Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sm.de und Delta-Search beim Laden von Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2013, 17:13   #1
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Hallo liebe Trojaner,
nachdem ich einen Artikel über die Beseitigung von delta-search durchgearbeitet hatte, wende ich mich nun doch an euch, da ich das Problem leider nicht alleine beseitigen konnte.
Das automatische Laden von Sm.de und delta-Search tritt nur unter Chrome auf.
Ich habe die gewünschten Text-Dateien: OLT.txt, Extra.txt und Gmer.txt beigefügt.

OTL:
Code:
ATTFilter
OTL logfile created on: 16.06.2013 15:13:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arbeitskonto Bernd\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,96% Memory free
4,00 Gb Paging File | 2,35 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 97,09 Gb Free Space | 66,32% Space Free | Partition Type: NTFS
Drive F: | 226,12 Gb Total Space | 225,97 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive G: | 465,65 Gb Total Space | 395,94 Gb Free Space | 85,03% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 254,29 Gb Free Space | 54,60% Space Free | Partition Type: NTFS
 
Computer Name: BERNDS-PC | User Name: Bernd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 15:08:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arbeitskonto Bernd\Downloads\OTL.exe
PRC - [2013.06.05 21:31:36 | 012,418,400 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSync.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012.08.15 14:50:54 | 006,054,824 | ---- | M] (Kaspersky Lab) -- C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.03 14:29:10 | 003,400,600 | ---- | M] (ashampoo GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.08.30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll
MOD - [2012.08.30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll
MOD - [2012.08.30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll
MOD - [2012.08.30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll
MOD - [2012.08.30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll
MOD - [2012.08.30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll
MOD - [2012.08.30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.03 14:29:16 | 000,042,904 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\MouseHook.dll
MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 17:23:24 | 000,916,992 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.13 20:42:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.31 09:58:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.26 13:25:07 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.21 01:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 01:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.13 12:40:54 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013.01.30 13:11:50 | 000,347,904 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sscbfs3.sys -- (SSCBFS3)
DRV:64bit: - [2013.01.03 10:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 12:31:04 | 000,177,152 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu1x64.sys -- (cxbu1x64)
DRV:64bit: - [2011.11.03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.10.20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.04 18:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.12.14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009.12.14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009.11.24 18:33:50 | 000,028,264 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.26 15:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.08 21:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{54C92EDA-8FEF-42B8-9369-606684135B64}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=23A8E1C8-D151-4C13-918F-1FDFD816A9D8&apn_sauid=B0C19447-0D10-4A4A-B143-39F55CD828F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.05.09 10:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.05.13 12:42:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.05.13 12:42:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.05.13 12:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 10:14:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 19:15:23 | 000,000,000 | ---D | M]
 
[2012.09.26 13:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions
[2013.05.20 12:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\wuk9gph8.default\extensions
[2013.05.20 12:53:55 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\wuk9gph8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.31 09:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.31 09:58:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.09 10:51:13 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2013.02.25 05:55:08 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\plugin/npUrlAdvisor.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Google Docs = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Logitech SetPoint = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Google Mail = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\RunOnce: [*ForceDelete] C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - HKCU..\RunOnce: [SyncAppRunOnce] C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F941680-2485-4E9B-8964-6CE87202091A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED5F535-8115-466B-8126-D6B81EB2C246}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 15:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2013.06.06 15:58:23 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Apple
[2013.06.06 15:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.06.06 15:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 15:12:06 | 000,000,000 | ---- | M] () -- C:\Users\Bernd\defogger_reenable
[2013.06.16 15:03:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.16 15:03:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.16 15:03:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.16 14:57:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003UA.job
[2013.06.16 14:51:15 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 14:51:15 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 14:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.14 14:03:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003Core.job
[2013.06.08 09:29:23 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.08 09:29:23 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.08 09:29:23 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.08 09:29:23 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.08 09:29:23 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.07 09:11:12 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.06 19:02:30 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013.05.29 13:44:16 | 000,000,560 | ---- | M] () -- C:\Windows\ulead32.ini
[2013.05.18 12:50:41 | 001,589,618 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2013.06.16 15:12:06 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\defogger_reenable
[2013.06.06 15:59:58 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013.06.06 15:59:58 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2013.06.06 15:58:19 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.05.17 19:17:02 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.17 22:17:39 | 000,000,188 | ---- | C] () -- C:\ProgramData\.vslscantool_path
[2013.03.04 19:07:52 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013.03.04 18:43:26 | 000,000,105 | R--- | C] () -- C:\ProgramData\Ppster.ini
[2013.03.04 18:35:53 | 000,844,288 | ---- | C] () -- C:\Windows\RmTablet.exe
[2013.02.11 11:28:24 | 000,000,033 | ---- | C] () -- C:\Users\Bernd\.STICK_TYP_VOREINSTELLUNG
[2013.01.27 15:29:23 | 000,003,584 | ---- | C] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.24 18:54:09 | 000,000,755 | ---- | C] () -- C:\Users\Bernd\AppData\Local\recently-used.xbel
[2012.09.27 13:26:00 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.09.26 10:05:25 | 000,000,560 | ---- | C] () -- C:\Windows\ulead32.ini
[2012.09.25 16:56:04 | 000,017,408 | ---- | C] () -- C:\Users\Bernd\AppData\Local\WebpageIcons.db
[2010.05.05 12:25:54 | 000,089,816 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Elster-Bar.bmp
[2009.06.15 15:39:34 | 000,324,137 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\elster_1001.jpg
[2009.06.15 15:39:34 | 000,275,898 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Bitmapwhite.bmp
[2009.06.15 15:39:34 | 000,174,680 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\ELSTER.bmp
[2009.06.15 15:39:34 | 000,174,678 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\ELSTER.orig.bmp
[2009.06.15 15:39:34 | 000,127,002 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\offen0.jpg
[2009.06.15 15:39:34 | 000,109,477 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Nutzungsbedingungen GuDMW SW deutsch.rtf
[2009.06.15 15:39:34 | 000,009,352 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\ST-GuDStarSignUSBTokenfuerELSTER.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.05 10:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\capella-software
[2013.04.30 21:35:20 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\CloudSync
[2012.09.27 20:10:30 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Dropbox
[2013.01.27 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\DVDVideoSoft
[2013.02.12 16:37:00 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\eBookConverter
[2013.01.24 17:50:52 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\inkscape
[2013.05.09 10:52:26 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Leadertech
[2013.05.15 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Notepad++
[2013.01.29 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Nvu
[2012.10.03 09:02:30 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\OpenOffice.org
[2012.11.06 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Orbit
[2012.09.26 09:34:37 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Ordner HP Share-to-Web
[2012.12.31 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\SolidDocuments
[2012.09.25 17:13:36 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Thunderbird
[2013.04.29 13:52:58 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
Extra:
Code:
ATTFilter
OTL Extras logfile created on: 16.06.2013 15:13:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arbeitskonto Bernd\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,96% Memory free
4,00 Gb Paging File | 2,35 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 97,09 Gb Free Space | 66,32% Space Free | Partition Type: NTFS
Drive F: | 226,12 Gb Total Space | 225,97 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive G: | 465,65 Gb Total Space | 395,94 Gb Free Space | 85,03% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 254,29 Gb Free Space | 54,60% Space Free | Partition Type: NTFS
 
