Diesen AVIRA Sicherheitshinweis bekam ich heute und gestern und wie schon so oft jetzt die letzten Tage.

Datum/Uhrzeit: 12.06.2013, 17:21:05
Typ: Fund

Der Zugriff auf die Datei 'C\$Recycle.Bin\...\n', die ein Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' enthält, wurde verweigert.

Liebe Grüße,

Miriam

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:

Bitte lesen:
Regeln für die Bereinigung

• Illegal genutzte Software
  Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
• Keine Garantie
  Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
• Keine Alleingänge
  Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
• Aufmerksam lesen und nachfragen
  Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
• Richtig antworten
  • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
  • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss. Denke bitte aber auch daran, dass wir diesen Thread und deine Logfiles nachträglich nicht editieren werden! (siehe LINK)
  • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
    [CODE] (Logfile) [/CODE]
  • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
• Keine privaten Nachrichten
  Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
• Wie läuft die Bereinigung ab?
  Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

• Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
• Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
• Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Laufwerksemulationen abschalten mit Defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

• Starte das Tool mit Doppelklick.
• Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
• Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
• Wenn der Scan beendet wurde (Finished), klicke auf OK.
• Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
• Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 2:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Schritt 3:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Schritt 4:
Scan mit DDS+ (mit attach)

Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com

• Schließe alle laufenden Programme und starte DDS mit Doppelklick.
• Der Desktop wird verschwinden, das ist normal.
• Stelle folgendes ein:
  
  [X] dds.txt
  [X] attach.txt
  [ ] options for dds.txt
  
  
• Ändere keine Einstellung ohne Anweisung.
• Klicke auf Start.
• Es werden 2 Logfiles auf deinem Desktop erstellt.
  • dds.txt
  • attach.txt
• Poste die beiden Logfile hier, möglichst in CODE-Tags.

Hallo Ryder,

das habe ich alles gemacht:

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

• Starte das Tool mit Doppelklick.
• Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
• Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
• Wenn der Scan beendet wurde (Finished), klicke auf OK.

Und dann hat's hier aufgehört: (diesen Teil, kann ich nirgends auf meinem Desktop, weder noch in Startsuchleiste finden!)
Anstatt dass irgendeine Nachricht kommt, bleibt das Disable Fenster einfach stehen. Schließen muss ich es dann mit x.

• Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
• Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Wo kann ich nun diese Defogger Logdatei in meinem Laptop finden?
Und was vielleicht noch wichtig ist, ich verwende ABP = AdblockPlus und Script.
Ich hoffe nicht, dass dies zu den hier genannten Behinderungen geführt hat.?

Nein, wenn, dann war es deine Sicherheitssoftware. Bitte mit 2 weitermachen.

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Schritt 2:
Scan mit dem TDSS-Killer

