 1788 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:13:47.0833 1788 PNRPAutoReg - ok
12:13:47.0854 1788 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:13:47.0868 1788 PNRPsvc - ok
12:13:47.0892 1788 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:13:47.0949 1788 PolicyAgent - ok
12:13:47.0987 1788 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:13:48.0037 1788 Power - ok
12:13:48.0071 1788 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:13:48.0105 1788 PptpMiniport - ok
12:13:48.0125 1788 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:13:48.0155 1788 Processor - ok
12:13:48.0185 1788 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:13:48.0235 1788 ProfSvc - ok
12:13:48.0247 1788 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:13:48.0258 1788 ProtectedStorage - ok
12:13:48.0281 1788 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:13:48.0331 1788 Psched - ok
12:13:48.0364 1788 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:13:48.0377 1788 PxHlpa64 - ok
12:13:48.0415 1788 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:13:48.0459 1788 ql2300 - ok
12:13:48.0476 1788 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:13:48.0494 1788 ql40xx - ok
12:13:48.0517 1788 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:13:48.0548 1788 QWAVE - ok
12:13:48.0569 1788 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:13:48.0603 1788 QWAVEdrv - ok
12:13:48.0627 1788 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:13:48.0678 1788 RasAcd - ok
12:13:48.0711 1788 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:13:48.0747 1788 RasAgileVpn - ok
12:13:48.0762 1788 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:13:48.0808 1788 RasAuto - ok
12:13:48.0834 1788 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:48.0889 1788 Rasl2tp - ok
12:13:48.0931 1788 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:13:48.0990 1788 RasMan - ok
12:13:49.0011 1788 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:49.0063 1788 RasPppoe - ok
12:13:49.0085 1788 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:13:49.0135 1788 RasSstp - ok
12:13:49.0166 1788 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:13:49.0221 1788 rdbss - ok
12:13:49.0251 1788 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:13:49.0268 1788 rdpbus - ok
12:13:49.0274 1788 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:49.0307 1788 RDPCDD - ok
12:13:49.0327 1788 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:13:49.0378 1788 RDPENCDD - ok
12:13:49.0385 1788 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:13:49.0416 1788 RDPREFMP - ok
12:13:49.0545 1788 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:13:49.0610 1788 RDPWD - ok
12:13:49.0643 1788 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:13:49.0663 1788 rdyboost - ok
12:13:49.0688 1788 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:13:49.0737 1788 RemoteAccess - ok
12:13:49.0772 1788 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:13:49.0827 1788 RemoteRegistry - ok
12:13:49.0859 1788 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:13:49.0894 1788 RpcEptMapper - ok
12:13:49.0932 1788 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:13:49.0972 1788 RpcLocator - ok
12:13:50.0011 1788 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:13:50.0045 1788 RpcSs - ok
12:13:50.0070 1788 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:13:50.0124 1788 rspndr - ok
12:13:50.0165 1788 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:13:50.0219 1788 RTL8167 - ok
12:13:50.0254 1788 [ 54A8A541DB7DD16A95059EA25BE4DD14 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
12:13:50.0314 1788 rtl8192se - ok
12:13:50.0330 1788 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:13:50.0342 1788 SamSs - ok
12:13:50.0368 1788 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:13:50.0385 1788 sbp2port - ok
12:13:50.0406 1788 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:13:50.0443 1788 SCardSvr - ok
12:13:50.0467 1788 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:13:50.0514 1788 scfilter - ok
12:13:50.0554 1788 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:13:50.0611 1788 Schedule - ok
12:13:50.0664 1788 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:13:50.0693 1788 SCPolicySvc - ok
12:13:50.0761 1788 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:13:50.0786 1788 sdbus - ok
12:13:50.0807 1788 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:13:50.0865 1788 SDRSVC - ok
12:13:50.0926 1788 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:13:50.0948 1788 SDScannerService - ok
12:13:51.0019 1788 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:13:51.0044 1788 SDUpdateService - ok
12:13:51.0061 1788 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:13:51.0072 1788 SDWSCService - ok
12:13:51.0160 1788 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