Computer Name: BERNDS-PC | User Name: Bernd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B00AA4-634B-486D-99F7-FAC09FD0F5FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0D193E47-6CF5-4484-824D-42948EFE9966}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D59DA52-D888-4525-8778-C1D481E8C322}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16DEA1AF-078B-46B7-8C0A-A133D9D72551}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{191C8993-3FA3-4A17-B282-897B631556E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{24A7148A-C8CF-4121-8298-5AABEFCC2F00}" = rport=445 | protocol=6 | dir=out | app=system | 
"{293491EA-A7F3-48F9-9F55-C901F47C4AB1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31C79781-871D-4ACD-A4F2-95A73D532280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33567C6E-4768-4A91-B66E-0AD26BC812CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50FA527D-4C17-451C-866B-0B556C62F71B}" = lport=7682 | protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe edge inspect\edgeinspect.exe | 
"{555A155A-7720-470E-911F-E9C6B977BE45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C9F5DEA-069D-47EF-8DC6-7145C90A3B00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8EA618ED-8FFE-4CAC-B035-2E55C9A653D7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9A75E881-437E-472E-B739-E8BE161ED086}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B306A6F4-283B-49D1-ACFB-1202B34DEDC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B674F553-BDFF-434E-9988-9AEC18BF9C7F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B9017B44-5B50-4507-B474-163C856F0269}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BB5FE97D-3770-44A2-8992-B5232E9D0533}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CACD059D-E3A5-4074-B93D-50CB083E74AE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DBBC0677-F44D-48B8-965C-ED6817A7157F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E578A58B-9A66-4343-BEE3-21EF160029F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E694BD13-E8D3-442A-879A-5E7CCF7714BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF9AE0A9-749B-4FE5-8DF8-ED4C2FF2A4FC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F91D5449-3877-4DDA-87B9-CCDA0C871727}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01102596-C954-4E86-8FED-AEA4071C4EB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{056ECCB7-F4EA-4307-BCFC-A79E09F7933C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BD88ABE-228D-4D20-81E5-1429904D0F17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A5E8DA2-41BB-4320-9E99-EEFDF275C78F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41457AA9-B8CF-4562-8289-CA1718A35DD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A546A85-8A74-406F-8A4C-8061B7CD5B4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E97E75C-927F-4509-8CA5-DB307DF074DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{60AD63EF-70A0-42D8-A9D4-0F1E40BDCB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{673DC34C-5A1A-43B9-8AAA-6E9636DC5169}" = protocol=17 | dir=in | app=c:\users\arbeitskonto bernd\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7AB12026-FA91-4330-8011-251C7BE30407}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7D441278-661D-4DCE-876D-1E7CC43FDAC5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9321E47E-BDEF-49E5-8933-6CD15CC85DD0}" = protocol=6 | dir=out | app=system | 
"{96FA182E-D3B9-4F63-8C43-912D324A36F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9E1B576E-D1EC-4214-A04E-57913926F3FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A070D9E2-7A77-45E9-A227-020FAF053EFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1B8E376-23F2-4C2E-A0E1-E6C6B6531E7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A34C7782-EA47-4263-851D-798ABE5A0223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A50269D7-C0A8-418C-93FA-8D25C59EDFF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B52F46BE-8F3E-412A-82A5-6CF2041FE3E1}" = protocol=6 | dir=in | app=c:\users\arbeitskonto bernd\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C1A6C400-3AA3-448E-A376-23479B61D6F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C6DE05A2-329A-4AA9-912C-5177018D2B48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F02685BB-0AED-486F-9989-F38D0BF706B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F5405B02-6EE6-4C93-996D-3574B24ADEA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{1C6C05E6-FF52-4A03-BCA5-1497579B0B89}" = calibre 64bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{939913F9-F134-4E9E-B879-BE6755B69952}" = USB CCID Smartcard Reader - Version 1.2.1.2
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.9
"GPL Ghostscript 9.06" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RmTablet" = Tablet Driver With Macrokey Manager
"sp6" = Logitech SetPoint 6.52
"VLC media player" = VLC media player 2.0.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{181241DD-2FC2-4CF9-94CE-97F3E37D6F0B}" = Adobe Edge Animate
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41A12FFC-89E9-4743-A51E-00975CA31F40}" = Adobe Exchange Panel
"{4932BCEA-E142-4A41-B3D2-0934EBE24CB4}" = Adobe Edge Reflow Preview
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1" = MIDI4all
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{776B5EBF-72E9-4FBB-9CAB-F029F7500FFF}" = capella-scan 8.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{893B3B44-0A1E-404B-8FE8-0A74509102A9}" = Adobe Creative Cloud Connection
"{8A22263A-70C9-48CA-8C78-545ECBA566AE}" = capella-scan 8 Ergänzungswörterbücher
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D3873CF8-9608-402B-88AD-D73B5FFAAED8}" = capella 7
"{D4BE5664-4F9A-4655-BCAB-A9E134DB365E}" = capella-scan 7.0
"{D830EE30-BF0C-42B7-A13C-927A379353ED}" = Adobe Edge Inspect
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Ashampoo Snap 5_is1" = Ashampoo Snap 5 v.5.1.5
"Audacity_is1" = Audacity 2.0.2
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Demo-capella-Vienna-orchestra_is1" = Demo-capella-Vienna-orchestra 1.20
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter Version 7.0.0.0
"Driver Genius_is1" = Driver Genius
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileZilla Client" = FileZilla Client 3.7.0.1
"Finale NotePad 2012" = Finale NotePad 2012
"Google Chrome" = Google Chrome
"Hear & Play Song Learner Pro_is1" = Hear & Play Song Learner Pro
"Inkscape" = Inkscape 0.48.4
"InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"MatheAss_is1" = MatheAss 8.2
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SugarSync" = SugarSync
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2013 06:18:36 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 16.06.2013 06:18:51 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 16.06.2013 06:53:50 | Computer Name = Bernds-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110,
 Zeitstempel: 0x51a566a7  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
 Prozesses: 0x15f8  Startzeit der fehlerhaften Anwendung: 0x01ce6a7720661ef6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 067f2562-d673-11e2-a6cc-246511c0671c
 