18:32:20.0455 5392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:32:20.0643 5392 ============================================================
18:32:20.0643 5392 Current date / time: 2013/06/15 18:32:20.0643
18:32:20.0643 5392 SystemInfo:
18:32:20.0643 5392
18:32:20.0643 5392 OS Version: 6.1.7601 ServicePack: 1.0
18:32:20.0643 5392 Product type: Workstation
18:32:20.0643 5392 ComputerName: MIRIAM-VAIO
18:32:20.0643 5392 UserName: Miriam
18:32:20.0643 5392 Windows directory: C:\Windows
18:32:20.0643 5392 System windows directory: C:\Windows
18:32:20.0643 5392 Running under WOW64
18:32:20.0643 5392 Processor architecture: Intel x64
18:32:20.0643 5392 Number of processors: 2
18:32:20.0643 5392 Page size: 0x1000
18:32:20.0643 5392 Boot type: Normal boot
18:32:20.0643 5392 ============================================================
18:32:26.0040 5392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:26.0056 5392 ============================================================
18:32:26.0056 5392 \Device\Harddisk0\DR0:
18:32:26.0056 5392 MBR partitions:
18:32:26.0056 5392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13F7000, BlocksNum 0x32000
18:32:26.0056 5392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1429000, BlocksNum 0x38F5C800
18:32:26.0056 5392 ============================================================
18:32:26.0118 5392 C: <-> \Device\Harddisk0\DR0\Partition2
18:32:26.0118 5392 ============================================================
18:32:26.0118 5392 Initialize success
18:32:26.0118 5392 ============================================================
18:34:07.0994 7924 ============================================================
18:34:07.0994 7924 Scan started
18:34:07.0994 7924 Mode: Manual;
18:34:07.0994 7924 ============================================================
18:34:08.0539 7924 ================ Scan system memory ========================
18:34:08.0539 7924 System memory - ok
18:34:08.0540 7924 ================ Scan services =============================
18:34:08.0733 7924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:34:08.0746 7924 1394ohci - ok
18:34:08.0776 7924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:34:08.0781 7924 ACPI - ok
18:34:08.0832 7924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:34:08.0833 7924 AcpiPmi - ok
18:34:09.0000 7924 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:34:09.0002 7924 AdobeARMservice - ok
18:34:09.0220 7924 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:34:09.0222 7924 AdobeFlashPlayerUpdateSvc - ok
18:34:09.0261 7924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:34:09.0268 7924 adp94xx - ok
18:34:09.0295 7924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:34:09.0301 7924 adpahci - ok
18:34:09.0336 7924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:34:09.0352 7924 adpu320 - ok
18:34:09.0431 7924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:34:09.0433 7924 AeLookupSvc - ok
18:34:09.0523 7924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:34:09.0530 7924 AFD - ok
18:34:09.0570 7924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:34:09.0585 7924 agp440 - ok
18:34:09.0624 7924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:34:09.0649 7924 ALG - ok
18:34:09.0697 7924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:34:09.0699 7924 aliide - ok
18:34:09.0736 7924 [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:34:09.0738 7924 AMD External Events Utility - ok
18:34:09.0773 7924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:34:09.0774 7924 amdide - ok
18:34:09.0814 7924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:34:09.0816 7924 AmdK8 - ok
18:34:10.0098 7924 [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
18:34:10.0251 7924 amdkmdag - ok
18:34:10.0308 7924 [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:34:10.0310 7924 amdkmdap - ok
18:34:10.0330 7924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:34:10.0332 7924 AmdPPM - ok
18:34:10.0364 7924 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:34:10.0366 7924 amdsata - ok
18:34:10.0403 7924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:34:10.0406 7924 amdsbs - ok
18:34:10.0438 7924 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:34:10.0440 7924 amdxata - ok
18:34:10.0494 7924 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
18:34:10.0495 7924 amd_sata - ok
18:34:10.0520 7924 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
18:34:10.0521 7924 amd_xata - ok
18:34:10.0576 7924 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:34:10.0578 7924 AntiVirSchedulerService - ok
18:34:10.0643 7924 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:34:10.0645 7924 AntiVirService - ok
18:34:10.0695 7924 [ 29D63D80F23DA504BAA2DB5D260DD4BD ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:34:10.0702 7924 ApfiltrService - ok
18:34:10.0744 7924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:34:10.0759 7924 AppID - ok
18:34:10.0783 7924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:34:10.0790 7924 AppIDSvc - ok
18:34:10.0826 7924 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
18:34:10.0827 7924 Appinfo - ok
18:34:10.0915 7924 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:34:10.0917 7924 Apple Mobile Device - ok
18:34:10.0948 7924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:34:10.0950 7924 arc - ok
18:34:10.0966 7924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:34:10.0968 7924 arcsas - ok
18:34:11.0114 7924 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:34:11.0131 7924 aspnet_state - ok
18:34:11.0173 7924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:34:11.0188 7924 AsyncMac - ok
18:34:11.0227 7924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:34:11.0228 7924 atapi - ok
18:34:11.0363 7924 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:34:11.0399 7924 athr - ok
18:34:11.0429 7924 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
18:34:11.0430 7924 AtiPcie - ok
18:34:11.0542 7924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:34:11.0551 7924 AudioEndpointBuilder - ok
18:34:11.0594 7924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:34:11.0599 7924 AudioSrv - ok
18:34:11.0640 7924 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:34:11.0641 7924 avgntflt - ok
18:34:11.0703 7924 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:34:11.0704 7924 avipbb - ok
18:34:11.0735 7924 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:34:11.0735 7924 avkmgr - ok
18:34:11.0781 7924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:34:11.0791 7924 AxInstSV - ok
18:34:11.0850 7924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:34:11.0857 7924 b06bdrv - ok
18:34:11.0910 7924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:34:11.0914 7924 b57nd60a - ok
18:34:11.0949 7924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:34:11.0957 7924 BDESVC - ok
18:34:12.0012 7924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:34:12.0039 7924 Beep - ok
18:34:12.0085 7924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:34:12.0093 7924 BFE - ok
18:34:12.0145 7924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:34:12.0163 7924 BITS - ok
18:34:12.0181 7924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:34:12.0182 7924 blbdrive - ok
18:34:12.0298 7924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:34:12.0302 7924 Bonjour Service - ok
18:34:12.0336 7924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:34:12.0349 7924 bowser - ok
18:34:12.0377 7924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:34:12.0378 7924 BrFiltLo - ok
18:34:12.0392 7924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:34:12.0393 7924 BrFiltUp - ok
18:34:12.0472 7924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:34:12.0474 7924 Browser - ok
18:34:12.0572 7924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:34:12.0576 7924 Brserid - ok
18:34:12.0600 7924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:34:12.0601 7924 BrSerWdm - ok
18:34:12.0615 7924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:34:12.0617 7924 BrUsbMdm - ok
18:34:12.0638 7924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:34:12.0639 7924 BrUsbSer - ok
18:34:12.0681 7924 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:34:12.0740 7924 BthEnum - ok
18:34:12.0776 7924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:34:12.0778 7924 BTHMODEM - ok
18:34:12.0799 7924 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:34:12.0801 7924 BthPan - ok
18:34:12.0838 7924 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:34:12.0886 7924 BTHPORT - ok
18:34:12.0937 7924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:34:12.0946 7924 bthserv - ok
18:34:12.0973 7924 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:34:12.0982 7924 BTHUSB - ok
18:34:12.0996 7924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:34:13.0024 7924 cdfs - ok
18:34:13.0058 7924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:34:13.0080 7924 cdrom - ok
18:34:13.0122 7924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:34:13.0123 7924 CertPropSvc - ok
18:34:13.0157 7924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:34:13.0158 7924 circlass - ok
18:34:13.0209 7924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:34:13.0214 7924 CLFS - ok
18:34:13.0311 7924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:34:13.0313 7924 clr_optimization_v2.0.50727_32 - ok
18:34:13.0369 7924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:34:13.0371 7924 clr_optimization_v2.0.50727_64 - ok
18:34:13.0426 7924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:34:13.0446 7924 clr_optimization_v4.0.30319_32 - ok
18:34:13.0472 7924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:34:13.0475 7924 clr_optimization_v4.0.30319_64 - ok
18:34:13.0505 7924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:34:13.0513 7924 CmBatt - ok
18:34:13.0538 7924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:34:13.0539 7924 cmdide - ok
18:34:13.0613 7924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:34:13.0631 7924 CNG - ok
18:34:13.0678 7924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:34:13.0679 7924 Compbatt - ok
18:34:13.0723 7924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:34:13.0769 7924 CompositeBus - ok
18:34:13.0774 7924 COMSysApp - ok
18:34:13.0806 7924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:34:13.0808 7924 crcdisk - ok
18:34:13.0831 7924 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:34:13.0834 7924 CryptSvc - ok
18:34:13.0996 7924 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:34:14.0024 7924 cvhsvc - ok
18:34:14.0114 7924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:34:14.0121 7924 DcomLaunch - ok
18:34:14.0174 7924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:34:14.0189 7924 defragsvc - ok
18:34:14.0215 7924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:34:14.0263 7924 DfsC - ok
18:34:14.0324 7924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:34:14.0328 7924 Dhcp - ok
18:34:14.0360 7924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:34:14.0361 7924 discache - ok
18:34:14.0609 7924 [ F884ADE2532330098DD3076CB46D0F2E ] DiscountfinderService C:\ProgramData\Rabatt-Finder\DFService.exe
18:34:14.0610 7924 DiscountfinderService - ok
18:34:14.0631 7924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:34:14.0656 7924 Disk - ok
18:34:14.0713 7924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:34:14.0717 7924 Dnscache - ok
18:34:14.0773 7924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:34:14.0796 7924 dot3svc - ok
18:34:14.0836 7924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:34:14.0839 7924 DPS - ok
18:34:14.0868 7924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:34:14.0871 7924 drmkaud - ok
18:34:14.0967 7924 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:34:14.0980 7924 DXGKrnl - ok
18:34:15.0045 7924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:34:15.0049 7924 EapHost - ok
18:34:15.0191 7924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:34:15.0301 7924 ebdrv - ok
18:34:15.0367 7924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:34:15.0371 7924 EFS - ok
18:34:15.0486 7924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:34:15.0500 7924 ehRecvr - ok
18:34:15.0536 7924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:34:15.0538 7924 ehSched - ok
18:34:15.0619 7924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:34:15.0627 7924 elxstor - ok
18:34:15.0688 7924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:34:15.0697 7924 ErrDev - ok
18:34:15.0767 7924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:34:15.0773 7924 EventSystem - ok
18:34:15.0818 7924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:34:15.0837 7924 exfat - ok
18:34:15.0863 7924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:34:15.0904 7924 fastfat - ok
18:34:15.0953 7924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:34:15.0961 7924 Fax - ok
18:34:15.0986 7924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:34:15.0987 7924 fdc - ok
18:34:16.0028 7924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:34:16.0030 7924 fdPHost - ok
18:34:16.0046 7924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:34:16.0057 7924 FDResPub - ok
18:34:16.0087 7924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:34:16.0095 7924 FileInfo - ok
18:34:16.0107 7924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:34:16.0114 7924 Filetrace - ok
18:34:16.0148 7924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:34:16.0149 7924 flpydisk - ok
18:34:16.0199 7924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:34:16.0215 7924 FltMgr - ok
18:34:16.0298 7924 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:34:16.0315 7924 FontCache - ok
18:34:16.0383 7924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:34:16.0384 7924 FontCache3.0.0.0 - ok
18:34:16.0433 7924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:34:16.0442 7924 FsDepends - ok
18:34:16.0466 7924 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:34:16.0467 7924 fssfltr - ok
18:34:16.0556 7924 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:34:16.0565 7924 fsssvc - ok
18:34:16.0622 7924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:34:16.0630 7924 Fs_Rec - ok
18:34:16.0664 7924 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:34:16.0667 7924 fvevol - ok
18:34:16.0707 7924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:34:16.0709 7924 gagp30kx - ok
18:34:16.0754 7924 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:34:16.0756 7924 GEARAspiWDM - ok
18:34:16.0863 7924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:34:16.0873 7924 gpsvc - ok
18:34:16.0948 7924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:34:16.0951 7924 gupdate - ok
18:34:16.0967 7924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:34:16.0968 7924 gupdatem - ok
18:34:17.0004 7924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:34:17.0005 7924 hcw85cir - ok
18:34:17.0049 7924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:34:17.0075 7924 HdAudAddService - ok
18:34:17.0102 7924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:34:17.0107 7924 HDAudBus - ok
18:34:17.0129 7924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:34:17.0130 7924 HidBatt - ok
18:34:17.0161 7924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:34:17.0163 7924 HidBth - ok
18:34:17.0191 7924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:34:17.0192 7924 HidIr - ok
18:34:17.0235 7924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:34:17.0251 7924 hidserv - ok
18:34:17.0303 7924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:34:17.0305 7924 HidUsb - ok
18:34:17.0361 7924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:34:17.0364 7924 hkmsvc - ok
18:34:17.0410 7924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:34:17.0418 7924 HomeGroupListener - ok
18:34:17.0466 7924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:34:17.0472 7924 HomeGroupProvider - ok
18:34:17.0530 7924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:34:17.0532 7924 HpSAMD - ok
18:34:17.0679 7924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:34:17.0708 7924 HTTP - ok
18:34:17.0784 7924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:34:17.0785 7924 hwpolicy - ok
18:34:17.0824 7924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:34:17.0874 7924 i8042prt - ok
18:34:17.0900 7924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:34:17.0907 7924 iaStorV - ok
18:34:18.0001 7924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:34:18.0023 7924 idsvc - ok
18:34:18.0061 7924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:34:18.0062 7924 iirsp - ok
18:34:18.0187 7924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:34:18.0211 7924 IKEEXT - ok
18:34:18.0408 7924 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:34:18.0468 7924 IntcAzAudAddService - ok
18:34:18.0495 7924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:34:18.0497 7924 intelide - ok
18:34:18.0526 7924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:34:18.0527 7924 intelppm - ok
18:34:18.0586 7924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:34:18.0601 7924 IPBusEnum - ok
18:34:18.0660 7924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:18.0674 7924 IpFilterDriver - ok
18:34:18.0735 7924 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:34:18.0747 7924 iphlpsvc - ok
18:34:18.0812 7924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:34:18.0814 7924 IPMIDRV - ok
18:34:18.0846 7924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:34:18.0880 7924 IPNAT - ok
18:34:18.0952 7924 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:34:18.0957 7924 iPod Service - ok
18:34:19.0000 7924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:34:19.0012 7924 IRENUM - ok
18:34:19.0032 7924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:34:19.0040 7924 isapnp - ok
18:34:19.0109 7924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:34:19.0113 7924 iScsiPrt - ok
18:34:19.0131 7924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:34:19.0178 7924 kbdclass - ok
18:34:19.0194 7924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:34:19.0219 7924 kbdhid - ok
18:34:19.0234 7924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:34:19.0235 7924 KeyIso - ok
18:34:19.0265 7924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:34:19.0288 7924 KSecDD - ok
18:34:19.0312 7924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:34:19.0331 7924 KSecPkg - ok
18:34:19.0356 7924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:34:19.0380 7924 ksthunk - ok
18:34:19.0430 7924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:34:19.0521 7924 KtmRm - ok
18:34:19.0566 7924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:34:19.0571 7924 LanmanServer - ok
18:34:19.0607 7924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:34:19.0611 7924 LanmanWorkstation - ok
18:34:19.0634 7924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:34:19.0717 7924 lltdio - ok
18:34:19.0766 7924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:34:19.0778 7924 lltdsvc - ok
18:34:19.0796 7924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:34:19.0798 7924 lmhosts - ok
18:34:19.0837 7924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:34:19.0840 7924 LSI_FC - ok
18:34:19.0883 7924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:34:19.0886 7924 LSI_SAS - ok
18:34:19.0911 7924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:34:19.0915 7924 LSI_SAS2 - ok
18:34:19.0944 7924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:34:19.0949 7924 LSI_SCSI - ok
18:34:19.0970 7924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:34:19.0990 7924 luafv - ok
18:34:20.0114 7924 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:34:20.0116 7924 MBAMProtector - ok
18:34:20.0302 7924 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:34:20.0305 7924 MBAMScheduler - ok
18:34:20.0465 7924 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:34:20.0474 7924 MBAMService - ok
18:34:20.0518 7924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:34:20.0534 7924 Mcx2Svc - ok
18:34:20.0614 7924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:34:20.0616 7924 megasas - ok
18:34:20.0730 7924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:34:20.0733 7924 MegaSR - ok
18:34:20.0772 7924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:34:20.0776 7924 MMCSS - ok
18:34:20.0810 7924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:34:20.0821 7924 Modem - ok
18:34:20.0858 7924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:34:20.0860 7924 monitor - ok
18:34:20.0907 7924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:34:20.0933 7924 mouclass - ok
18:34:20.0992 7924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:34:20.0995 7924 mouhid - ok
18:34:21.0025 7924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:34:21.0029 7924 mountmgr - ok
18:34:21.0103 7924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:34:21.0124 7924 mpio - ok
18:34:21.0162 7924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:34:21.0187 7924 mpsdrv - ok
18:34:21.0295 7924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:34:21.0306 7924 MpsSvc - ok
18:34:21.0354 7924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:34:21.0382 7924 MRxDAV - ok
18:34:21.0434 7924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:21.0455 7924 mrxsmb - ok
18:34:21.0507 7924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:21.0522 7924 mrxsmb10 - ok
18:34:21.0561 7924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:21.0579 7924 mrxsmb20 - ok
18:34:21.0599 7924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:34:21.0601 7924 msahci - ok
18:34:21.0646 7924 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
18:34:21.0648 7924 MSCamSvc - ok
18:34:21.0700 7924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:34:21.0719 7924 msdsm - ok
18:34:21.0785 7924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:34:21.0799 7924 MSDTC - ok
18:34:21.0860 7924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:34:21.0866 7924 Msfs - ok
18:34:21.0888 7924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:34:21.0892 7924 mshidkmdf - ok
18:34:21.0917 7924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:34:21.0926 7924 msisadrv - ok
18:34:21.0973 7924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:34:21.0984 7924 MSiSCSI - ok
18:34:21.0993 7924 msiserver - ok
18:34:22.0040 7924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:34:22.0044 7924 MSKSSRV - ok
18:34:22.0064 7924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:22.0070 7924 MSPCLOCK - ok
18:34:22.0093 7924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:34:22.0099 7924 MSPQM - ok
18:34:22.0136 7924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:34:22.0269 7924 MsRPC - ok
18:34:22.0297 7924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:34:22.0298 7924 mssmbios - ok
18:34:22.0337 7924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:34:22.0342 7924 MSTEE - ok
18:34:22.0353 7924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:34:22.0355 7924 MTConfig - ok
18:34:22.0377 7924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:34:22.0393 7924 Mup - ok
18:34:22.0451 7924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:34:22.0457 7924 napagent - ok
18:34:22.0506 7924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:34:22.0523 7924 NativeWifiP - ok
18:34:22.0647 7924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:34:22.0695 7924 NDIS - ok
18:34:22.0726 7924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:22.0756 7924 NdisCap - ok
18:34:22.0793 7924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:22.0799 7924 NdisTapi - ok
18:34:22.0831 7924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:22.0838 7924 Ndisuio - ok
18:34:22.0895 7924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:22.0906 7924 NdisWan - ok
18:34:22.0957 7924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:34:22.0964 7924 NDProxy - ok
18:34:22.0988 7924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:34:22.0995 7924 NetBIOS - ok
18:34:23.0037 7924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:34:23.0041 7924 NetBT - ok
18:34:23.0056 7924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:34:23.0058 7924 Netlogon - ok
18:34:23.0106 7924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:34:23.0112 7924 Netman - ok
18:34:23.0152 7924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:23.0204 7924 NetMsmqActivator - ok
18:34:23.0213 7924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:23.0215 7924 NetPipeActivator - ok
18:34:23.0308 7924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:34:23.0401 7924 netprofm - ok
18:34:23.0475 7924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:23.0476 7924 NetTcpActivator - ok
18:34:23.0485 7924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:23.0486 7924 NetTcpPortSharing - ok