12:13:51.0184 1788 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
12:13:51.0184 1788 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
12:13:51.0220 1788 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:13:51.0273 1788 secdrv - ok
12:13:51.0297 1788 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:13:51.0334 1788 seclogon - ok
12:13:51.0342 1788 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:13:51.0394 1788 SENS - ok
12:13:51.0424 1788 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:13:51.0476 1788 SensrSvc - ok
12:13:51.0489 1788 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:13:51.0518 1788 Serenum - ok
12:13:51.0543 1788 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:13:51.0560 1788 Serial - ok
12:13:51.0584 1788 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:13:51.0598 1788 sermouse - ok
12:13:51.0629 1788 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:13:51.0682 1788 SessionEnv - ok
12:13:51.0703 1788 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:13:51.0734 1788 sffdisk - ok
12:13:51.0755 1788 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:13:51.0772 1788 sffp_mmc - ok
12:13:51.0779 1788 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:13:51.0813 1788 sffp_sd - ok
12:13:51.0844 1788 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:13:51.0883 1788 sfloppy - ok
12:13:51.0924 1788 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:13:51.0978 1788 SharedAccess - ok
12:13:52.0011 1788 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:13:52.0063 1788 ShellHWDetection - ok
12:13:52.0090 1788 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:13:52.0106 1788 SiSRaid2 - ok
12:13:52.0119 1788 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:13:52.0135 1788 SiSRaid4 - ok
12:13:52.0158 1788 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:13:52.0210 1788 Smb - ok
12:13:52.0246 1788 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:13:52.0277 1788 SNMPTRAP - ok
12:13:52.0301 1788 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:13:52.0315 1788 spldr - ok
12:13:52.0452 1788 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:13:52.0511 1788 Spooler - ok
12:13:52.0593 1788 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:13:52.0701 1788 sppsvc - ok
12:13:52.0732 1788 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:13:52.0784 1788 sppuinotify - ok
12:13:52.0830 1788 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:13:52.0865 1788 srv - ok
12:13:52.0885 1788 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:13:52.0933 1788 srv2 - ok
12:13:52.0952 1788 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:13:52.0986 1788 srvnet - ok
12:13:53.0015 1788 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:13:53.0067 1788 SSDPSRV - ok
12:13:53.0116 1788 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:13:53.0154 1788 SstpSvc - ok
12:13:53.0203 1788 Steam Client Service - ok
12:13:53.0226 1788 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:13:53.0240 1788 stexstor - ok
12:13:53.0274 1788 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:13:53.0305 1788 stisvc - ok
12:13:53.0330 1788 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:13:53.0343 1788 swenum - ok
12:13:53.0360 1788 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:13:53.0430 1788 swprv - ok
12:13:53.0482 1788 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:13:53.0540 1788 SysMain - ok
12:13:53.0571 1788 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:13:53.0588 1788 TabletInputService - ok
12:13:53.0609 1788 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:13:53.0662 1788 TapiSrv - ok
12:13:53.0690 1788 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:13:53.0734 1788 TBS - ok
12:13:53.0816 1788 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:13:53.0889 1788 Tcpip - ok
12:13:53.0932 1788 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:13:53.0966 1788 TCPIP6 - ok
12:13:53.0983 1788 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:13:53.0999 1788 tcpipreg - ok
12:13:54.0017 1788 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:13:54.0038 1788 TDPIPE - ok
12:13:54.0058 1788 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:13:54.0092 1788 TDTCP - ok
12:13:54.0132 1788 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:13:54.0186 1788 tdx - ok
12:13:54.0240 1788 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:13:54.0256 1788 TermDD - ok
12:13:54.0375 1788 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:13:54.0443 1788 TermService - ok
12:13:54.0464 1788 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:13:54.0500 1788 Themes - ok
12:13:54.0533 1788 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:13:54.0564 1788 THREADORDER - ok
12:13:54.0574 1788 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:13:54.0633 1788 TrkWks - ok
12:13:54.0679 1788 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:13:54.0729 1788 TrustedInstaller - ok