Error - 16.06.2013 07:56:29 | Computer Name = Bernds-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2013 08:29:50 | Computer Name = Bernds-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2013 08:38:49 | Computer Name = Bernds-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2013 08:48:52 | Computer Name = Bernds-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110,
 Zeitstempel: 0x51a566a7  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
 Prozesses: 0x1560  Startzeit der fehlerhaften Anwendung: 0x01ce6a8fa6ce265e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 18af660c-d683-11e2-8e88-246511c0671c
 
Error - 16.06.2013 09:12:55 | Computer Name = Bernds-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110,
 Zeitstempel: 0x51a566a7  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
 Prozesses: 0x260  Startzeit der fehlerhaften Anwendung: 0x01ce6a90500a61c9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 7480cb97-d686-11e2-8e88-246511c0671c
 
Error - 16.06.2013 09:15:03 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 16.06.2013 09:15:16 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706
Description = 
 
[ System Events ]
Error - 16.06.2013 08:01:46 | Computer Name = Bernds-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 16.06.2013 08:27:31 | Computer Name = Bernds-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 16.06.2013 08:27:50 | Computer Name = Bernds-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 16.06.2013 08:30:36 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 16.06.2013 08:31:06 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 16.06.2013 08:34:59 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.06.2013 08:38:04 | Computer Name = Bernds-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 16.06.2013 08:38:19 | Computer Name = Bernds-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 16.06.2013 08:40:52 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
Error - 16.06.2013 08:42:48 | Computer Name = Bernds-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-16 17:48:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 SAMSUNG_ rev.CT10 372,61GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Bernd\AppData\Local\Temp\pwdiipog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       0000000077a90018 5 bytes JMP 000000016b8c17e3
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17                                                        0000000076e91401 2 bytes JMP 000000010779a47c
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17                                                          0000000076e91419 2 bytes JMP 000000010779a494
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17                                                        0000000076e91431 2 bytes JMP 000000010779a4ac
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42                                                        0000000076e9144a 2 bytes JMP 0000000076f5fcc5
.text   ...                                                                                                                                                                              * 9
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17                                                           0000000076e914dd 2 bytes JMP 000000010779a558
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17                                                    0000000076e914f5 2 bytes JMP 000000010779a570
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17                                                           0000000076e9150d 2 bytes JMP 000000010779a588
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17                                                    0000000076e91525 2 bytes JMP 000000010779a5a0
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17                                                          0000000076e9153d 2 bytes JMP 000000010779a5b8
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17                                                               0000000076e91555 2 bytes JMP 000000010779a5d0
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17                                                        0000000076e9156d 2 bytes JMP 000000010779a5e8
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17                                                          0000000076e91585 2 bytes JMP 000000010779a600
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17                                                             0000000076e9159d 2 bytes JMP 000000010779a618
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17                                                          0000000076e915b5 2 bytes JMP 000000010779a630
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17                                                        0000000076e915cd 2 bytes JMP 000000015d37ce48
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20                                                    0000000076e916b2 2 bytes JMP 000000010779a72d
.text   C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31                                                    0000000076e916bd 2 bytes JMP 000000010779a738
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                      0000000076e91401 2 bytes JMP 000000010779a47c
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                        0000000076e91419 2 bytes JMP 000000010779a494
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                      0000000076e91431 2 bytes JMP 000000010779a4ac
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                      0000000076e9144a 2 bytes JMP 0000000076f5fcc5
.text   ...                                                                                                                                                                              * 9
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                         0000000076e914dd 2 bytes JMP 000000010779a558
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                  0000000076e914f5 2 bytes JMP 000000010779a570
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                         0000000076e9150d 2 bytes JMP 000000010779a588
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                  0000000076e91525 2 bytes JMP 000000010779a5a0
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                        0000000076e9153d 2 bytes JMP 000000010779a5b8
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                             0000000076e91555 2 bytes JMP 000000010779a5d0
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                      0000000076e9156d 2 bytes JMP 000000010779a5e8
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                        0000000076e91585 2 bytes JMP 000000010779a600
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                           0000000076e9159d 2 bytes JMP 000000010779a618
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                        0000000076e915b5 2 bytes JMP 000000010779a630
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                      0000000076e915cd 2 bytes JMP 000000015d37ce48
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                  0000000076e916b2 2 bytes JMP 000000010779a72d
.text   C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                  0000000076e916bd 2 bytes JMP 000000010779a738
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17                                                0000000076e91401 2 bytes JMP 000000010779a47c
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17                                                  0000000076e91419 2 bytes JMP 000000010779a494
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17                                                0000000076e91431 2 bytes JMP 000000010779a4ac
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42                                                0000000076e9144a 2 bytes JMP 0000000076f5fcc5
.text   ...                                                                                                                                                                              * 9
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17                                                   0000000076e914dd 2 bytes JMP 000000010779a558
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17                                            0000000076e914f5 2 bytes JMP 000000010779a570
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17                                                   0000000076e9150d 2 bytes JMP 000000010779a588
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17                                            0000000076e91525 2 bytes JMP 000000010779a5a0