18:34:23.0542 7924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:34:23.0545 7924 nfrd960 - ok
18:34:23.0610 7924 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:34:23.0615 7924 NlaSvc - ok
18:34:23.0647 7924 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
18:34:23.0649 7924 nmwcd - ok
18:34:23.0698 7924 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
18:34:23.0699 7924 nmwcdc - ok
18:34:23.0805 7924 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
18:34:23.0808 7924 nmwcdnsux64 - ok
18:34:23.0901 7924 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\NPF.sys
18:34:23.0904 7924 NPF - ok
18:34:23.0934 7924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:34:23.0946 7924 Npfs - ok
18:34:24.0003 7924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:34:24.0005 7924 nsi - ok
18:34:24.0018 7924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:34:24.0020 7924 nsiproxy - ok
18:34:24.0148 7924 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:34:24.0190 7924 Ntfs - ok
18:34:24.0223 7924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:34:24.0230 7924 Null - ok
18:34:24.0286 7924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:34:24.0289 7924 nvraid - ok
18:34:24.0318 7924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:34:24.0321 7924 nvstor - ok
18:34:24.0365 7924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:34:24.0368 7924 nv_agp - ok
18:34:24.0405 7924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:34:24.0426 7924 ohci1394 - ok
18:34:24.0452 7924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:34:24.0455 7924 ose - ok
18:34:24.0804 7924 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:34:24.0898 7924 osppsvc - ok
18:34:24.0970 7924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:34:24.0980 7924 p2pimsvc - ok
18:34:25.0072 7924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:34:25.0092 7924 p2psvc - ok
18:34:25.0139 7924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:34:25.0142 7924 Parport - ok
18:34:25.0197 7924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:34:25.0208 7924 partmgr - ok
18:34:25.0261 7924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:34:25.0265 7924 PcaSvc - ok
18:34:25.0304 7924 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
18:34:25.0306 7924 pccsmcfd - ok
18:34:25.0321 7924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:34:25.0324 7924 pci - ok
18:34:25.0369 7924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:34:25.0375 7924 pciide - ok
18:34:25.0425 7924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:34:25.0428 7924 pcmcia - ok
18:34:25.0448 7924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:34:25.0478 7924 pcw - ok
18:34:25.0544 7924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:34:25.0686 7924 PEAUTH - ok
18:34:25.0758 7924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:34:25.0760 7924 PerfHost - ok
18:34:25.0828 7924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:34:25.0872 7924 pla - ok
18:34:25.0952 7924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:34:25.0958 7924 PlugPlay - ok
18:34:26.0043 7924 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
18:34:26.0050 7924 PMBDeviceInfoProvider - ok
18:34:26.0079 7924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:34:26.0088 7924 PNRPAutoReg - ok
18:34:26.0141 7924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:34:26.0145 7924 PNRPsvc - ok
18:34:26.0225 7924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:34:26.0245 7924 PolicyAgent - ok
18:34:26.0295 7924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:34:26.0299 7924 Power - ok
18:34:26.0356 7924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:34:26.0365 7924 PptpMiniport - ok
18:34:26.0431 7924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:34:26.0433 7924 Processor - ok
18:34:26.0468 7924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:34:26.0472 7924 ProfSvc - ok
18:34:26.0489 7924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:34:26.0491 7924 ProtectedStorage - ok
18:34:26.0525 7924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:34:26.0527 7924 Psched - ok
18:34:26.0572 7924 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:34:26.0574 7924 PxHlpa64 - ok
18:34:26.0646 7924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:34:26.0703 7924 ql2300 - ok
18:34:26.0733 7924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:34:26.0736 7924 ql40xx - ok
18:34:26.0792 7924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:34:26.0809 7924 QWAVE - ok
18:34:26.0828 7924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:34:26.0877 7924 QWAVEdrv - ok
18:34:26.0896 7924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:34:26.0903 7924 RasAcd - ok
18:34:26.0933 7924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:34:26.0940 7924 RasAgileVpn - ok
18:34:26.0968 7924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:34:26.0977 7924 RasAuto - ok
18:34:27.0015 7924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:34:27.0024 7924 Rasl2tp - ok
18:34:27.0074 7924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:34:27.0096 7924 RasMan - ok
18:34:27.0124 7924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:34:27.0133 7924 RasPppoe - ok
18:34:27.0150 7924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:34:27.0191 7924 RasSstp - ok
18:34:27.0241 7924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:34:27.0269 7924 rdbss - ok
18:34:27.0293 7924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:34:27.0295 7924 rdpbus - ok
18:34:27.0308 7924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:34:27.0309 7924 RDPCDD - ok
18:34:27.0321 7924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:34:27.0322 7924 RDPENCDD - ok
18:34:27.0333 7924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:34:27.0335 7924 RDPREFMP - ok
18:34:27.0396 7924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:34:27.0405 7924 RDPWD - ok
18:34:27.0455 7924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:34:27.0482 7924 rdyboost - ok
18:34:27.0514 7924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:34:27.0525 7924 RemoteAccess - ok
18:34:27.0616 7924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:34:27.0628 7924 RemoteRegistry - ok
18:34:27.0680 7924 [ 359E4937D3A52198A1FC0BE5C2188457 ] Rent Update C:/Windows/Rent/Update.exe
18:34:27.0694 7924 Rent Update - ok
18:34:27.0726 7924 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:34:27.0746 7924 RFCOMM - ok
18:34:27.0807 7924 [ BA6CE930E1453677F7565AE45181AD76 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
18:34:27.0811 7924 Roxio UPnP Renderer 10 - ok
18:34:27.0830 7924 [ 3A3D707A35EA30A6CF88B9E555E3D815 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
18:34:27.0836 7924 Roxio Upnp Server 10 - ok
18:34:27.0884 7924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:34:27.0886 7924 RpcEptMapper - ok
18:34:27.0932 7924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:34:27.0969 7924 RpcLocator - ok
18:34:28.0035 7924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:34:28.0040 7924 RpcSs - ok
18:34:28.0090 7924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:34:28.0186 7924 rspndr - ok
18:34:28.0225 7924 [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:34:28.0231 7924 RSUSBSTOR - ok
18:34:28.0276 7924 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
18:34:28.0283 7924 RTHDMIAzAudService - ok
18:34:28.0325 7924 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:34:28.0329 7924 RTL8167 - ok
18:34:28.0357 7924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:34:28.0358 7924 SamSs - ok
18:34:28.0421 7924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:34:28.0423 7924 sbp2port - ok
18:34:28.0469 7924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:34:28.0543 7924 SCardSvr - ok
18:34:28.0579 7924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:34:28.0612 7924 scfilter - ok
18:34:28.0762 7924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:34:28.0790 7924 Schedule - ok
18:34:28.0834 7924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:34:28.0837 7924 SCPolicySvc - ok
18:34:28.0862 7924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:34:28.0888 7924 SDRSVC - ok
18:34:28.0910 7924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:34:28.0912 7924 secdrv - ok
18:34:28.0965 7924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:34:28.0980 7924 seclogon - ok
18:34:28.0996 7924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:34:28.0999 7924 SENS - ok
18:34:29.0014 7924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:34:29.0042 7924 SensrSvc - ok
18:34:29.0069 7924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:34:29.0071 7924 Serenum - ok
18:34:29.0098 7924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:34:29.0100 7924 Serial - ok
18:34:29.0149 7924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:34:29.0168 7924 sermouse - ok
18:34:29.0355 7924 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:34:29.0383 7924 ServiceLayer - ok
18:34:29.0447 7924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:34:29.0488 7924 SessionEnv - ok
18:34:29.0522 7924 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
18:34:29.0524 7924 SFEP - ok
18:34:29.0558 7924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:34:29.0584 7924 sffdisk - ok
18:34:29.0614 7924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:34:29.0620 7924 sffp_mmc - ok
18:34:29.0638 7924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:34:29.0688 7924 sffp_sd - ok
18:34:29.0716 7924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:34:29.0718 7924 sfloppy - ok
18:34:29.0804 7924 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:34:29.0816 7924 Sftfs - ok
18:34:29.0911 7924 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:34:29.0918 7924 sftlist - ok
18:34:29.0940 7924 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:34:29.0945 7924 Sftplay - ok
18:34:29.0983 7924 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:34:29.0984 7924 Sftredir - ok
18:34:29.0999 7924 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:34:30.0000 7924 Sftvol - ok
18:34:30.0048 7924 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:34:30.0050 7924 sftvsa - ok
18:34:30.0116 7924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:34:30.0235 7924 SharedAccess - ok
18:34:30.0329 7924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:34:30.0335 7924 ShellHWDetection - ok
18:34:30.0379 7924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:34:30.0382 7924 SiSRaid2 - ok
18:34:30.0405 7924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:34:30.0408 7924 SiSRaid4 - ok
18:34:30.0476 7924 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:34:30.0479 7924 SkypeUpdate - ok
18:34:30.0501 7924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:34:30.0511 7924 Smb - ok
18:34:30.0566 7924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:34:30.0568 7924 SNMPTRAP - ok
18:34:30.0671 7924 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
18:34:30.0674 7924 SOHCImp - ok
18:34:30.0719 7924 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
18:34:30.0723 7924 SOHDms - ok
18:34:30.0755 7924 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
18:34:30.0756 7924 SOHDs - ok
18:34:30.0860 7924 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
18:34:30.0864 7924 SpfService - ok
18:34:30.0893 7924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:34:30.0901 7924 spldr - ok
18:34:30.0991 7924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:34:31.0001 7924 Spooler - ok
18:34:31.0229 7924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:34:31.0315 7924 sppsvc - ok
18:34:31.0355 7924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:34:31.0365 7924 sppuinotify - ok
18:34:31.0416 7924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:34:31.0422 7924 srv - ok
18:34:31.0454 7924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:34:31.0461 7924 srv2 - ok
18:34:31.0524 7924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:34:31.0533 7924 srvnet - ok
18:34:31.0585 7924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:34:31.0589 7924 SSDPSRV - ok
18:34:31.0610 7924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:34:31.0610 7924 SstpSvc - ok
18:34:31.0625 7924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:34:31.0625 7924 stexstor - ok
18:34:31.0672 7924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:34:31.0688 7924 stisvc - ok
18:34:31.0735 7924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:34:31.0750 7924 swenum - ok
18:34:31.0797 7924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:34:31.0813 7924 swprv - ok
18:34:31.0906 7924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:34:31.0937 7924 SysMain - ok
18:34:31.0984 7924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:34:31.0984 7924 TabletInputService - ok
18:34:32.0031 7924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:34:32.0171 7924 TapiSrv - ok
18:34:32.0218 7924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:34:32.0218 7924 TBS - ok
18:34:32.0343 7924 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:34:32.0390 7924 Tcpip - ok
18:34:32.0468 7924 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:34:32.0483 7924 TCPIP6 - ok
18:34:32.0546 7924 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:34:32.0561 7924 tcpipreg - ok
18:34:32.0608 7924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:34:32.0624 7924 TDPIPE - ok
18:34:32.0639 7924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:34:32.0655 7924 TDTCP - ok
18:34:32.0686 7924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:34:32.0702 7924 tdx - ok
18:34:32.0936 7924 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
18:34:33.0029 7924 TeamViewer8 - ok
18:34:33.0061 7924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:34:33.0201 7924 TermDD - ok
18:34:33.0295 7924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:34:33.0295 7924 TermService - ok
18:34:33.0326 7924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:34:33.0326 7924 Themes - ok
18:34:33.0373 7924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:34:33.0373 7924 THREADORDER - ok
18:34:33.0419 7924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:34:33.0419 7924 TrkWks - ok
18:34:33.0513 7924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:34:33.0529 7924 TrustedInstaller - ok
18:34:33.0560 7924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:33.0638 7924 tssecsrv - ok
18:34:33.0685 7924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:34:33.0685 7924 TsUsbFlt - ok
18:34:33.0731 7924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:34:33.0763 7924 tunnel - ok
18:34:33.0809 7924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:34:33.0809 7924 uagp35 - ok
18:34:33.0856 7924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:34:33.0887 7924 udfs - ok
18:34:34.0028 7924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:34:34.0043 7924 UI0Detect - ok
18:34:34.0090 7924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:34:34.0090 7924 uliagpkx - ok
18:34:34.0121 7924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:34:34.0137 7924 umbus - ok
18:34:34.0168 7924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:34:34.0168 7924 UmPass - ok
18:34:34.0231 7924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:34:34.0231 7924 upnphost - ok
18:34:34.0262 7924 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:34:34.0277 7924 upperdev - ok
18:34:34.0324 7924 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:34:34.0340 7924 usbaudio - ok
18:34:34.0355 7924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:34.0371 7924 usbccgp - ok
18:34:34.0418 7924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:34:34.0418 7924 usbcir - ok
18:34:34.0449 7924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:34:34.0449 7924 usbehci - ok
18:34:34.0480 7924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:34:34.0511 7924 usbhub - ok
18:34:34.0543 7924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:34:34.0543 7924 usbohci - ok
18:34:34.0605 7924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:34:34.0621 7924 usbprint - ok
18:34:34.0652 7924 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:34:34.0652 7924 usbscan - ok
18:34:34.0714 7924 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
18:34:34.0714 7924 usbser - ok
18:34:34.0777 7924 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
18:34:34.0777 7924 UsbserFilt - ok
18:34:34.0808 7924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:34.0823 7924 USBSTOR - ok
18:34:34.0839 7924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:34:34.0839 7924 usbuhci - ok
18:34:34.0855 7924 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:34:34.0870 7924 usbvideo - ok
18:34:34.0917 7924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:34:34.0917 7924 UxSms - ok
18:34:34.0948 7924 [ 8E68E4AA2D7ABBF7C9159D9D2A38AE0F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:34:34.0948 7924 VAIO Entertainment TV Device Arbitration Service - ok
18:34:35.0042 7924 [ 218F78B39832A2A0761CE2422828A57C ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
18:34:35.0042 7924 VAIO Event Service - ok
18:34:35.0135 7924 [ 1CF1A4DD7A58C966C9014B83C7229CF3 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:34:35.0151 7924 VAIO Power Management - ok
18:34:35.0167 7924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:34:35.0167 7924 VaultSvc - ok
18:34:35.0291 7924 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:34:35.0338 7924 VCFw - ok
18:34:35.0494 7924 [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:34:35.0510 7924 VcmIAlzMgr - ok
18:34:35.0619 7924 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
18:34:35.0619 7924 VcmINSMgr - ok
18:34:35.0697 7924 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
18:34:35.0697 7924 VcmXmlIfHelper - ok
18:34:35.0806 7924 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
18:34:35.0806 7924 VCService - ok
18:34:35.0837 7924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:34:35.0869 7924 vdrvroot - ok
18:34:35.0978 7924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:34:35.0978 7924 vds - ok
18:34:36.0009 7924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:36.0025 7924 vga - ok
18:34:36.0040 7924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:34:36.0056 7924 VgaSave - ok
18:34:36.0118 7924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:34:36.0149 7924 vhdmp - ok
18:34:36.0196 7924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:34:36.0196 7924 viaide - ok
18:34:36.0227 7924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:34:36.0243 7924 volmgr - ok
18:34:36.0321 7924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:34:36.0321 7924 volmgrx - ok
18:34:36.0399 7924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:34:36.0415 7924 volsnap - ok
18:34:36.0461 7924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:34:36.0461 7924 vsmraid - ok
18:34:36.0586 7924 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
18:34:36.0602 7924 VSNService - ok
18:34:36.0929 7924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:34:36.0976 7924 VSS - ok
18:34:37.0023 7924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:34:37.0039 7924 vwifibus - ok
18:34:37.0054 7924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:34:37.0070 7924 vwififlt - ok
18:34:37.0085 7924 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:34:37.0101 7924 vwifimp - ok
18:34:37.0304 7924 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
18:34:37.0397 7924 VX3000 - ok
18:34:37.0443 7924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:34:37.0443 7924 W32Time - ok
18:34:37.0505 7924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:34:37.0505 7924 WacomPen - ok
18:34:37.0536 7924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:34:37.0552 7924 WANARP - ok
18:34:37.0552 7924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:34:37.0552 7924 Wanarpv6 - ok
18:34:37.0708 7924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:34:37.0817 7924 wbengine - ok
18:34:37.0864 7924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:34:37.0895 7924 WbioSrvc - ok
18:34:37.0942 7924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:34:37.0973 7924 wcncsvc - ok
18:34:38.0020 7924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:34:38.0036 7924 WcsPlugInService - ok
18:34:38.0067 7924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:34:38.0067 7924 Wd - ok
18:34:38.0098 7924 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:34:38.0098 7924 WDC_SAM - ok
18:34:38.0145 7924 [ 334E5ED94D3FAFF3C44F4D36B1FE1C90 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:34:38.0145 7924 WDDMService - ok
18:34:38.0207 7924 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:34:38.0254 7924 Wdf01000 - ok
18:34:38.0285 7924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:34:38.0285 7924 WdiServiceHost - ok
18:34:38.0301 7924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:34:38.0301 7924 WdiSystemHost - ok
18:34:38.0410 7924 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
18:34:38.0410 7924 WDSmartWareBackgroundService - ok
18:34:38.0472 7924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:34:38.0488 7924 WebClient - ok
18:34:38.0550 7924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:34:38.0566 7924 Wecsvc - ok
18:34:38.0582 7924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:34:38.0597 7924 wercplsupport - ok
18:34:38.0628 7924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:34:38.0628 7924 WerSvc - ok
18:34:38.0675 7924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:38.0691 7924 WfpLwf - ok
18:34:38.0706 7924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:34:38.0722 7924 WIMMount - ok
18:34:38.0753 7924 WinDefend - ok
18:34:38.0784 7924 WinHttpAutoProxySvc - ok
18:34:38.0862 7924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:34:38.0862 7924 Winmgmt - ok
18:34:39.0096 7924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:34:39.0174 7924 WinRM - ok
18:34:39.0252 7924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:39.0252 7924 WinUsb - ok
18:34:39.0393 7924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:34:39.0440 7924 Wlansvc - ok
18:34:39.0502 7924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:34:39.0518 7924 WmiAcpi - ok
18:34:39.0549 7924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:34:39.0596 7924 wmiApSrv - ok
18:34:39.0627 7924 WMPNetworkSvc - ok
18:34:39.0658 7924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:34:39.0674 7924 WPCSvc - ok
18:34:39.0705 7924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:34:39.0705 7924 WPDBusEnum - ok
18:34:39.0736 7924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:34:39.0752 7924 ws2ifsl - ok
18:34:39.0798 7924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:34:39.0798 7924 wscsvc - ok
18:34:39.0830 7924 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:34:39.0830 7924 WSDPrintDevice - ok
18:34:39.0845 7924 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
18:34:39.0845 7924 WSDScan - ok
18:34:39.0861 7924 WSearch - ok
18:34:40.0048 7924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:34:40.0142 7924 wuauserv - ok
18:34:40.0188 7924 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:34:40.0188 7924 WudfPf - ok
18:34:40.0220 7924 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:40.0266 7924 WUDFRd - ok
18:34:40.0298 7924 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:34:40.0313 7924 wudfsvc - ok
18:34:40.0344 7924 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
18:34:40.0360 7924 WwanSvc - ok
18:34:40.0376 7924 ================ Scan global ===============================
18:34:40.0438 7924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:34:40.0500 7924 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:34:40.0532 7924 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:34:40.0578 7924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:34:40.0641 7924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:34:40.0641 7924 [Global] - ok
18:34:40.0641 7924 ================ Scan MBR ==================================
18:34:40.0672 7924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:34:41.0171 7924 \Device\Harddisk0\DR0 - ok
18:34:41.0187 7924 ================ Scan VBR ==================================
18:34:41.0202 7924 [ E40A297BC858A6A8B560C7CEDA808695 ] \Device\Harddisk0\DR0\Partition1
18:34:41.0218 7924 \Device\Harddisk0\DR0\Partition1 - ok
18:34:41.0249 7924 [ 993A66277AA39C175796B32F1027290F ] \Device\Harddisk0\DR0\Partition2
18:34:41.0249 7924 \Device\Harddisk0\DR0\Partition2 - ok
18:34:41.0249 7924 ============================================================
18:34:41.0249 7924 Scan finished
18:34:41.0249 7924 ============================================================
18:34:41.0265 6020 Detected object count: 0
18:34:41.0265 6020 Actual detected object count: 0