12:13:54.0766 1788 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:54.0799 1788 tssecsrv - ok
12:13:54.0831 1788 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:13:54.0882 1788 TsUsbFlt - ok
12:13:54.0912 1788 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:13:54.0958 1788 tunnel - ok
12:13:54.0987 1788 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:13:55.0003 1788 uagp35 - ok
12:13:55.0030 1788 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:13:55.0091 1788 udfs - ok
12:13:55.0124 1788 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:13:55.0144 1788 UI0Detect - ok
12:13:55.0170 1788 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:13:55.0186 1788 uliagpkx - ok
12:13:55.0207 1788 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:13:55.0242 1788 umbus - ok
12:13:55.0266 1788 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:13:55.0297 1788 UmPass - ok
12:13:55.0359 1788 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
12:13:55.0370 1788 Updater Service - ok
12:13:55.0404 1788 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:13:55.0460 1788 upnphost - ok
12:13:55.0477 1788 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:55.0526 1788 usbccgp - ok
12:13:55.0550 1788 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:13:55.0570 1788 usbcir - ok
12:13:55.0595 1788 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:13:55.0624 1788 usbehci - ok
12:13:55.0659 1788 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:13:55.0695 1788 usbhub - ok
12:13:55.0750 1788 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:13:55.0778 1788 usbohci - ok
12:13:55.0808 1788 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:13:55.0840 1788 usbprint - ok
12:13:55.0880 1788 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:13:55.0897 1788 usbscan - ok
12:13:55.0911 1788 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:55.0960 1788 USBSTOR - ok
12:13:55.0974 1788 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:13:56.0007 1788 usbuhci - ok
12:13:56.0057 1788 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:13:56.0077 1788 usbvideo - ok
12:13:56.0098 1788 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:13:56.0152 1788 UxSms - ok
12:13:56.0172 1788 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:13:56.0183 1788 VaultSvc - ok
12:13:56.0205 1788 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:13:56.0220 1788 vdrvroot - ok
12:13:56.0248 1788 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:13:56.0315 1788 vds - ok
12:13:56.0349 1788 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:56.0366 1788 vga - ok
12:13:56.0373 1788 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:13:56.0421 1788 VgaSave - ok
12:13:56.0458 1788 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:13:56.0479 1788 vhdmp - ok
12:13:56.0504 1788 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:13:56.0518 1788 viaide - ok
12:13:56.0533 1788 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:13:56.0550 1788 volmgr - ok
12:13:56.0572 1788 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:13:56.0604 1788 volmgrx - ok
12:13:56.0625 1788 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:13:56.0648 1788 volsnap - ok
12:13:56.0669 1788 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:13:56.0687 1788 vsmraid - ok
12:13:56.0724 1788 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:13:56.0795 1788 VSS - ok
12:13:56.0814 1788 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:13:56.0850 1788 vwifibus - ok
12:13:56.0875 1788 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:13:56.0894 1788 vwififlt - ok
12:13:56.0916 1788 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:13:56.0954 1788 vwifimp - ok
12:13:56.0993 1788 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:13:57.0037 1788 W32Time - ok
12:13:57.0055 1788 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:13:57.0096 1788 WacomPen - ok
12:13:57.0136 1788 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:13:57.0190 1788 WANARP - ok
12:13:57.0206 1788 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:13:57.0235 1788 Wanarpv6 - ok
12:13:57.0278 1788 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:13:57.0329 1788 wbengine - ok
12:13:57.0354 1788 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:13:57.0378 1788 WbioSrvc - ok
12:13:57.0404 1788 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:13:57.0450 1788 wcncsvc - ok
12:13:57.0468 1788 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:13:57.0490 1788 WcsPlugInService - ok
12:13:57.0509 1788 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:13:57.0524 1788 Wd - ok
12:13:57.0562 1788 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:13:57.0596 1788 Wdf01000 - ok
12:13:57.0612 1788 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:13:57.0694 1788 WdiServiceHost - ok