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17                                                  0000000076e9153d 2 bytes JMP 000000010779a5b8
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17                                                       0000000076e91555 2 bytes JMP 000000010779a5d0
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17                                                0000000076e9156d 2 bytes JMP 000000010779a5e8
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17                                                  0000000076e91585 2 bytes JMP 000000010779a600
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17                                                     0000000076e9159d 2 bytes JMP 000000010779a618
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17                                                  0000000076e915b5 2 bytes JMP 000000010779a630
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17                                                0000000076e915cd 2 bytes JMP 000000015d37ce48
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20                                            0000000076e916b2 2 bytes JMP 000000010779a72d
.text   C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31                                            0000000076e916bd 2 bytes JMP 000000010779a738
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                        0000000076e91401 2 bytes JMP 000000010779a47c
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                          0000000076e91419 2 bytes JMP 000000010779a494
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                        0000000076e91431 2 bytes JMP 000000010779a4ac
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                        0000000076e9144a 2 bytes JMP 0000000076f5fcc5
.text   ...                                                                                                                                                                              * 9
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                           0000000076e914dd 2 bytes JMP 000000010779a558
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                    0000000076e914f5 2 bytes JMP 000000010779a570
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                           0000000076e9150d 2 bytes JMP 000000010779a588
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                    0000000076e91525 2 bytes JMP 000000010779a5a0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                          0000000076e9153d 2 bytes JMP 000000010779a5b8
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                               0000000076e91555 2 bytes JMP 000000010779a5d0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                        0000000076e9156d 2 bytes JMP 000000010779a5e8
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                          0000000076e91585 2 bytes JMP 000000010779a600
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                             0000000076e9159d 2 bytes JMP 000000010779a618
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                          0000000076e915b5 2 bytes JMP 000000010779a630
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                        0000000076e915cd 2 bytes JMP 000000015d37ce48
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                    0000000076e916b2 2 bytes JMP 000000010779a72d
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                    0000000076e916bd 2 bytes JMP 000000010779a738
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17                                                                    0000000076e91401 2 bytes JMP 000000010779a47c
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17                                                                      0000000076e91419 2 bytes JMP 000000010779a494
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17                                                                    0000000076e91431 2 bytes JMP 000000010779a4ac
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42                                                                    0000000076e9144a 2 bytes JMP 0000000076f5fcc5
.text   ...                                                                                                                                                                              * 9
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17                                                                       0000000076e914dd 2 bytes JMP 000000010779a558
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17                                                                0000000076e914f5 2 bytes JMP 000000010779a570
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17                                                                       0000000076e9150d 2 bytes JMP 000000010779a588
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17                                                                0000000076e91525 2 bytes JMP 000000010779a5a0
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17                                                                      0000000076e9153d 2 bytes JMP 000000010779a5b8
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17                                                                           0000000076e91555 2 bytes JMP 000000010779a5d0
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17                                                                    0000000076e9156d 2 bytes JMP 000000010779a5e8
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17                                                                      0000000076e91585 2 bytes JMP 000000010779a600
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17                                                                         0000000076e9159d 2 bytes JMP 000000010779a618
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17                                                                      0000000076e915b5 2 bytes JMP 000000010779a630
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17                                                                    0000000076e915cd 2 bytes JMP 000000015d37ce48
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20                                                                0000000076e916b2 2 bytes JMP 000000010779a72d
.text   C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31                                                                0000000076e916bd 2 bytes JMP 000000010779a738
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW              0000000075274945 6 bytes JMP 5f070f5a
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\USER32.dll!LoadStringW                   00000000767b8eb9 6 bytes JMP 5f040f5a
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17      0000000076e91401 2 bytes JMP 000000010779a47c
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17        0000000076e91419 2 bytes JMP 000000010779a494
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17      0000000076e91431 2 bytes JMP 000000010779a4ac
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42      0000000076e9144a 2 bytes JMP 0000000076f5fcc5
.text   ...                                                                                                                                                                              * 9
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17         0000000076e914dd 2 bytes JMP 000000010779a558
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17  0000000076e914f5 2 bytes JMP 000000010779a570
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17         0000000076e9150d 2 bytes JMP 000000010779a588
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17  0000000076e91525 2 bytes JMP 000000010779a5a0
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17        0000000076e9153d 2 bytes JMP 000000010779a5b8
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17             0000000076e91555 2 bytes JMP 000000010779a5d0
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17      0000000076e9156d 2 bytes JMP 000000010779a5e8
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17        0000000076e91585 2 bytes JMP 000000010779a600
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17           0000000076e9159d 2 bytes JMP 000000010779a618
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17        0000000076e915b5 2 bytes JMP 000000010779a630
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17      0000000076e915cd 2 bytes JMP 000000015d37ce48
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20  0000000076e916b2 2 bytes JMP 000000010779a72d
.text   C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31  0000000076e916bd 2 bytes JMP 000000010779a738