Zitat:

(Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Warum schreibe ich das hier eigentlich rein? Bitte jetzt die Schritte 3 und 4 oder wir hören an dieser Stelle auf.

Schritt 3:
Scan mit aswMBR

Code: Alles auswählenAufklappen

ATTFilter

 aswMBR.txt
         

siehe in den Anhängen!

Schritt 4:
Scan mit DDS+ (mit attach)

Code: Alles auswählenAufklappen

ATTFilter

dds.txt
         

siehe in den Anhängen!

Code: Alles auswählenAufklappen

ATTFilter

attach.txt
         

siehe in den Anhängen!

Und ich schreibe gross und breit, dass ich keine Anhänge haben will. So langsam geht mir die Lust aus ...

Es geht weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Scan mit Combofix:

Sorry, aber des mit dem "Code" einfügen usw. check ich leider überhaupt net!
Kenn mich hier überhaupt net aus! ^^


2013-06-16 10:18:43 . 2013-06-16 10:18:43 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Apoint.reg.dat
2013-06-16 10:18:05 . 2013-06-16 10:18:06 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}.reg.dat
2013-06-16 10:05:46 . 2013-06-16 10:05:46 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2013-06-16 10:05:46 . 2013-06-16 10:05:46 1,088 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2013-06-16 10:05:19 . 2013-06-16 10:05:19 13,812 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-16 09:55:17 . 2013-06-16 09:55:17 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-01-26 22:24:24 . 2013-01-26 22:24:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Izaq\umkyw.ici.vir
2013-01-11 22:36:56 . 2010-06-23 02:07:38 1,311 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\SetFileAttributesDirectoryNormal.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:07:14 1,501 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\ReplaceInFileWithTextReplace.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:19:44 8,817 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\Readme.txt.vir
2013-01-11 22:36:56 . 2010-06-23 02:07:06 1,244 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\ReadINIStrWithDefault.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:19:34 1,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:19:12 1,310 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:19:04 1,310 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:18:56 1,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:18:30 2,129 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:18:08 1,278 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh.vir
2013-01-11 22:36:56 . 2010-06-23 02:18:04 1,278 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:17:52 1,311 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:13:20 1,295 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:12:54 1,392 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:12:30 1,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:12:20 1,397 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:11:20 1,405 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:11:14 1,463 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh.vir
2013-01-11 22:36:55 . 2010-09-23 03:15:22 1,245 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:11:06 1,233 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:10:54 1,293 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh.vir
2013-01-11 22:36:55 . 2010-06-23 02:20:14 18,325 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\License.txt.vir
2013-01-11 22:36:55 . 2012-06-16 13:36:56 19,347 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\FirefoxPortableU.nsi.vir
2013-01-11 22:36:55 . 2012-04-24 20:20:38 40,068 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\FirefoxPortable.jpg.vir
2013-01-11 22:36:55 . 2008-07-21 13:23:00 516 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\FirefoxPortable.ini.vir
2013-01-11 22:36:55 . 2010-06-23 02:06:16 1,512 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\CheckForPlatformSplashDisable.nsh.vir
2013-01-11 22:36:55 . 2006-08-02 19:01:16 120 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Source\AppSource.txt.vir
2013-01-11 22:36:55 . 2012-04-06 19:31:40 2,588 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Help\images\help_logo_top.png.vir
2013-01-11 22:36:55 . 2012-04-06 19:14:36 269 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Help\images\help_background_header.png.vir
2013-01-11 22:36:55 . 2012-04-06 19:16:20 168 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Help\images\help_background_footer.png.vir
2013-01-11 22:36:55 . 2012-04-06 19:35:16 1,150 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Help\images\favicon.ico.vir
2013-01-11 22:36:55 . 2012-04-06 20:49:00 1,742 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Other\Help\images\donation_button.png.vir
2013-01-11 22:36:55 . 2009-03-13 15:19:16 8,526 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\help.html.vir
2013-01-11 22:36:55 . 2006-10-24 09:22:02 22,540 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\zerogene.ttf.vir
2013-01-11 22:36:55 . 2006-04-03 18:05:00 707,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Yukon Gold.ttf.vir
2013-01-11 22:36:55 . 2000-09-15 13:58:50 20,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Yoshitoshi.ttf.vir
2013-01-11 22:36:55 . 1997-11-14 12:25:08 18,116 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Xfiles.ttf.vir
2013-01-11 22:36:55 . 2001-03-13 22:01:34 26,840 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\WillyWonka.ttf.vir
2013-01-11 22:36:55 . 1999-12-16 15:21:10 60,240 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\weezerfont.ttf.vir
2013-01-11 22:36:55 . 2007-08-23 08:35:32 35,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\walk_plank.ttf.vir
2013-01-11 22:36:55 . 2007-09-06 06:29:40 24,220 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\vintage.ttf.vir
2013-01-11 22:36:55 . 2004-10-24 03:04:28 13,120 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Varsity.ttf.vir
2013-01-11 22:36:55 . 2000-10-05 17:34:10 18,636 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Vampiress.ttf.vir
2013-01-11 22:36:55 . 2008-01-23 17:30:12 25,444 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\uwch.ttf.vir
2013-01-11 22:36:55 . 1998-08-01 22:28:18 57,448 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Uptown__.ttf.vir
2013-01-11 22:36:55 . 2000-12-21 22:34:14 82,756 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Unreal.ttf.vir
2013-01-11 22:36:55 . 2000-09-20 15:51:26 42,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Umberto.ttf.vir
2013-01-11 22:36:55 . 2008-03-22 13:26:46 123,476 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\ultimate MIDNIGHT.ttf.vir
2013-01-11 22:36:55 . 2000-07-22 11:40:48 28,548 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Turok.ttf.vir
2013-01-11 22:36:55 . 2000-12-19 20:03:10 32,552 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Trumania.ttf.vir
2013-01-11 22:36:55 . 1997-08-29 20:40:40 16,804 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\tron.ttf.vir
2013-01-11 22:36:55 . 2007-08-22 10:48:04 12,916 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\tondo.ttf.vir
2013-01-11 22:36:55 . 2008-02-10 16:07:02 374,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\tiza.ttf.vir
2013-01-11 22:36:55 . 2007-05-16 06:47:20 210,668 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\the_Poison.ttf.vir
2013-01-11 22:36:55 . 2007-01-21 08:18:14 193,528 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\the_King__26_Queen_font.ttf.vir
2013-01-11 22:36:55 . 2001-06-15 20:22:52 19,272 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\TheGodFather.ttf.vir
2013-01-11 22:36:55 . 2003-12-24 06:46:00 19,828 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\the sixth sense.ttf.vir
2013-01-11 22:36:55 . 2002-09-26 16:09:10 16,052 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\the ring.ttf.vir
2013-01-11 22:36:55 . 1997-09-26 17:39:16 31,984 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\TERMINAT.TTF.vir
2013-01-11 22:36:55 . 2007-09-05 09:33:10 26,816 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Taste of steel.ttf.vir
2013-01-11 22:36:55 . 1999-10-14 16:48:00 5,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\TAGSTER.TTF.vir
2013-01-11 22:36:55 . 2004-09-11 14:00:40 43,116 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\stentiga.ttf.vir
2013-01-11 22:36:55 . 2005-03-25 17:47:18 15,072 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\spongefont.ttf.vir
2013-01-11 22:36:55 . 2008-06-18 12:25:44 517,100 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\splinter2.ttf.vir
2013-01-11 22:36:55 . 2001-09-11 10:27:16 26,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Spirit Medium.ttf.vir
2013-01-11 22:36:55 . 2004-04-22 06:28:02 18,736 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Smallville1.ttf.vir
2013-01-11 22:36:55 . 2007-09-24 14:28:04 126,020 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Sliced_Juice.ttf.vir
2013-01-11 22:36:54 . 2005-10-20 01:35:26 62,688 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Sin City.ttf.vir
2013-01-11 22:36:54 . 2006-11-03 07:10:22 434,928 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\sidewalk.ttf.vir
2013-01-11 22:36:54 . 1999-09-06 20:57:44 28,596 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Sickness.ttf.vir
2013-01-11 22:36:54 . 2006-10-25 06:49:26 19,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\shellhead.ttf.vir
2013-01-11 22:36:54 . 2002-05-07 20:08:52 53,352 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Searfont.ttf.vir
2013-01-11 22:36:54 . 2003-01-15 18:01:08 30,736 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\se7en.ttf.vir
2013-01-11 22:36:54 . 2001-12-23 09:19:22 20,224 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Scream Real.ttf.vir
2013-01-11 22:36:54 . 2008-04-09 08:53:12 12,288 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\rzrarti.ttf.vir
2013-01-11 22:36:54 . 2009-04-01 11:16:22 21,028 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Rounded.ttf.vir
2013-01-11 22:36:54 . 1997-02-12 16:54:00 129,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\romeo.ttf.vir
2013-01-11 22:36:54 . 2003-12-06 18:07:08 57,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Rockit.ttf.vir
2013-01-11 22:36:54 . 2008-02-17 11:04:08 45,744 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\riesling.ttf.vir
2013-01-11 22:36:54 . 2000-05-16 17:47:20 47,004 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\ribbon.ttf.vir
2013-01-11 22:36:54 . 2006-02-25 08:05:12 717,720 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\retroRockPoster.ttf.vir
2013-01-11 22:36:54 . 2002-09-07 08:30:50 9,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Resident Evil Large.ttf.vir
2013-01-11 22:36:54 . 2004-12-12 14:53:00 53,296 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Requiem.ttf.vir
2013-01-11 22:36:54 . 1996-11-19 20:18:32 17,484 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\quake.TTF.vir
2013-01-11 22:36:54 . 2004-10-30 16:57:12 53,568 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Pyromane.ttf.vir
2013-01-11 22:36:54 . 2007-09-24 14:32:36 45,700 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Prozak.ttf.vir
2013-01-11 22:36:54 . 2001-05-06 22:20:26 29,592 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Prototype.ttf.vir
2013-01-11 22:36:54 . 2007-07-03 08:48:16 116,672 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Pozo.ttf.vir
2013-01-11 22:36:54 . 2007-09-24 21:18:44 195,448 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\postoffice.ttf.vir
2013-01-11 22:36:54 . 1998-06-16 03:51:38 24,500 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Pleiades.TTF.vir
2013-01-11 22:36:54 . 2000-08-12 02:12:34 20,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Playtoy.ttf.vir
2013-01-11 22:36:54 . 2004-11-20 14:46:44 8,264 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Planet of the Apes.ttf.vir
2013-01-11 22:36:54 . 2007-05-27 13:09:52 412,852 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Phorssa.ttf.vir
2013-01-11 22:36:54 . 2000-06-02 11:45:28 32,420 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\pdark.ttf.vir
2013-01-11 22:36:54 . 2005-03-04 08:51:18 142,292 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Patches.ttf.vir
2013-01-11 22:36:54 . 2000-09-17 17:12:44 304,160 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\PaisleyCaps .ttf.vir
2013-01-11 22:36:54 . 2008-03-04 09:10:20 17,120 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Origami.ttf.vir
2013-01-11 22:36:54 . 2000-12-11 22:59:18 25,764 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\oreos.ttf.vir
2013-01-11 22:36:54 . 2001-01-30 17:36:32 24,340 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Orange Fizz.ttf.vir
2013-01-11 22:36:53 . 2008-03-27 09:37:02 12,228 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\nevis.ttf.vir
2013-01-11 22:36:53 . 2004-10-20 16:50:44 42,204 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\NEUROTOX.TTF.vir
2013-01-11 22:36:53 . 1996-11-23 08:30:46 98,696 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\neon2.ttf.vir
2013-01-11 22:36:53 . 1997-05-12 21:23:18 22,116 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\NASALIZA.TTF.vir
2013-01-11 22:36:53 . 2005-02-28 12:56:12 13,332 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\N-Gage.ttf.vir
2013-01-11 22:36:53 . 2008-05-14 14:35:38 54,956 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\morgenstern.ttf.vir
2013-01-11 22:36:53 . 1995-01-20 11:42:50 59,260 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\meresre.ttf.vir
2013-01-11 22:36:53 . 1998-04-13 13:39:48 48,324 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Megadeth.ttf.vir
2013-01-11 22:36:53 . 1996-07-12 12:00:00 43,712 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Marlbow.ttf.vir
2013-01-11 22:36:53 . 1996-07-12 12:00:00 44,068 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Marlboc.ttf.vir
2013-01-11 22:36:53 . 1998-07-16 22:28:42 41,196 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\MARK.TTF.vir
2013-01-11 22:36:53 . 2008-02-10 09:18:06 25,144 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\manga_speak.ttf.vir
2013-01-11 22:36:53 . 2007-06-24 21:24:52 57,300 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\maksukehoitus.ttf.vir
2013-01-11 22:36:53 . 2007-07-18 06:26:10 22,176 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\lottepaperfang.ttf.vir
2013-01-11 22:36:53 . 2004-03-18 11:32:42 19,200 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\LinkinPark.ttf.vir
2013-01-11 22:36:53 . 2006-01-29 12:59:58 45,880 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\linkin.ttf.vir
2013-01-11 22:36:53 . 2000-08-26 19:26:28 23,092 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Legothick.ttf.vir
2013-01-11 22:36:53 . 2008-05-16 21:55:08 377,644 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\LEDLIGHT.ttf.vir
2013-01-11 22:36:53 . 2007-12-28 08:50:02 20,488 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Lazy.ttf.vir
2013-01-11 22:36:53 . 2002-01-27 17:20:02 32,364 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Laine.TTF.vir
2013-01-11 22:36:53 . 2000-11-20 15:14:04 140,436 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Kittkat.ttf.vir
2013-01-11 22:36:53 . 2009-02-18 11:49:58 62,816 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Kitten Meat.ttf.vir
2013-01-11 22:36:53 . 1999-10-02 15:07:46 20,664 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Karate.ttf.vir
2013-01-11 22:36:53 . 2007-07-09 14:37:56 560,200 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\karabine.ttf.vir
2013-01-11 22:36:53 . 2004-05-03 21:17:00 78,356 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\kaileenw.ttf.vir
2013-01-11 22:36:53 . 1996-04-12 22:12:18 29,732 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\JungleRuff.ttf.vir
2013-01-11 22:36:53 . 2001-07-25 13:25:16 47,188 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\JerseyLetters.ttf.vir
2013-01-11 22:36:53 . 2005-03-26 16:03:12 48,972 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\JaneAust.ttf.vir
2013-01-11 22:36:53 . 2004-09-11 14:10:22 68,304 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\jandles.ttf.vir
2013-01-11 22:36:53 . 2006-04-23 23:15:54 47,184 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\in_my_head.ttf.vir
2013-01-11 22:36:53 . 2000-11-25 23:03:46 24,244 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Indianhotel.ttf.vir
2013-01-11 22:36:53 . 2000-03-09 01:31:10 34,468 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Impossible.ttf.vir
2013-01-11 22:36:53 . 2007-09-09 07:45:36 196,028 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\idiot.ttf.vir
2013-01-11 22:36:53 . 2000-12-05 17:43:38 13,260 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Hursheys.ttf.vir
2013-01-11 22:36:53 . 1999-07-19 20:41:06 27,604 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Hellraiser SC.ttf.vir
2013-01-11 22:36:53 . 2006-06-14 10:55:36 389,532 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\HARD_ROCK.ttf.vir
2013-01-11 22:36:53 . 2008-05-18 08:23:08 18,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\HandSean.ttf.vir
2013-01-11 22:36:53 . 2004-04-25 13:42:30 49,876 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Halo.ttf.vir
2013-01-11 22:36:53 . 1999-04-28 18:13:10 40,756 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\halflife.ttf.vir
2013-01-11 22:36:53 . 2000-04-03 21:46:56 23,932 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\gyparody.ttf.vir
2013-01-11 22:36:53 . 1994-11-23 14:24:02 17,376 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\groening.ttf.vir
2013-01-11 22:36:53 . 2008-05-14 13:44:12 649,696 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Graffogie.ttf.vir
2013-01-11 22:36:53 . 1997-10-25 09:57:48 15,312 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\gothikka.ttf.vir
2013-01-11 22:36:53 . 2007-12-09 20:04:54 71,708 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\GothicFlames.ttf.vir
2013-01-11 22:36:53 . 1997-09-30 11:37:18 34,352 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Godzilla.ttf.vir
2013-01-11 22:36:53 . 2008-02-16 09:56:32 257,756 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Ginga.ttf.vir
2013-01-11 22:36:53 . 2001-12-06 18:13:52 19,664 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\GameCube.ttf.vir
2013-01-11 22:36:53 . 2007-08-15 20:48:04 40,980 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\friends good.ttf.vir
2013-01-11 22:36:53 . 1999-10-01 05:51:58 70,164 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Flat Earth Scribe.ttf.vir
2013-01-11 22:36:53 . 2003-10-22 10:09:40 14,176 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Findet Nemo.ttf.vir
2013-01-11 22:36:53 . 1999-12-17 12:59:10 13,044 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\fight.TTF.vir
2013-01-11 22:36:53 . 2001-07-21 20:42:32 22,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Fiesta.ttf.vir
2013-01-11 22:36:53 . 2002-07-28 09:23:34 30,428 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\FerroRosso.ttf.vir
2013-01-11 22:36:53 . 1999-09-06 11:47:54 20,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\fbsbltc.ttf.vir
2013-01-11 22:36:53 . 1998-06-22 19:43:32 11,480 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\FAREAST.TTF.vir
2013-01-11 22:36:53 . 1995-06-28 06:00:00 40,208 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\EVITA.TTF.vir
2013-01-11 22:36:53 . 2001-07-01 08:33:00 35,692 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\EUROSWH.TTF.vir
2013-01-11 22:36:53 . 1995-07-05 19:56:46 45,640 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\esp.ttf.vir
2013-01-11 22:36:53 . 1998-12-30 21:58:54 115,780 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\ERTHQAKE.TTF.vir
2013-01-11 22:36:53 . 2007-05-16 06:47:12 592,388 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\EpoXY_histoRy.ttf.vir
2013-01-11 22:36:53 . 2004-10-17 19:44:42 30,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\EMPIREST.TTF.vir
2013-01-11 22:36:53 . 2007-10-02 08:27:58 48,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Ellianarelle s Path.ttf.vir
2013-01-11 22:36:53 . 1992-11-17 10:17:36 22,508 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\EDITION_.TTF.vir
2013-01-11 22:36:53 . 2004-02-22 16:32:02 50,968 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\EARWIGFA.TTF.vir
2013-01-11 22:36:53 . 2008-02-10 09:22:14 11,480 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Diskoboll.ttf.vir
2013-01-11 22:36:53 . 2001-06-08 05:37:24 85,908 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\dirtyheadline.ttf.vir
2013-01-11 22:36:53 . 1997-09-07 11:25:12 62,148 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\devotion.ttf.vir
2013-01-11 22:36:53 . 2008-01-01 13:55:06 17,356 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\detroitghetto.ttf.vir
2013-01-11 22:36:53 . 2003-01-09 08:06:34 18,680 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Detectives Inc.ttf.vir