12:13:57.0697 1788 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:13:57.0716 1788 WdiSystemHost - ok
12:13:57.0750 1788 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:13:57.0794 1788 WebClient - ok
12:13:57.0829 1788 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:13:57.0884 1788 Wecsvc - ok
12:13:57.0909 1788 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:13:57.0968 1788 wercplsupport - ok
12:13:57.0995 1788 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:13:58.0026 1788 WerSvc - ok
12:13:58.0071 1788 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:58.0104 1788 WfpLwf - ok
12:13:58.0124 1788 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:13:58.0139 1788 WIMMount - ok
12:13:58.0159 1788 WinDefend - ok
12:13:58.0165 1788 WinHttpAutoProxySvc - ok
12:13:58.0379 1788 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:13:58.0445 1788 Winmgmt - ok
12:13:58.0501 1788 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:13:58.0581 1788 WinRM - ok
12:13:58.0629 1788 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:13:58.0656 1788 Wlansvc - ok
12:13:58.0681 1788 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:13:58.0712 1788 WmiAcpi - ok
12:13:58.0770 1788 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:13:58.0807 1788 wmiApSrv - ok
12:13:58.0841 1788 WMPNetworkSvc - ok
12:13:58.0857 1788 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:13:58.0883 1788 WPCSvc - ok
12:13:58.0905 1788 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:13:58.0925 1788 WPDBusEnum - ok
12:13:58.0945 1788 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:13:58.0978 1788 ws2ifsl - ok
12:13:59.0002 1788 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:13:59.0040 1788 wscsvc - ok
12:13:59.0044 1788 WSearch - ok
12:13:59.0118 1788 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:13:59.0170 1788 wuauserv - ok
12:13:59.0201 1788 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:13:59.0251 1788 WudfPf - ok
12:13:59.0280 1788 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:59.0314 1788 WUDFRd - ok
12:13:59.0349 1788 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:13:59.0383 1788 wudfsvc - ok
12:13:59.0415 1788 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:13:59.0440 1788 WwanSvc - ok
12:13:59.0453 1788 ================ Scan global ===============================
12:13:59.0471 1788 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:13:59.0491 1788 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
12:13:59.0504 1788 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
12:13:59.0522 1788 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:13:59.0545 1788 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:13:59.0556 1788 [Global] - ok
12:13:59.0556 1788 ================ Scan MBR ==================================
12:13:59.0575 1788 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:14:00.0591 1788 \Device\Harddisk0\DR0 - ok
12:14:00.0592 1788 ================ Scan VBR ==================================
12:14:00.0626 1788 [ 3B85F1100004E92F87D2DD05F84A25D5 ] \Device\Harddisk0\DR0\Partition1
12:14:00.0641 1788 \Device\Harddisk0\DR0\Partition1 - ok
12:14:00.0746 1788 [ 3DD3D7F1713C6992E2158AF6C41F2E9B ] \Device\Harddisk0\DR0\Partition2
12:14:00.0749 1788 \Device\Harddisk0\DR0\Partition2 - ok
12:14:00.0785 1788 [ 59A180F2D3B2585D1EA980A4CBB0B3C0 ] \Device\Harddisk0\DR0\Partition3
12:14:00.0787 1788 \Device\Harddisk0\DR0\Partition3 - ok
12:14:00.0788 1788 ============================================================
12:14:00.0788 1788 Scan finished
12:14:00.0788 1788 ============================================================
12:14:00.0802 2248 Detected object count: 4
12:14:00.0802 2248 Actual detected object count: 4
12:14:08.0562 2248 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:08.0562 2248 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:08.0562 2248 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:08.0562 2248 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:08.0566 2248 mstDfrgS ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:08.0566 2248 mstDfrgS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:08.0567 2248 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:08.0567 2248 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip

Hi,

der Killer findet kein Rootkit, das ist schon mal nicht schlecht.
so, leider hab ich hier kein chrom, daher kann ich Dir nur sagen was Du zu tun hast.
Starte Chrom, Einstellungen und entferne das PlugIn DNS Helper. Prüfe ob Du unter den Defaulteinstellungen zur Suche (Suchprovider) Du die yahoo-suche bzw. einen unbekannten Provider findest, den ebenfalls entfernen. Neu booten...

Dann prüfen ob die Umleitung noch da ist...

chris

Verdammt, das scheint es tatsächlich gewesen zu sein!
Bleibt nur die Frage, wo ich mir das abgegriffen haben könnte...
Lieber Chris, dir jedenfalls vielen Dank für den ganzen Aufwand!