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [488:5904]                                                                                                                                       000007fef76e6ed4
Thread  C:\Windows\system32\svchost.exe [488:5908]                                                                                                                                       000007fef76e6b8c
Thread  C:\Windows\System32\svchost.exe [412:4436]                                                                                                                                       000007feea9b9688

---- EOF - GMER 2.1 ----
         
Grüße von Böni.

Alt 16.06.2013, 17:42   #2
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Hi,
poste das adwcleaner log bitte.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 16.06.2013, 18:17   #3
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Hallo markusg,

hierkommen die logs:
adwcleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 16/06/2013 um 18:55:47 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Bernd - BERNDS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Arbeitskonto Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\9xvjz5ff.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.3476] : urls_to_restore_on_startup = [ "hxxps://www.google.de/webhp?hl=de&source=hp&btnG=Google-Suche[...]

*************************

AdwCleaner[S1].txt - [15204 octets] - [16/06/2013 14:18:50]
AdwCleaner[S2].txt - [1305 octets] - [16/06/2013 18:55:47]

########## EOF - \AdwCleaner[S2].txt - [1365 octets] ##########
         
--- --- ---


TDSSKiller
Code:
ATTFilter
19:07:03.0848 1156  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:07:10.0351 1156  ============================================================
19:07:10.0351 1156  Current date / time: 2013/06/16 19:07:10.0351
19:07:10.0351 1156  SystemInfo:
19:07:10.0351 1156  
19:07:10.0351 1156  OS Version: 6.1.7601 ServicePack: 1.0
19:07:10.0351 1156  Product type: Workstation
19:07:10.0351 1156  ComputerName: BERNDS-PC
19:07:10.0351 1156  UserName: Bernd
19:07:10.0351 1156  Windows directory: C:\Windows
19:07:10.0351 1156  System windows directory: C:\Windows
19:07:10.0351 1156  Running under WOW64
19:07:10.0351 1156  Processor architecture: Intel x64
19:07:10.0351 1156  Number of processors: 2
19:07:10.0352 1156  Page size: 0x1000
19:07:10.0352 1156  Boot type: Normal boot
19:07:10.0352 1156  ============================================================
19:07:30.0574 1156  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0x2CD34, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
19:07:30.0579 1156  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:07:30.0580 1156  Drive \Device\Harddisk2\DR2 - Size: 0x7470C05A00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:07:34.0256 1156  ============================================================
19:07:34.0256 1156  \Device\Harddisk0\DR0:
19:07:34.0264 1156  MBR partitions:
19:07:34.0264 1156  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:07:34.0265 1156  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
19:07:34.0265 1156  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x1C43F800
19:07:34.0265 1156  \Device\Harddisk1\DR1:
19:07:34.0265 1156  MBR partitions:
19:07:34.0265 1156  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:07:34.0265 1156  \Device\Harddisk2\DR2:
19:07:34.0277 1156  MBR partitions:
19:07:34.0277 1156  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3A384800
19:07:34.0277 1156  ============================================================
19:07:34.0314 1156  C: <-> \Device\Harddisk0\DR0\Partition2
19:07:34.0320 1156  G: <-> \Device\Harddisk2\DR2\Partition1
19:07:34.0354 1156  H: <-> \Device\Harddisk1\DR1\Partition1
19:07:34.0390 1156  F: <-> \Device\Harddisk0\DR0\Partition3
19:07:34.0391 1156  ============================================================
19:07:34.0391 1156  Initialize success
19:07:34.0391 1156  ============================================================
19:07:58.0687 4804  ============================================================
19:07:58.0687 4804  Scan started
19:07:58.0687 4804  Mode: Manual; SigCheck; TDLFS; 
19:07:58.0687 4804  ============================================================
19:08:00.0346 4804  ================ Scan system memory ========================
19:08:00.0347 4804  System memory - ok
19:08:00.0347 4804  ================ Scan services =============================
19:08:00.0772 4804  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:08:09.0936 4804  1394ohci - ok
19:08:09.0966 4804  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:08:09.0988 4804  ACPI - ok
19:08:10.0032 4804  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:08:10.0096 4804  AcpiPmi - ok
19:08:10.0225 4804  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:08:10.0242 4804  AdobeARMservice - ok
19:08:10.0367 4804  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:10.0383 4804  AdobeFlashPlayerUpdateSvc - ok
19:08:10.0417 4804  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:08:10.0443 4804  adp94xx - ok
19:08:10.0482 4804  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:08:10.0504 4804  adpahci - ok
19:08:10.0525 4804  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:08:10.0544 4804  adpu320 - ok
19:08:10.0574 4804  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:08:10.0695 4804  AeLookupSvc - ok
19:08:10.0750 4804  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:08:10.0810 4804  AFD - ok
19:08:10.0834 4804  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:08:10.0851 4804  agp440 - ok
19:08:10.0872 4804  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:08:10.0920 4804  ALG - ok