2013-01-11 22:36:53 . 2006-10-15 06:48:44 152,880 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\desperado.ttf.vir
2013-01-11 22:36:53 . 1998-03-19 00:21:40 23,200 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\DENSMORE.TTF.vir
2013-01-11 22:36:53 . 2005-10-20 00:34:08 15,900 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Daredevil.ttf.vir
2013-01-11 22:36:53 . 2002-10-22 15:16:20 21,336 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Damn Noisy Kids.ttf.vir
2013-01-11 22:36:53 . 2008-02-10 09:22:46 44,360 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Colcothar.ttf.vir
2013-01-11 22:36:53 . 2000-05-24 12:25:50 34,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\CNN.ttf.vir
2013-01-11 22:36:53 . 2008-12-09 19:42:30 485,100 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\city_burn.ttf.vir
2013-01-11 22:36:53 . 2004-12-31 22:00:02 29,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Blambot Pro.ttf.vir
2013-01-11 22:36:53 . 2000-09-11 14:59:44 37,712 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Blambot Custom.ttf.vir
2013-01-11 22:36:53 . 1997-06-02 14:17:18 56,780 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\beaswfte.ttf.vir
2013-01-11 22:36:53 . 2001-06-28 15:18:24 28,252 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Anime Ace.ttf.vir
2013-01-11 22:36:53 . 2002-05-06 11:03:26 22,652 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Android Nation.ttf.vir
2013-01-11 22:36:53 . 1999-03-09 14:45:10 21,692 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Amerdcon.ttf.vir
2013-01-11 22:36:53 . 2008-04-16 04:12:20 144,556 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\AlteHaasGroteskBold.ttf.vir
2013-01-11 22:36:53 . 2005-03-05 06:55:40 32,156 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\All Star Resort.ttf.vir
2013-01-11 22:36:53 . 2004-11-21 16:40:00 20,348 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Alias.ttf.vir
2013-01-11 22:36:53 . 1997-06-02 14:14:26 51,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\aladdin.ttf.vir
2013-01-11 22:36:53 . 2004-11-20 15:03:48 25,956 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\airstrip.ttf.vir
2013-01-11 22:36:53 . 2004-10-17 19:19:28 38,836 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\AIRSTREA.TTF.vir
2013-01-11 22:36:53 . 1996-11-20 11:30:48 31,456 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\AIFRAGME.TTF.vir
2013-01-11 22:36:53 . 1997-05-25 19:55:24 26,471 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\aggstock.ttf.vir
2013-01-11 22:36:53 . 2003-09-07 15:12:44 102,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Aerosol.ttf.vir
2013-01-11 22:36:53 . 2007-04-03 04:03:42 36,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\adambital.ttf.vir
2013-01-11 22:36:52 . 2007-04-03 04:04:36 43,068 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\adamb.ttf.vir
2013-01-11 22:36:52 . 2007-04-03 04:05:16 39,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\adam.ttf.vir
2013-01-11 22:36:52 . 1996-01-22 23:56:12 126,492 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Acidic.TTF.vir
2013-01-11 22:36:52 . 2003-11-10 21:21:24 29,060 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\Acens.ttf.vir
2013-01-11 22:36:52 . 2008-02-10 12:14:28 486,616 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\abusive pencil.ttf.vir
2013-01-11 22:36:52 . 2006-12-31 16:50:44 95,380 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Fonts\aaaiight.ttf.vir
2013-01-11 22:36:52 . 2012-06-16 13:36:58 162,680 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\FirefoxPortable.exe.vir
2013-01-11 22:36:52 . 2012-11-28 06:52:44 81 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\settings\FirefoxPortableSettings.ini.vir
2013-01-11 22:36:52 . 2012-07-28 01:35:04 98,304 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\webappsstore.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 07:27:18 68,157,440 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\urlclassifier3.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 07:27:18 1,642,220 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\urlclassifier.pset.vir
2013-01-11 22:36:51 . 2012-11-30 06:29:20 2,065,235 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\startupCache\startupCache.4.little.vir
2013-01-11 22:36:51 . 2012-07-07 13:13:00 327,680 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\signons.sqlite.vir
2013-01-11 22:36:51 . 2012-07-07 13:12:54 16,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\secmod.db.vir
2013-01-11 22:36:51 . 2012-08-05 07:04:38 65,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\search.sqlite.vir
2013-01-11 22:36:51 . 2012-11-28 06:52:46 16,752 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\search.json.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 6,126 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\prefs.js.vir
2013-01-11 22:36:51 . 2012-11-11 15:49:06 2,475 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\pluginreg.dat.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 10,485,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\places.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 65,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\permissions.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 06:25:14 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\parent.lock.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 262,144 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\OfflineCache\index.sqlite.vir
2013-01-11 22:36:51 . 2012-07-07 13:36:48 3,230 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\mimeTypes.rdf.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 8,002 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\localstore.rdf.vir
2013-01-11 22:36:51 . 2012-08-13 14:22:16 1,022 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\localstore-safe.rdf.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 16,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\key3.db.vir
2013-01-11 22:36:51 . 2012-07-28 01:35:06 196,608 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\formhistory.sqlite.vir
2013-01-11 22:36:51 . 2012-09-30 07:12:28 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\firebug\breakpoints.json.vir
2013-01-11 22:36:51 . 2012-09-30 07:32:08 129 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\firebug\annotations.json.vir
2013-01-11 22:36:51 . 2012-11-30 06:29:20 425,984 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\extensions.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 06:25:16 209 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\extensions.ini.vir
2013-01-11 22:36:51 . 2012-12-10 18:20:48 18,057 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\extensions\remote-control@morch.com.xpi.vir
2013-01-11 22:36:51 . 2012-09-30 07:12:08 1,625,368 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\extensions\firebug@software.joehewitt.com.xpi.vir
2013-01-11 22:36:51 . 2012-08-01 17:45:22 65,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\downloads.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 524,288 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\cookies.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 229,376 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\content-prefs.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 06:25:16 206 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\compatibility.ini.vir
2013-01-11 22:36:51 . 2012-11-28 06:52:56 327,680 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\chromeappsstore.sqlite.vir
2013-01-11 22:36:51 . 2012-11-30 07:40:08 163,840 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\cert8.db.vir
2013-01-11 22:36:51 . 2010-09-23 03:45:08 8,083 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarks.html.vir
2013-01-11 22:36:51 . 2012-11-30 06:43:26 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-30.json.vir
2013-01-11 22:36:51 . 2012-11-28 06:52:50 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-28.json.vir
2013-01-11 22:36:51 . 2012-11-10 23:01:50 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-11.json.vir
2013-01-11 22:36:51 . 2012-11-10 22:03:40 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-10.json.vir
2013-01-11 22:36:51 . 2012-11-09 20:08:16 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-09.json.vir
2013-01-11 22:36:51 . 2012-11-06 14:29:12 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-06.json.vir
2013-01-11 22:36:51 . 2012-11-03 14:31:18 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-11-03.json.vir
2013-01-11 22:36:51 . 2012-10-13 09:44:32 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-10-13.json.vir
2013-01-11 22:36:51 . 2012-10-12 18:55:18 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-10-12.json.vir
2013-01-11 22:36:51 . 2012-10-03 09:25:42 3,778 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\bookmarkbackups\bookmarks-2012-10-03.json.vir
2013-01-11 22:36:51 . 2012-11-30 06:31:20 44,451 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\profile\blocklist.xml.vir
2013-01-11 22:36:51 . 2005-05-12 21:54:00 63 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\plugins\plugins_readme.txt.vir
2013-01-11 22:36:51 . 2012-11-30 06:27:16 51 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\open.txt.vir
2013-01-11 22:36:51 . 2012-11-30 06:28:02 227 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\Data\make.txt.vir
2013-01-11 22:36:51 . 2006-07-26 19:36:08 173 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\readme.txt.vir
2013-01-11 22:36:50 . 2012-06-14 21:19:04 15,757,792 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\xul.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:20 19,424 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\xpcom.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 1,041 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\updater.ini.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:18 265,184 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\updater.exe.vir
2013-01-11 22:36:50 . 2012-06-14 21:16:42 132 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\update-settings.ini.vir
2013-01-11 22:36:50 . 2012-06-14 21:47:38 869,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\uninstall\helper.exe.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:16 145,376 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\ssl3.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:14 155,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\softokn3.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:14 478 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\softokn3.chk.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:12 91,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\smime3.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 1,105 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\yahoo-de.xml.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 1,178 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\wikipedia-de.xml.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 6,805 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\leo_ende_de.xml.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 3,413 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\google.xml.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 1,153 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\eBay-de.xml.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 2,252 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\bing.xml.vir
2013-01-11 22:36:50 . 2012-06-14 21:46:56 1,392 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\searchplugins\amazondotcom-de.xml.vir
2013-01-11 22:36:50 . 2012-06-14 19:35:54 35,524 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\removed-files.vir
2013-01-11 22:36:50 . 2012-06-14 21:47:02 1,530 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\precomplete.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:10 16,864 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\plugin-container.exe.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:10 20,960 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\plds4.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:08 21,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\plc4.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:16:42 142 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\platform.ini.vir
2013-01-11 22:36:50 . 2012-06-14 21:47:02 7,704,173 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\omni.ja.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:06 92,640 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\nssutil3.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:06 95,712 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\nssdbm3.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:06 478 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\nssdbm3.chk.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:04 358,368 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\nssckbi.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:18:02 637,920 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\nss3.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:17:58 170,464 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\nspr4.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:16:42 770,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\msvcr100.dll.vir
2013-01-11 22:36:50 . 2012-06-14 21:16:42 421,200 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\msvcp100.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:58 829,920 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\mozsqlite3.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:54 2,042,848 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\mozjs.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:50 43,488 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\mozglue.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:48 16,352 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\mozalloc.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:48 157,608 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\maintenanceservice_installer.exe.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:46 113,120 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\maintenanceservice.exe.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:44 418,784 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\libGLESv2.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:42 79,840 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\libEGL.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:40 624,608 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\gkmedias.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:38 258,528 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\freebl3.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:38 478 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\freebl3.chk.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:36 913,888 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\firefox.exe.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:52 9,303 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:52 1,112 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:52 2,185 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:40 130 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\dependentlibs.list.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:56 135 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\defaults\pref\channel-prefs.js.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:48 1,998,168 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\d3dx9_43.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:48 2,106,216 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\D3DCompiler_43.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:46:32 4,284 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\crashreporter.ini.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:34 117,728 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\crashreporter.exe.vir
2013-01-11 22:36:49 . 2012-06-14 21:46:32 706 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\crashreporter-override.ini.vir
2013-01-11 22:36:49 . 2012-06-14 21:19:06 85,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\components\browsercomps.dll.vir
2013-01-11 22:36:49 . 2012-06-14 21:46:56 34 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\components\binary.manifest.vir
2013-01-11 22:36:49 . 2012-06-14 21:47:02 36 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\chrome.manifest.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:42 10,326 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\blocklist.xml.vir
2013-01-11 22:36:49 . 2012-06-14 21:16:42 463 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\application.ini.vir
2013-01-11 22:36:49 . 2012-06-14 21:17:32 18,912 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Firefox\AccessibleMarshal.dll.vir
2013-01-11 22:36:49 . 2006-09-15 03:58:28 52 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\DefaultData\settings\FirefoxPortableSettings.ini.vir
2013-01-11 22:36:49 . 2009-06-30 16:08:06 603 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\DefaultData\profile\prefs.js.vir
2013-01-11 22:36:49 . 2010-09-23 03:45:08 8,083 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\DefaultData\profile\bookmarks.html.vir
2013-01-11 22:36:49 . 2005-05-12 21:54:00 63 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\DefaultData\plugins\plugins_readme.txt.vir
2013-01-11 22:36:48 . 2008-04-16 00:44:28 249,958 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\Bin\sqlite3.exe.vir
2013-01-11 22:36:48 . 2011-03-23 04:00:52 111 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\AppInfo\installer.ini.vir
2013-01-11 22:36:48 . 2012-06-16 13:36:56 903 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\AppInfo\appinfo.ini.vir
2013-01-11 22:36:48 . 2009-06-19 18:25:02 2,870 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\AppInfo\appicon_32.png.vir
2013-01-11 22:36:48 . 2009-06-19 18:24:58 910 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\AppInfo\appicon_16.png.vir
2013-01-11 22:36:48 . 2010-06-23 03:05:58 26,279 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\AppInfo\appicon_128.png.vir
2013-01-11 22:36:48 . 2009-06-19 18:25:08 22,486 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FF\App\AppInfo\appicon.ico.vir
2012-12-25 18:17:45 . 2012-12-25 18:17:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Yhytm\xohi.wyu.vir
2012-11-11 21:12:12 . 2012-11-11 21:12:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Haurhu\ecuxl.yro.vir
2012-11-07 15:58:56 . 2012-11-07 15:58:56 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2012-10-24 16:04:08 . 2012-10-24 16:04:08 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Wypuur\aflaw.lyi.vir
2011-10-30 14:46:48 . 2011-11-01 14:55:19 30 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\urhtps.tmp.vir
2011-10-29 20:46:27 . 2011-10-29 20:46:27 65 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\AcroIEHelpe.txt.vir
2011-10-29 20:46:20 . 2011-10-29 20:46:20 136 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\srvblck2.tmp.vir
2011-08-03 19:40:48 . 2011-08-03 19:40:48 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Eqow\reagi.cit.vir
2011-07-26 13:48:12 . 2011-07-26 13:48:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Asgym\yfupy.agq.vir
2011-05-18 12:02:53 . 2011-05-18 12:02:53 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Kuti\cyym.kox.vir
2011-03-08 19:17:46 . 2011-03-08 19:17:46 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Daabek\huiry.tet.vir
2011-02-11 21:23:34 . 2011-02-11 21:23:34 96,784 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir
2011-02-11 21:23:34 . 2011-02-11 21:23:34 53,299 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\pthreadVC.dll.vir
2011-02-11 21:23:34 . 2011-02-11 21:23:34 281,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir
2011-02-11 19:15:54 . 1998-10-21 17:43:04 328,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0407.exe.vir
2011-01-02 22:32:00 . 2011-01-02 23:17:58 121 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi.vir
2011-01-02 22:32:00 . 2011-01-02 23:17:58 906 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi.vir
2011-01-02 22:31:32 . 2011-01-02 23:17:58 105 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr.vir
2011-01-02 22:31:32 . 2011-01-02 23:17:58 13,721,600 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp.vir
2010-11-07 23:54:57 . 2010-11-07 23:54:59 36,864 ----a-w- C:\Qoobox\Quarantine\C\Users\Miriam\Documents\~WRL0005.tmp.vir
2010-08-02 00:53:24 . 2010-08-02 00:53:24 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\.#\MBX@1744@3B2770.###.vir
2010-08-02 00:53:22 . 2010-08-02 00:53:22 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Miriam\AppData\Roaming\.#\MBX@1744@3B2740.###.vir

Das ist das falsche Logfile.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Scan mit Combofix:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-06-15.01 - Miriam 16.06.2013  11:58:25.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3835.1868 [GMT 2:00]
ausgeführt von:: c:\users\Miriam\Pictures\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Miriam\AppData\Roaming\.#
c:\users\Miriam\AppData\Roaming\.#\MBX@1744@3B2740.###
c:\users\Miriam\AppData\Roaming\.#\MBX@1744@3B2770.###
c:\users\Miriam\AppData\Roaming\AcroIEHelpe.txt
c:\users\Miriam\AppData\Roaming\Asgym
c:\users\Miriam\AppData\Roaming\Asgym\yfupy.agq
c:\users\Miriam\AppData\Roaming\Daabek
c:\users\Miriam\AppData\Roaming\Daabek\huiry.tet
c:\users\Miriam\AppData\Roaming\Eqow
c:\users\Miriam\AppData\Roaming\Eqow\reagi.cit
c:\users\Miriam\AppData\Roaming\Haurhu
c:\users\Miriam\AppData\Roaming\Haurhu\ecuxl.yro
c:\users\Miriam\AppData\Roaming\Izaq
c:\users\Miriam\AppData\Roaming\Izaq\umkyw.ici
c:\users\Miriam\AppData\Roaming\Kuti
c:\users\Miriam\AppData\Roaming\Kuti\cyym.kox
c:\users\Miriam\AppData\Roaming\Local
c:\users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Miriam\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp
c:\users\Miriam\AppData\Roaming\srvblck2.tmp
c:\users\Miriam\AppData\Roaming\urhtps.tmp
c:\users\Miriam\AppData\Roaming\Wypuur
c:\users\Miriam\AppData\Roaming\Wypuur\aflaw.lyi
c:\users\Miriam\AppData\Roaming\Yhytm
c:\users\Miriam\AppData\Roaming\Yhytm\xohi.wyu
c:\users\Miriam\Documents\~WRL0005.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\ff
c:\windows\SysWow64\ff\App\AppInfo\appicon.ico
c:\windows\SysWow64\ff\App\AppInfo\appicon_128.png
c:\windows\SysWow64\ff\App\AppInfo\appicon_16.png
c:\windows\SysWow64\ff\App\AppInfo\appicon_32.png
c:\windows\SysWow64\ff\App\AppInfo\appinfo.ini
c:\windows\SysWow64\ff\App\AppInfo\installer.ini
c:\windows\SysWow64\ff\App\Bin\sqlite3.exe
c:\windows\SysWow64\ff\App\DefaultData\plugins\plugins_readme.txt
c:\windows\SysWow64\ff\App\DefaultData\profile\bookmarks.html
c:\windows\SysWow64\ff\App\DefaultData\profile\prefs.js
c:\windows\SysWow64\ff\App\DefaultData\settings\FirefoxPortableSettings.ini
c:\windows\SysWow64\ff\App\Firefox\AccessibleMarshal.dll
c:\windows\SysWow64\ff\App\Firefox\application.ini
c:\windows\SysWow64\ff\App\Firefox\blocklist.xml
c:\windows\SysWow64\ff\App\Firefox\chrome.manifest
c:\windows\SysWow64\ff\App\Firefox\components\binary.manifest
c:\windows\SysWow64\ff\App\Firefox\components\browsercomps.dll
c:\windows\SysWow64\ff\App\Firefox\crashreporter-override.ini
c:\windows\SysWow64\ff\App\Firefox\crashreporter.exe
c:\windows\SysWow64\ff\App\Firefox\crashreporter.ini
c:\windows\SysWow64\ff\App\Firefox\D3DCompiler_43.dll
c:\windows\SysWow64\ff\App\Firefox\d3dx9_43.dll
c:\windows\SysWow64\ff\App\Firefox\defaults\pref\channel-prefs.js
c:\windows\SysWow64\ff\App\Firefox\dependentlibs.list
c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
c:\windows\SysWow64\ff\App\Firefox\firefox.exe
c:\windows\SysWow64\ff\App\Firefox\freebl3.chk
c:\windows\SysWow64\ff\App\Firefox\freebl3.dll
c:\windows\SysWow64\ff\App\Firefox\gkmedias.dll
c:\windows\SysWow64\ff\App\Firefox\libEGL.dll
c:\windows\SysWow64\ff\App\Firefox\libGLESv2.dll
c:\windows\SysWow64\ff\App\Firefox\maintenanceservice.exe
c:\windows\SysWow64\ff\App\Firefox\maintenanceservice_installer.exe
c:\windows\SysWow64\ff\App\Firefox\mozalloc.dll
c:\windows\SysWow64\ff\App\Firefox\mozglue.dll
c:\windows\SysWow64\ff\App\Firefox\mozjs.dll
c:\windows\SysWow64\ff\App\Firefox\mozsqlite3.dll
c:\windows\SysWow64\ff\App\Firefox\msvcp100.dll
c:\windows\SysWow64\ff\App\Firefox\msvcr100.dll
c:\windows\SysWow64\ff\App\Firefox\nspr4.dll
c:\windows\SysWow64\ff\App\Firefox\nss3.dll
c:\windows\SysWow64\ff\App\Firefox\nssckbi.dll
c:\windows\SysWow64\ff\App\Firefox\nssdbm3.chk
c:\windows\SysWow64\ff\App\Firefox\nssdbm3.dll
c:\windows\SysWow64\ff\App\Firefox\nssutil3.dll
c:\windows\SysWow64\ff\App\Firefox\omni.ja
c:\windows\SysWow64\ff\App\Firefox\platform.ini
c:\windows\SysWow64\ff\App\Firefox\plc4.dll
c:\windows\SysWow64\ff\App\Firefox\plds4.dll
c:\windows\SysWow64\ff\App\Firefox\plugin-container.exe
c:\windows\SysWow64\ff\App\Firefox\precomplete
c:\windows\SysWow64\ff\App\Firefox\removed-files
c:\windows\SysWow64\ff\App\Firefox\searchplugins\amazondotcom-de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\bing.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\eBay-de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\google.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\leo_ende_de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\wikipedia-de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\yahoo-de.xml
c:\windows\SysWow64\ff\App\Firefox\smime3.dll
c:\windows\SysWow64\ff\App\Firefox\softokn3.chk
c:\windows\SysWow64\ff\App\Firefox\softokn3.dll
c:\windows\SysWow64\ff\App\Firefox\ssl3.dll
c:\windows\SysWow64\ff\App\Firefox\uninstall\helper.exe
c:\windows\SysWow64\ff\App\Firefox\update-settings.ini
c:\windows\SysWow64\ff\App\Firefox\updater.exe
c:\windows\SysWow64\ff\App\Firefox\updater.ini
c:\windows\SysWow64\ff\App\Firefox\xpcom.dll
c:\windows\SysWow64\ff\App\Firefox\xul.dll
c:\windows\SysWow64\ff\App\readme.txt
c:\windows\SysWow64\ff\Data\make.txt
c:\windows\SysWow64\ff\Data\open.txt
c:\windows\SysWow64\ff\Data\plugins\plugins_readme.txt
c:\windows\SysWow64\ff\Data\profile\blocklist.xml
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-10-03.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-10-12.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-10-13.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-03.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-06.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-09.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-10.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-11.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-28.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2012-11-30.json
c:\windows\SysWow64\ff\Data\profile\bookmarks.html
c:\windows\SysWow64\ff\Data\profile\cert8.db
c:\windows\SysWow64\ff\Data\profile\chromeappsstore.sqlite
c:\windows\SysWow64\ff\Data\profile\compatibility.ini
c:\windows\SysWow64\ff\Data\profile\content-prefs.sqlite
c:\windows\SysWow64\ff\Data\profile\cookies.sqlite
c:\windows\SysWow64\ff\Data\profile\downloads.sqlite
c:\windows\SysWow64\ff\Data\profile\extensions.ini
c:\windows\SysWow64\ff\Data\profile\extensions.sqlite
c:\windows\SysWow64\ff\Data\profile\extensions\firebug@software.joehewitt.com.xpi
c:\windows\SysWow64\ff\Data\profile\extensions\remote-control@morch.com.xpi
c:\windows\SysWow64\ff\Data\profile\firebug\annotations.json
c:\windows\SysWow64\ff\Data\profile\firebug\breakpoints.json
c:\windows\SysWow64\ff\Data\profile\formhistory.sqlite
c:\windows\SysWow64\ff\Data\profile\key3.db
c:\windows\SysWow64\ff\Data\profile\localstore-safe.rdf
c:\windows\SysWow64\ff\Data\profile\localstore.rdf
c:\windows\SysWow64\ff\Data\profile\mimeTypes.rdf
c:\windows\SysWow64\ff\Data\profile\OfflineCache\index.sqlite
c:\windows\SysWow64\ff\Data\profile\parent.lock
c:\windows\SysWow64\ff\Data\profile\permissions.sqlite
c:\windows\SysWow64\ff\Data\profile\places.sqlite
c:\windows\SysWow64\ff\Data\profile\pluginreg.dat
c:\windows\SysWow64\ff\Data\profile\prefs.js
c:\windows\SysWow64\ff\Data\profile\search.json
c:\windows\SysWow64\ff\Data\profile\search.sqlite
c:\windows\SysWow64\ff\Data\profile\secmod.db
c:\windows\SysWow64\ff\Data\profile\signons.sqlite
c:\windows\SysWow64\ff\Data\profile\startupCache\startupCache.4.little
c:\windows\SysWow64\ff\Data\profile\urlclassifier.pset
c:\windows\SysWow64\ff\Data\profile\urlclassifier3.sqlite
c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite
c:\windows\SysWow64\ff\Data\settings\FirefoxPortableSettings.ini
c:\windows\SysWow64\ff\FirefoxPortable.exe
c:\windows\SysWow64\ff\Fonts\aaaiight.ttf
c:\windows\SysWow64\ff\Fonts\abusive pencil.ttf
c:\windows\SysWow64\ff\Fonts\Acens.ttf
c:\windows\SysWow64\ff\Fonts\Acidic.TTF
c:\windows\SysWow64\ff\Fonts\adam.ttf
c:\windows\SysWow64\ff\Fonts\adamb.ttf
c:\windows\SysWow64\ff\Fonts\adambital.ttf
c:\windows\SysWow64\ff\Fonts\Aerosol.ttf
c:\windows\SysWow64\ff\Fonts\aggstock.ttf
c:\windows\SysWow64\ff\Fonts\AIFRAGME.TTF
c:\windows\SysWow64\ff\Fonts\AIRSTREA.TTF
c:\windows\SysWow64\ff\Fonts\airstrip.ttf
c:\windows\SysWow64\ff\Fonts\aladdin.ttf
c:\windows\SysWow64\ff\Fonts\Alias.ttf
c:\windows\SysWow64\ff\Fonts\All Star Resort.ttf
c:\windows\SysWow64\ff\Fonts\AlteHaasGroteskBold.ttf
c:\windows\SysWow64\ff\Fonts\Amerdcon.ttf
c:\windows\SysWow64\ff\Fonts\Android Nation.ttf
c:\windows\SysWow64\ff\Fonts\Anime Ace.ttf
c:\windows\SysWow64\ff\Fonts\beaswfte.ttf
c:\windows\SysWow64\ff\Fonts\Blambot Custom.ttf
c:\windows\SysWow64\ff\Fonts\Blambot Pro.ttf
c:\windows\SysWow64\ff\Fonts\city_burn.ttf
c:\windows\SysWow64\ff\Fonts\CNN.ttf
c:\windows\SysWow64\ff\Fonts\Colcothar.ttf
c:\windows\SysWow64\ff\Fonts\Damn Noisy Kids.ttf
c:\windows\SysWow64\ff\Fonts\Daredevil.ttf
c:\windows\SysWow64\ff\Fonts\DENSMORE.TTF
c:\windows\SysWow64\ff\Fonts\desperado.ttf
c:\windows\SysWow64\ff\Fonts\Detectives Inc.ttf
c:\windows\SysWow64\ff\Fonts\detroitghetto.ttf
c:\windows\SysWow64\ff\Fonts\devotion.ttf
c:\windows\SysWow64\ff\Fonts\dirtyheadline.ttf
c:\windows\SysWow64\ff\Fonts\Diskoboll.ttf
c:\windows\SysWow64\ff\Fonts\EARWIGFA.TTF
c:\windows\SysWow64\ff\Fonts\EDITION_.TTF
c:\windows\SysWow64\ff\Fonts\Ellianarelle s Path.ttf
c:\windows\SysWow64\ff\Fonts\EMPIREST.TTF
c:\windows\SysWow64\ff\Fonts\EpoXY_histoRy.ttf
c:\windows\SysWow64\ff\Fonts\ERTHQAKE.TTF
c:\windows\SysWow64\ff\Fonts\esp.ttf
c:\windows\SysWow64\ff\Fonts\EUROSWH.TTF
c:\windows\SysWow64\ff\Fonts\EVITA.TTF
c:\windows\SysWow64\ff\Fonts\FAREAST.TTF
c:\windows\SysWow64\ff\Fonts\fbsbltc.ttf
c:\windows\SysWow64\ff\Fonts\FerroRosso.ttf
c:\windows\SysWow64\ff\Fonts\Fiesta.ttf
c:\windows\SysWow64\ff\Fonts\fight.TTF
c:\windows\SysWow64\ff\Fonts\Findet Nemo.ttf
c:\windows\SysWow64\ff\Fonts\Flat Earth Scribe.ttf
c:\windows\SysWow64\ff\Fonts\friends good.ttf
c:\windows\SysWow64\ff\Fonts\GameCube.ttf
c:\windows\SysWow64\ff\Fonts\Ginga.ttf
c:\windows\SysWow64\ff\Fonts\Godzilla.ttf
c:\windows\SysWow64\ff\Fonts\GothicFlames.ttf
c:\windows\SysWow64\ff\Fonts\gothikka.ttf
c:\windows\SysWow64\ff\Fonts\Graffogie.ttf
c:\windows\SysWow64\ff\Fonts\groening.ttf
c:\windows\SysWow64\ff\Fonts\gyparody.ttf
c:\windows\SysWow64\ff\Fonts\halflife.ttf
c:\windows\SysWow64\ff\Fonts\Halo.ttf
c:\windows\SysWow64\ff\Fonts\HandSean.ttf
c:\windows\SysWow64\ff\Fonts\HARD_ROCK.ttf
c:\windows\SysWow64\ff\Fonts\Hellraiser SC.ttf
c:\windows\SysWow64\ff\Fonts\Hursheys.ttf
c:\windows\SysWow64\ff\Fonts\idiot.ttf
c:\windows\SysWow64\ff\Fonts\Impossible.ttf
c:\windows\SysWow64\ff\Fonts\in_my_head.ttf
c:\windows\SysWow64\ff\Fonts\Indianhotel.ttf
c:\windows\SysWow64\ff\Fonts\jandles.ttf
c:\windows\SysWow64\ff\Fonts\JaneAust.ttf
c:\windows\SysWow64\ff\Fonts\JerseyLetters.ttf
c:\windows\SysWow64\ff\Fonts\JungleRuff.ttf
c:\windows\SysWow64\ff\Fonts\kaileenw.ttf
c:\windows\SysWow64\ff\Fonts\karabine.ttf
c:\windows\SysWow64\ff\Fonts\Karate.ttf
c:\windows\SysWow64\ff\Fonts\Kitten Meat.ttf
c:\windows\SysWow64\ff\Fonts\Kittkat.ttf
c:\windows\SysWow64\ff\Fonts\Laine.TTF
c:\windows\SysWow64\ff\Fonts\Lazy.ttf
c:\windows\SysWow64\ff\Fonts\LEDLIGHT.ttf
c:\windows\SysWow64\ff\Fonts\Legothick.ttf
c:\windows\SysWow64\ff\Fonts\linkin.ttf
c:\windows\SysWow64\ff\Fonts\LinkinPark.ttf
c:\windows\SysWow64\ff\Fonts\lottepaperfang.ttf
c:\windows\SysWow64\ff\Fonts\maksukehoitus.ttf
c:\windows\SysWow64\ff\Fonts\manga_speak.ttf
c:\windows\SysWow64\ff\Fonts\MARK.TTF
c:\windows\SysWow64\ff\Fonts\Marlboc.ttf
c:\windows\SysWow64\ff\Fonts\Marlbow.ttf
c:\windows\SysWow64\ff\Fonts\Megadeth.ttf
c:\windows\SysWow64\ff\Fonts\meresre.ttf
c:\windows\SysWow64\ff\Fonts\morgenstern.ttf
c:\windows\SysWow64\ff\Fonts\N-Gage.ttf
c:\windows\SysWow64\ff\Fonts\NASALIZA.TTF
c:\windows\SysWow64\ff\Fonts\neon2.ttf
c:\windows\SysWow64\ff\Fonts\NEUROTOX.TTF
c:\windows\SysWow64\ff\Fonts\nevis.ttf
c:\windows\SysWow64\ff\Fonts\Orange Fizz.ttf
c:\windows\SysWow64\ff\Fonts\oreos.ttf
c:\windows\SysWow64\ff\Fonts\Origami.ttf
c:\windows\SysWow64\ff\Fonts\PaisleyCaps .ttf
c:\windows\SysWow64\ff\Fonts\Patches.ttf
c:\windows\SysWow64\ff\Fonts\pdark.ttf
c:\windows\SysWow64\ff\Fonts\Phorssa.ttf
c:\windows\SysWow64\ff\Fonts\Planet of the Apes.ttf
c:\windows\SysWow64\ff\Fonts\Playtoy.ttf
c:\windows\SysWow64\ff\Fonts\Pleiades.TTF
c:\windows\SysWow64\ff\Fonts\postoffice.ttf
c:\windows\SysWow64\ff\Fonts\Pozo.ttf
c:\windows\SysWow64\ff\Fonts\Prototype.ttf
c:\windows\SysWow64\ff\Fonts\Prozak.ttf
c:\windows\SysWow64\ff\Fonts\Pyromane.ttf
c:\windows\SysWow64\ff\Fonts\quake.TTF
c:\windows\SysWow64\ff\Fonts\Requiem.ttf
c:\windows\SysWow64\ff\Fonts\Resident Evil Large.ttf
c:\windows\SysWow64\ff\Fonts\retroRockPoster.ttf
c:\windows\SysWow64\ff\Fonts\ribbon.ttf
c:\windows\SysWow64\ff\Fonts\riesling.ttf
c:\windows\SysWow64\ff\Fonts\Rockit.ttf
c:\windows\SysWow64\ff\Fonts\romeo.ttf
c:\windows\SysWow64\ff\Fonts\Rounded.ttf
c:\windows\SysWow64\ff\Fonts\rzrarti.ttf
c:\windows\SysWow64\ff\Fonts\Scream Real.ttf
c:\windows\SysWow64\ff\Fonts\se7en.ttf
c:\windows\SysWow64\ff\Fonts\Searfont.ttf
c:\windows\SysWow64\ff\Fonts\shellhead.ttf
c:\windows\SysWow64\ff\Fonts\Sickness.ttf
c:\windows\SysWow64\ff\Fonts\sidewalk.ttf
c:\windows\SysWow64\ff\Fonts\Sin City.ttf
c:\windows\SysWow64\ff\Fonts\Sliced_Juice.ttf
c:\windows\SysWow64\ff\Fonts\Smallville1.ttf
c:\windows\SysWow64\ff\Fonts\Spirit Medium.ttf
c:\windows\SysWow64\ff\Fonts\splinter2.ttf
c:\windows\SysWow64\ff\Fonts\spongefont.ttf
c:\windows\SysWow64\ff\Fonts\stentiga.ttf
c:\windows\SysWow64\ff\Fonts\TAGSTER.TTF
c:\windows\SysWow64\ff\Fonts\Taste of steel.ttf
c:\windows\SysWow64\ff\Fonts\TERMINAT.TTF
c:\windows\SysWow64\ff\Fonts\the ring.ttf
c:\windows\SysWow64\ff\Fonts\the sixth sense.ttf
c:\windows\SysWow64\ff\Fonts\the_King__26_Queen_font.ttf
c:\windows\SysWow64\ff\Fonts\the_Poison.ttf
c:\windows\SysWow64\ff\Fonts\TheGodFather.ttf
c:\windows\SysWow64\ff\Fonts\tiza.ttf
c:\windows\SysWow64\ff\Fonts\tondo.ttf
c:\windows\SysWow64\ff\Fonts\tron.ttf
c:\windows\SysWow64\ff\Fonts\Trumania.ttf
c:\windows\SysWow64\ff\Fonts\Turok.ttf
c:\windows\SysWow64\ff\Fonts\ultimate MIDNIGHT.ttf
c:\windows\SysWow64\ff\Fonts\Umberto.ttf
c:\windows\SysWow64\ff\Fonts\Unreal.ttf
c:\windows\SysWow64\ff\Fonts\Uptown__.ttf
c:\windows\SysWow64\ff\Fonts\uwch.ttf
c:\windows\SysWow64\ff\Fonts\Vampiress.ttf
c:\windows\SysWow64\ff\Fonts\Varsity.ttf
c:\windows\SysWow64\ff\Fonts\vintage.ttf
c:\windows\SysWow64\ff\Fonts\walk_plank.ttf
c:\windows\SysWow64\ff\Fonts\weezerfont.ttf
c:\windows\SysWow64\ff\Fonts\WillyWonka.ttf
c:\windows\SysWow64\ff\Fonts\Xfiles.ttf