19:08:10.0949 4804  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:08:10.0964 4804  aliide - ok
19:08:10.0980 4804  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:08:10.0995 4804  amdide - ok
19:08:11.0021 4804  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:08:11.0056 4804  AmdK8 - ok
19:08:11.0077 4804  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:08:11.0113 4804  AmdPPM - ok
19:08:11.0234 4804  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:08:11.0283 4804  amdsata - ok
19:08:11.0303 4804  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:08:11.0322 4804  amdsbs - ok
19:08:11.0342 4804  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:08:11.0373 4804  amdxata - ok
19:08:11.0397 4804  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:08:11.0540 4804  AppID - ok
19:08:11.0562 4804  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:08:11.0624 4804  AppIDSvc - ok
19:08:11.0662 4804  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:08:11.0710 4804  Appinfo - ok
19:08:11.0790 4804  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:08:11.0839 4804  AppMgmt - ok
19:08:11.0862 4804  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:08:11.0879 4804  arc - ok
19:08:11.0908 4804  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:08:11.0924 4804  arcsas - ok
19:08:12.0041 4804  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:08:12.0068 4804  aspnet_state - ok
19:08:12.0096 4804  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:12.0154 4804  AsyncMac - ok
19:08:12.0180 4804  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:08:12.0196 4804  atapi - ok
19:08:12.0239 4804  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:12.0318 4804  AudioEndpointBuilder - ok
19:08:12.0331 4804  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:08:12.0375 4804  AudioSrv - ok
19:08:12.0452 4804  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
19:08:12.0481 4804  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0481 4804  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
19:08:12.0532 4804  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
19:08:12.0551 4804  avmeject - ok
19:08:12.0620 4804  [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
19:08:12.0636 4804  AVP - ok
19:08:12.0670 4804  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:08:12.0752 4804  AxInstSV - ok
19:08:12.0795 4804  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:08:12.0856 4804  b06bdrv - ok
19:08:12.0927 4804  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:12.0965 4804  b57nd60a - ok
19:08:12.0990 4804  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:08:13.0039 4804  BDESVC - ok
19:08:13.0057 4804  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:08:13.0117 4804  Beep - ok
19:08:13.0164 4804  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:08:13.0226 4804  BFE - ok
19:08:13.0273 4804  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:08:13.0341 4804  BITS - ok
19:08:13.0373 4804  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:13.0406 4804  blbdrive - ok
19:08:13.0438 4804  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:08:13.0479 4804  bowser - ok
19:08:13.0488 4804  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:08:13.0528 4804  BrFiltLo - ok
19:08:13.0545 4804  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:08:13.0564 4804  BrFiltUp - ok
19:08:13.0591 4804  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:08:13.0618 4804  Browser - ok
19:08:13.0633 4804  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:08:13.0696 4804  Brserid - ok
19:08:13.0712 4804  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:13.0747 4804  BrSerWdm - ok
19:08:13.0764 4804  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:13.0799 4804  BrUsbMdm - ok
19:08:13.0816 4804  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:13.0833 4804  BrUsbSer - ok
19:08:13.0839 4804  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:08:13.0861 4804  BTHMODEM - ok
19:08:13.0900 4804  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:08:13.0943 4804  bthserv - ok
19:08:13.0964 4804  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:08:14.0018 4804  cdfs - ok
19:08:14.0056 4804  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:08:14.0094 4804  cdrom - ok
19:08:14.0125 4804  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:08:14.0180 4804  CertPropSvc - ok
19:08:14.0207 4804  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:08:14.0227 4804  circlass - ok
19:08:14.0265 4804  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:08:14.0289 4804  CLFS - ok
19:08:14.0342 4804  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:14.0360 4804  clr_optimization_v2.0.50727_32 - ok
19:08:14.0397 4804  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:14.0413 4804  clr_optimization_v2.0.50727_64 - ok
19:08:14.0457 4804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:14.0484 4804  clr_optimization_v4.0.30319_32 - ok
19:08:14.0501 4804  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:14.0517 4804  clr_optimization_v4.0.30319_64 - ok
19:08:14.0536 4804  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:08:14.0565 4804  CmBatt - ok
19:08:14.0582 4804  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:08:14.0597 4804  cmdide - ok
19:08:14.0631 4804  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:08:14.0685 4804  CNG - ok
19:08:14.0765 4804  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:08:14.0780 4804  Compbatt - ok
19:08:14.0809 4804  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:08:14.0845 4804  CompositeBus - ok
19:08:14.0863 4804  COMSysApp - ok
19:08:14.0871 4804  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:08:14.0886 4804  crcdisk - ok