c:\windows\SysWow64\ff\Fonts\Yoshitoshi.ttf
c:\windows\SysWow64\ff\Fonts\Yukon Gold.ttf
c:\windows\SysWow64\ff\Fonts\zerogene.ttf
c:\windows\SysWow64\ff\help.html
c:\windows\SysWow64\ff\Other\Help\images\donation_button.png
c:\windows\SysWow64\ff\Other\Help\images\favicon.ico
c:\windows\SysWow64\ff\Other\Help\images\help_background_footer.png
c:\windows\SysWow64\ff\Other\Help\images\help_background_header.png
c:\windows\SysWow64\ff\Other\Help\images\help_logo_top.png
c:\windows\SysWow64\ff\Other\Source\AppSource.txt
c:\windows\SysWow64\ff\Other\Source\CheckForPlatformSplashDisable.nsh
c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.ini
c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.jpg
c:\windows\SysWow64\ff\Other\Source\FirefoxPortableU.nsi
c:\windows\SysWow64\ff\Other\Source\License.txt
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh
c:\windows\SysWow64\ff\Other\Source\ReadINIStrWithDefault.nsh
c:\windows\SysWow64\ff\Other\Source\Readme.txt
c:\windows\SysWow64\ff\Other\Source\ReplaceInFileWithTextReplace.nsh
c:\windows\SysWow64\ff\Other\Source\SetFileAttributesDirectoryNormal.nsh
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-16 bis 2013-06-16  ))))))))))))))))))))))))))))))
.
.
2013-06-15 22:54 . 2013-06-08 12:28	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-14 15:02 . 2013-06-16 09:57	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D43B92E7-1E82-47C2-A4B0-04139A4931B7}\offreg.dll
2013-06-14 13:19 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D43B92E7-1E82-47C2-A4B0-04139A4931B7}\mpengine.dll
2013-06-13 19:13 . 2013-06-13 19:13	--------	d-----w-	c:\program files\WinPcap
2013-06-13 19:12 . 2013-06-16 09:32	--------	d-----w-	c:\programdata\Rabatt-Finder
2013-06-13 00:56 . 2013-05-17 00:59	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-12 15:44 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 15:44 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 15:44 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 15:44 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 15:44 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 15:44 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-12 15:44 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 15:43 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 15:43 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 15:43 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 15:43 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 15:43 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 15:43 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 15:43 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 15:43 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-12 15:43 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 15:43 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-12 15:43 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-12 15:43 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 07:29 . 2013-06-13 06:36	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 11:00 . 2013-06-11 11:00	--------	d-----w-	c:\program files\CCleaner
2013-06-11 09:34 . 2013-06-11 09:34	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Malwarebytes
2013-06-11 09:34 . 2013-06-11 09:34	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-11 09:34 . 2013-06-11 09:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-11 09:34 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-05 22:30 . 2013-06-11 12:55	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Ucuqdi
2013-06-05 22:30 . 2013-06-11 12:41	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Ymqa
2013-06-05 22:30 . 2013-06-05 22:30	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Axynox
2013-06-05 19:11 . 2013-06-05 19:11	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Unity
2013-06-01 11:24 . 2013-06-01 11:24	--------	d-----w-	c:\program files (x86)\Zoodles
2013-05-31 13:03 . 2013-05-31 13:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-31 13:03 . 2013-05-31 13:03	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-31 13:02 . 2013-05-31 13:02	--------	d-----w-	c:\program files (x86)\QuickTime
2013-05-28 21:36 . 2013-06-10 05:45	--------	d-----w-	c:\users\Miriam\AppData\Roaming\AutoBinaryEA
2013-05-28 12:23 . 2013-05-28 09:08	708168	----a-w-	c:\program files (x86)\57Uninstall Marine Aquarium Lite.dll
2013-05-28 12:23 . 2013-05-28 09:08	186768	----a-w-	c:\program files (x86)\57res.dll
2013-05-28 09:12 . 2013-05-28 16:46	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Marine Aquarium Lite
2013-05-22 19:52 . 2013-05-22 15:52	708168	----a-w-	c:\program files (x86)\65Uninstall FromDocToPDF.dll
2013-05-22 19:52 . 2013-05-22 15:52	186752	----a-w-	c:\program files (x86)\65res.dll
2013-05-22 14:46 . 2013-05-22 14:46	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 06:36 . 2012-03-30 09:34	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 06:36 . 2011-05-14 09:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 00:57 . 2010-08-04 14:59	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-01 09:55 . 2013-01-11 22:35	139264	----a-w-	c:\windows\SysWow64\r_unzip.exe
2013-05-07 14:39 . 2013-05-07 14:39	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-09-15 14:05	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 14:59	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:59	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:59	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:59	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:59	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:59	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:11	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:59	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:59	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:59	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-05 22:09 . 2013-04-05 22:09	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-05 22:09 . 2013-04-05 22:09	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-05 22:09 . 2013-04-05 22:09	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-05 22:09 . 2013-04-05 22:09	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 22:09 . 2013-04-05 22:09	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 22:09 . 2013-04-05 22:09	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 22:09 . 2013-04-05 22:09	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-05 22:09 . 2013-04-05 22:09	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-05 22:09 . 2013-04-05 22:09	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-05 22:09 . 2013-04-05 22:09	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-05 22:09 . 2013-04-05 22:09	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-05 22:09 . 2013-04-05 22:09	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-05 22:09 . 2013-04-05 22:09	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-05 22:09 . 2013-04-05 22:09	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 22:09 . 2013-04-05 22:09	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-05 22:09 . 2013-04-05 22:09	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-05 22:09 . 2013-04-05 22:09	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-05 22:09 . 2013-04-05 22:09	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-05 22:09 . 2013-04-05 22:09	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-05 22:09 . 2013-04-05 22:09	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-05 22:09 . 2013-04-05 22:09	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-05 22:09 . 2013-04-05 22:09	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-05 22:09 . 2013-04-05 22:09	441856	----a-w-	c:\windows\system32\html.iec
2013-04-05 22:09 . 2013-04-05 22:09	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-05 22:09 . 2013-04-05 22:09	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-05 22:09 . 2013-04-05 22:09	235008	----a-w-	c:\windows\system32\url.dll
2013-04-05 22:09 . 2013-04-05 22:09	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-05 22:09 . 2013-04-05 22:09	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-05 22:09 . 2013-04-05 22:09	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-05 22:09 . 2013-04-05 22:09	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-05 22:09 . 2013-04-05 22:09	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-05 22:09 . 2013-04-05 22:09	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-05 22:09 . 2013-04-05 22:09	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-05 22:09 . 2013-04-05 22:09	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-05 22:09 . 2013-04-05 22:09	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-05 22:09 . 2013-04-05 22:09	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-05 22:09 . 2013-04-05 22:09	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-05 22:09 . 2013-04-05 22:09	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-05 22:09 . 2013-04-05 22:09	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 22:09 . 2013-04-05 22:09	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-05 22:09 . 2013-04-05 22:09	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-05 22:09 . 2013-04-05 22:09	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-05 22:09 . 2013-04-05 22:09	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-05 22:09 . 2013-04-05 22:09	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-05 22:09 . 2013-04-05 22:09	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-05 22:09 . 2013-04-05 22:09	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-05 22:09 . 2013-04-05 22:09	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-05 22:09 . 2013-04-05 22:09	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-05 22:09 . 2013-04-05 22:09	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 16:20 . 2013-03-29 16:21	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 16:20 . 2013-03-29 16:21	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-29 16:20 . 2013-03-29 16:21	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-10 11:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 14:59	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 14:59	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-10 11:04	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:04	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:04	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8015C430-448C-4003-A969-274F7F0F2D9C}]
2010-05-03 19:44	269824	----a-w-	c:\users\Miriam\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d28c7e56-2cc6-415c-8727-d71334085926}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{d28c7e56-2cc6-415c-8727-d71334085926}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winxd"="-autorun" [X]
"mixerll"="-autorun" [X]
"winda"="-autorun" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AviraSpeedup"="c:\program files (x86)\AviraSpeedup\AviraSpeedup.exe" [2012-11-05 4856296]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-06-05 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
20Dollars2Surf.lnk - c:\program files (x86)\20Dollars2Surf\20dollars2surf.exe [2013-3-11 89088]
GomezPEER.lnk - c:\program files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe [2012-8-30 73728]
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 6.1 HD Lite\PHOTOfunSTUDIO.exe" [2012-3-19 174064]
Rabatt-Finder.lnk - c:\programdata\Rabatt-Finder\Main.exe [2013-4-16 3528704]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
2;2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiscountfinderService;DiscountfinderService;c:\programdata\Rabatt-Finder\DFService.exe;c:\programdata\Rabatt-Finder\DFService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 Rent Update;Rent Update;C:/Windows/Rent/Update.exe;C:/Windows/Rent/Update.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
S2 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-07-14 01:14	126464	----a-w-	c:\windows\System32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 12:56	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:27]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 21:54]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 21:54]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675796249-760909249-3719910868-1000Core.job
- c:\users\Miriam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 20:51]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675796249-760909249-3719910868-1000UA.job
- c:\users\Miriam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 20:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=60ca0d2b0000000000007edd08df3966
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\
FF - prefs.js: browser.search.selectedEngine - qipu
FF - prefs.js: browser.startup.homepage - hxxp://www.tixuma.de/|about:newtab
FF - ExtSQL: 2013-05-30 12:24; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - ExtSQL: 2013-06-06 00:03; {fae08409-991d-414c-8113-68f37760339a}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{fae08409-991d-414c-8113-68f37760339a}.xpi
FF - ExtSQL: 2013-06-06 00:03; {e411bb40-b04c-11d8-92e7-00d09e0179f2}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}.xpi
FF - ExtSQL: 2013-06-06 00:03; toolbar@qipu.de; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\toolbar@qipu.de.xpi
FF - ExtSQL: 2013-06-06 00:03; toolbar-ff@payback.de; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\toolbar-ff@payback.de.xpi
FF - ExtSQL: 2013-06-06 00:03; ebesucher-surfbar@kashiif.com; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\ebesucher-surfbar@kashiif.com.xpi
FF - ExtSQL: 2013-06-11 22:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-11 22:17; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-13 11:45; plugin@andasa.de; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\plugin@andasa.de
FF - ExtSQL: 2013-06-14 15:08; discountfinder@moneymillionaire.com; c:\programdata\Rabatt-Finder\FFExtension20130613211443
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]
"ImagePath"="C:/Windows/Rent/Update.exe"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]
"ImagePath"="C:/Windows/Rent/Update.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\SysWow64\perfhost.exe
c:\windows\Rent\Update.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\Rent\Rent.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-16  12:20:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-16 10:20
.
Vor Suchlauf: 12 Verzeichnis(se), 428.085.280.768 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 427.440.410.624 Bytes frei
.
- - End Of File - - 4D32771F8A0E6C9C8FDC31E9DD0BCBF0
A36C5E4F47E84449FF07ED3517B43A31
         