19:08:14.0970 4804  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:08:15.0016 4804  CryptSvc - ok
19:08:15.0058 4804  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:08:15.0185 4804  CSC - ok
19:08:15.0235 4804  [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec        C:\Windows\system32\DRIVERS\CSCrySec.sys
19:08:15.0250 4804  CSCrySec - ok
19:08:15.0275 4804  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:08:15.0319 4804  CscService - ok
19:08:15.0381 4804  [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
19:08:15.0411 4804  CSObjectsSrv - ok
19:08:15.0430 4804  [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
19:08:15.0444 4804  CSVirtualDiskDrv - ok
19:08:15.0484 4804  [ 485E158AC6777732F28798A7CCE2EC7E ] cxbu1x64        C:\Windows\system32\DRIVERS\cxbu1x64.sys
19:08:15.0528 4804  cxbu1x64 - ok
19:08:15.0579 4804  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:08:15.0644 4804  DcomLaunch - ok
19:08:15.0678 4804  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:08:15.0737 4804  defragsvc - ok
19:08:15.0769 4804  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:08:15.0827 4804  DfsC - ok
19:08:15.0866 4804  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:08:15.0929 4804  Dhcp - ok
19:08:15.0951 4804  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:08:16.0002 4804  discache - ok
19:08:16.0034 4804  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:08:16.0050 4804  Disk - ok
19:08:16.0086 4804  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:08:16.0129 4804  dmvsc - ok
19:08:16.0154 4804  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:08:16.0211 4804  Dnscache - ok
19:08:16.0239 4804  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:08:16.0284 4804  dot3svc - ok
19:08:16.0432 4804  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:08:16.0537 4804  DPS - ok
19:08:16.0619 4804  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:08:16.0707 4804  drmkaud - ok
19:08:16.0805 4804  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:08:16.0844 4804  DXGKrnl - ok
19:08:16.0862 4804  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:08:16.0915 4804  EapHost - ok
19:08:17.0041 4804  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:08:17.0136 4804  ebdrv - ok
19:08:17.0163 4804  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:08:17.0213 4804  EFS - ok
19:08:17.0268 4804  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:08:17.0330 4804  ehRecvr - ok
19:08:17.0345 4804  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:08:17.0375 4804  ehSched - ok
19:08:17.0426 4804  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:08:17.0452 4804  elxstor - ok
19:08:17.0465 4804  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:08:17.0499 4804  ErrDev - ok
19:08:17.0550 4804  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:08:17.0610 4804  EventSystem - ok
19:08:17.0633 4804  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:08:17.0678 4804  exfat - ok
19:08:17.0757 4804  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:08:17.0813 4804  fastfat - ok
19:08:17.0864 4804  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:08:17.0921 4804  Fax - ok
19:08:17.0941 4804  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:08:17.0968 4804  fdc - ok
19:08:17.0998 4804  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:08:18.0058 4804  fdPHost - ok
19:08:18.0074 4804  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:08:18.0130 4804  FDResPub - ok
19:08:18.0137 4804  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:08:18.0155 4804  FileInfo - ok
19:08:18.0177 4804  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:08:18.0234 4804  Filetrace - ok
19:08:18.0256 4804  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:18.0273 4804  flpydisk - ok
19:08:18.0308 4804  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:08:18.0329 4804  FltMgr - ok
19:08:18.0382 4804  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:08:18.0428 4804  FontCache - ok
19:08:18.0465 4804  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:08:18.0480 4804  FontCache3.0.0.0 - ok
19:08:18.0607 4804  [ 76FCBFD0C78DE110468B356F85EC6DB3 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
19:08:18.0631 4804  ForceWare Intelligent Application Manager (IAM) - ok
19:08:18.0644 4804  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:08:18.0660 4804  FsDepends - ok
19:08:18.0685 4804  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:08:18.0700 4804  Fs_Rec - ok
19:08:18.0745 4804  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:08:18.0767 4804  fvevol - ok
19:08:18.0821 4804  [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn       C:\Windows\system32\DRIVERS\fwlanusbn.sys
19:08:18.0880 4804  fwlanusbn - ok
19:08:18.0907 4804  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:08:18.0923 4804  gagp30kx - ok
19:08:18.0961 4804  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:08:19.0017 4804  gpsvc - ok
19:08:19.0081 4804  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:08:19.0094 4804  gupdate - ok
19:08:19.0110 4804  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:08:19.0124 4804  gupdatem - ok
19:08:19.0143 4804  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:08:19.0187 4804  hcw85cir - ok
19:08:19.0219 4804  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:08:19.0256 4804  HdAudAddService - ok
19:08:19.0282 4804  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:19.0315 4804  HDAudBus - ok
19:08:19.0333 4804  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:08:19.0365 4804  HidBatt - ok
19:08:19.0383 4804  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:08:19.0417 4804  HidBth - ok
19:08:19.0438 4804  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:08:19.0458 4804  HidIr - ok