Zwischenfrage:
Was ist 20dollar surf und rabatte finder?

Danach:

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

• Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
• Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
• Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
• Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
  
  
  

  Code: Alles auswählenAufklappen

  ATTFilter

  Folder::
  c:\users\Miriam\AppData\Roaming\Ucuqdi
  c:\users\Miriam\AppData\Roaming\Ymqa
  c:\users\Miriam\AppData\Roaming\Axynox
           

• Speichere dies als CFScript.txt auf deinem Desktop.
• Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
• Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  
  
• Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
  Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

20Dollars2Surf ist eine Cashbar mit der man Geld verdienen kann! (hxxp://de.20dollars2surf.com/?ref=674149)

Rabatt-Finder ist eine Servicebar, die von MoneyMillionär angeboten wird, um beim 0nlineShoppen Geld zu sparen! (https://www.moneymillionar.de/234414)

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-06-15.01 - Miriam 16.06.2013  22:27:53.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3835.2363 [GMT 2:00]
ausgeführt von:: c:\users\Miriam\Pictures\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Miriam\Documents\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Miriam\AppData\Roaming\Axynox
c:\users\Miriam\AppData\Roaming\Axynox\ebuxa.una
c:\users\Miriam\AppData\Roaming\Ucuqdi
c:\users\Miriam\AppData\Roaming\Ymqa
c:\users\Miriam\AppData\Roaming\Ymqa\zoez.hou
c:\users\Miriam\AppData\Roaming\Ymqa\zoez.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-16 bis 2013-06-16  ))))))))))))))))))))))))))))))
.
.
2013-06-16 20:41 . 2013-06-16 20:41	0	----a-w-	c:\windows\SysWow64\shoED75.tmp
2013-06-16 20:39 . 2013-06-16 20:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-14 15:02 . 2013-06-16 16:44	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D43B92E7-1E82-47C2-A4B0-04139A4931B7}\offreg.dll
2013-06-14 13:19 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D43B92E7-1E82-47C2-A4B0-04139A4931B7}\mpengine.dll
2013-06-13 19:13 . 2013-06-13 19:13	--------	d-----w-	c:\program files\WinPcap
2013-06-13 19:12 . 2013-06-16 09:32	--------	d-----w-	c:\programdata\Rabatt-Finder
2013-06-13 00:56 . 2013-05-17 00:59	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-12 15:44 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 15:44 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 15:44 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 15:44 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 15:44 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 15:44 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-12 15:44 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 15:43 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 15:43 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 15:43 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 15:43 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 15:43 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 15:43 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 15:43 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 15:43 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-12 15:43 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 15:43 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-12 15:43 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-12 15:43 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 07:29 . 2013-06-13 06:36	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 11:00 . 2013-06-11 11:00	--------	d-----w-	c:\program files\CCleaner
2013-06-11 09:34 . 2013-06-11 09:34	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Malwarebytes
2013-06-11 09:34 . 2013-06-11 09:34	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-11 09:34 . 2013-06-11 09:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-11 09:34 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-05 19:11 . 2013-06-05 19:11	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Unity
2013-06-01 11:24 . 2013-06-01 11:24	--------	d-----w-	c:\program files (x86)\Zoodles
2013-05-31 13:03 . 2013-05-31 13:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-31 13:03 . 2013-05-31 13:03	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-31 13:03 . 2013-05-31 13:02	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-31 13:02 . 2013-05-31 13:02	--------	d-----w-	c:\program files (x86)\QuickTime
2013-05-28 21:36 . 2013-06-10 05:45	--------	d-----w-	c:\users\Miriam\AppData\Roaming\AutoBinaryEA
2013-05-28 12:23 . 2013-05-28 09:08	708168	----a-w-	c:\program files (x86)\57Uninstall Marine Aquarium Lite.dll
2013-05-28 12:23 . 2013-05-28 09:08	186768	----a-w-	c:\program files (x86)\57res.dll
2013-05-28 09:12 . 2013-05-28 16:46	--------	d-----w-	c:\users\Miriam\AppData\Roaming\Marine Aquarium Lite
2013-05-22 19:52 . 2013-05-22 15:52	708168	----a-w-	c:\program files (x86)\65Uninstall FromDocToPDF.dll
2013-05-22 19:52 . 2013-05-22 15:52	186752	----a-w-	c:\program files (x86)\65res.dll
2013-05-22 14:46 . 2013-05-22 14:46	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 06:36 . 2012-03-30 09:34	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 06:36 . 2011-05-14 09:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 00:57 . 2010-08-04 14:59	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-01 09:55 . 2013-01-11 22:35	139264	----a-w-	c:\windows\SysWow64\r_unzip.exe
2013-05-07 14:39 . 2013-05-07 14:39	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-09-15 14:05	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 14:59	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:59	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:59	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:59	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:59	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:59	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:11	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:59	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:59	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:59	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-05 22:09 . 2013-04-05 22:09	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-05 22:09 . 2013-04-05 22:09	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-05 22:09 . 2013-04-05 22:09	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-05 22:09 . 2013-04-05 22:09	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 22:09 . 2013-04-05 22:09	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 22:09 . 2013-04-05 22:09	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 22:09 . 2013-04-05 22:09	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-05 22:09 . 2013-04-05 22:09	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-05 22:09 . 2013-04-05 22:09	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-05 22:09 . 2013-04-05 22:09	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-05 22:09 . 2013-04-05 22:09	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-05 22:09 . 2013-04-05 22:09	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-05 22:09 . 2013-04-05 22:09	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-05 22:09 . 2013-04-05 22:09	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 22:09 . 2013-04-05 22:09	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-05 22:09 . 2013-04-05 22:09	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-05 22:09 . 2013-04-05 22:09	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-05 22:09 . 2013-04-05 22:09	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-05 22:09 . 2013-04-05 22:09	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-05 22:09 . 2013-04-05 22:09	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-05 22:09 . 2013-04-05 22:09	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-05 22:09 . 2013-04-05 22:09	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-05 22:09 . 2013-04-05 22:09	441856	----a-w-	c:\windows\system32\html.iec
2013-04-05 22:09 . 2013-04-05 22:09	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-05 22:09 . 2013-04-05 22:09	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-05 22:09 . 2013-04-05 22:09	235008	----a-w-	c:\windows\system32\url.dll
2013-04-05 22:09 . 2013-04-05 22:09	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-05 22:09 . 2013-04-05 22:09	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-05 22:09 . 2013-04-05 22:09	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-05 22:09 . 2013-04-05 22:09	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-05 22:09 . 2013-04-05 22:09	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-05 22:09 . 2013-04-05 22:09	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-05 22:09 . 2013-04-05 22:09	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-05 22:09 . 2013-04-05 22:09	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-05 22:09 . 2013-04-05 22:09	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-05 22:09 . 2013-04-05 22:09	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-05 22:09 . 2013-04-05 22:09	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-05 22:09 . 2013-04-05 22:09	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-05 22:09 . 2013-04-05 22:09	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 22:09 . 2013-04-05 22:09	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-05 22:09 . 2013-04-05 22:09	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-05 22:09 . 2013-04-05 22:09	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-05 22:09 . 2013-04-05 22:09	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-05 22:09 . 2013-04-05 22:09	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-05 22:09 . 2013-04-05 22:09	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-05 22:09 . 2013-04-05 22:09	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-05 22:09 . 2013-04-05 22:09	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-05 22:09 . 2013-04-05 22:09	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-05 22:09 . 2013-04-05 22:09	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 16:20 . 2013-03-29 16:21	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 16:20 . 2013-03-29 16:21	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-29 16:20 . 2013-03-29 16:21	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-10 11:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 14:59	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 14:59	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-10 11:04	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:04	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:04	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8015C430-448C-4003-A969-274F7F0F2D9C}]
2010-05-03 19:44	269824	----a-w-	c:\users\Miriam\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d28c7e56-2cc6-415c-8727-d71334085926}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{d28c7e56-2cc6-415c-8727-d71334085926}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winxd"="-autorun" [X]
"mixerll"="-autorun" [X]
"winda"="-autorun" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AviraSpeedup"="c:\program files (x86)\AviraSpeedup\AviraSpeedup.exe" [2012-11-05 4856296]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-06-05 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
20Dollars2Surf.lnk - c:\program files (x86)\20Dollars2Surf\20dollars2surf.exe [2013-3-11 89088]
GomezPEER.lnk - c:\program files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe [2012-8-30 73728]
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 6.1 HD Lite\PHOTOfunSTUDIO.exe" [2012-3-19 174064]
Rabatt-Finder.lnk - c:\programdata\Rabatt-Finder\Main.exe [2013-4-16 3528704]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
2;2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiscountfinderService;DiscountfinderService;c:\programdata\Rabatt-Finder\DFService.exe;c:\programdata\Rabatt-Finder\DFService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 Rent Update;Rent Update;C:/Windows/Rent/Update.exe;C:/Windows/Rent/Update.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
S2 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NPF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-07-14 01:14	126464	----a-w-	c:\windows\System32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 12:56	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:27]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 21:54]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 21:54]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675796249-760909249-3719910868-1000Core.job
- c:\users\Miriam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 20:51]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675796249-760909249-3719910868-1000UA.job
- c:\users\Miriam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 20:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=60ca0d2b0000000000007edd08df3966
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\
FF - prefs.js: browser.search.selectedEngine - qipu
FF - prefs.js: browser.startup.homepage - hxxp://www.tixuma.de/|about:newtab
FF - ExtSQL: 2013-05-30 12:24; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - ExtSQL: 2013-06-06 00:03; {fae08409-991d-414c-8113-68f37760339a}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{fae08409-991d-414c-8113-68f37760339a}.xpi
FF - ExtSQL: 2013-06-06 00:03; {e411bb40-b04c-11d8-92e7-00d09e0179f2}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}.xpi
FF - ExtSQL: 2013-06-06 00:03; toolbar@qipu.de; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\toolbar@qipu.de.xpi
FF - ExtSQL: 2013-06-06 00:03; toolbar-ff@payback.de; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\toolbar-ff@payback.de.xpi
FF - ExtSQL: 2013-06-06 00:03; ebesucher-surfbar@kashiif.com; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\ebesucher-surfbar@kashiif.com.xpi
FF - ExtSQL: 2013-06-11 22:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-11 22:17; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-13 11:45; plugin@andasa.de; c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\fvnv45ed.default-1370468600305\extensions\plugin@andasa.de
FF - ExtSQL: 2013-06-14 15:08; discountfinder@moneymillionaire.com; c:\programdata\Rabatt-Finder\FFExtension20130613211443
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]
"ImagePath"="C:/Windows/Rent/Update.exe"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rent Update]
"ImagePath"="C:/Windows/Rent/Update.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\SysWow64\perfhost.exe
c:\windows\Rent\Update.exe
c:\windows\Rent\Rent.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-16  22:50:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-16 20:50
.
Vor Suchlauf: 14 Verzeichnis(se), 427.869.069.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 427.257.815.040 Bytes frei
.
- - End Of File - - 736ED959AADF3F6DA3F1188CFF390DCE
A36C5E4F47E84449FF07ED3517B43A31
         

Und die Tatsache, dass man da dein Surfverhalten ausspioniert, ist dabei egal? Ich frage nur, weil wir hier Malware beseitigen, die eigentlich genau das Gleiche macht ...