19:08:19.0470 4804  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:08:19.0512 4804  hidserv - ok
19:08:19.0533 4804  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:08:19.0550 4804  HidUsb - ok
19:08:19.0583 4804  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:08:19.0650 4804  hkmsvc - ok
19:08:19.0673 4804  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:08:19.0715 4804  HomeGroupListener - ok
19:08:19.0771 4804  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:08:19.0800 4804  HomeGroupProvider - ok
19:08:19.0823 4804  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:08:19.0838 4804  HpSAMD - ok
19:08:19.0878 4804  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:08:19.0942 4804  HTTP - ok
19:08:19.0962 4804  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:08:19.0985 4804  hwpolicy - ok
19:08:20.0083 4804  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:20.0116 4804  i8042prt - ok
19:08:20.0192 4804  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:08:20.0215 4804  iaStorV - ok
19:08:20.0260 4804  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:08:20.0293 4804  idsvc - ok
19:08:20.0313 4804  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:08:20.0328 4804  iirsp - ok
19:08:20.0366 4804  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:08:20.0438 4804  IKEEXT - ok
19:08:20.0670 4804  [ CCEDD47ABD068C58C8513DEB785093BB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:08:20.0756 4804  IntcAzAudAddService - ok
19:08:20.0786 4804  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:08:20.0800 4804  intelide - ok
19:08:20.0818 4804  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
19:08:20.0845 4804  intelppm - ok
19:08:20.0880 4804  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:08:20.0935 4804  IPBusEnum - ok
19:08:20.0943 4804  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:20.0984 4804  IpFilterDriver - ok
19:08:21.0024 4804  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:08:21.0080 4804  iphlpsvc - ok
19:08:21.0089 4804  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:08:21.0107 4804  IPMIDRV - ok
19:08:21.0115 4804  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:08:21.0173 4804  IPNAT - ok
19:08:21.0202 4804  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:08:21.0238 4804  IRENUM - ok
19:08:21.0245 4804  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:08:21.0260 4804  isapnp - ok
19:08:21.0296 4804  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:08:21.0318 4804  iScsiPrt - ok
19:08:21.0344 4804  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:21.0360 4804  kbdclass - ok
19:08:21.0372 4804  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:21.0404 4804  kbdhid - ok
19:08:21.0426 4804  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:08:21.0442 4804  KeyIso - ok
19:08:21.0489 4804  [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
19:08:21.0512 4804  KL1 - ok
19:08:21.0543 4804  [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
19:08:21.0636 4804  kl2 - ok
19:08:21.0702 4804  [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
19:08:21.0729 4804  KLIF - ok
19:08:21.0789 4804  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
19:08:21.0803 4804  KLIM6 - ok
19:08:21.0821 4804  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
19:08:21.0939 4804  klmouflt - ok
19:08:21.0966 4804  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:08:21.0985 4804  KSecDD - ok
19:08:22.0016 4804  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:08:22.0035 4804  KSecPkg - ok
19:08:22.0064 4804  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:08:22.0119 4804  ksthunk - ok
19:08:22.0152 4804  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:08:22.0209 4804  KtmRm - ok
19:08:22.0256 4804  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:08:22.0313 4804  LanmanServer - ok
19:08:22.0375 4804  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:08:22.0434 4804  LanmanWorkstation - ok
19:08:22.0499 4804  [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:08:22.0521 4804  LBTServ - ok
19:08:22.0552 4804  [ A03B765FF67E58BA75333C7C8C0D7706 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
19:08:22.0671 4804  LEqdUsb - ok
19:08:22.0712 4804  [ 389588725D419476F365370BED4FFE5A ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
19:08:22.0727 4804  LHidEqd - ok
19:08:22.0743 4804  [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:08:22.0758 4804  LHidFilt - ok
19:08:22.0792 4804  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:08:22.0843 4804  lltdio - ok
19:08:22.0881 4804  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:08:22.0946 4804  lltdsvc - ok
19:08:22.0968 4804  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:08:23.0027 4804  lmhosts - ok
19:08:23.0048 4804  [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:08:23.0065 4804  LMouFilt - ok
19:08:23.0101 4804  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:08:23.0119 4804  LSI_FC - ok
19:08:23.0137 4804  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:08:23.0154 4804  LSI_SAS - ok
19:08:23.0183 4804  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:08:23.0199 4804  LSI_SAS2 - ok
19:08:23.0220 4804  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:08:23.0238 4804  LSI_SCSI - ok
19:08:23.0270 4804  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:08:23.0329 4804  luafv - ok
19:08:23.0377 4804  [ B8EAC4507EB4655377B1E094FCE7F12E ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
19:08:23.0397 4804  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0397 4804  Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:08:23.0425 4804  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:08:23.0455 4804  Mcx2Svc - ok
19:08:23.0461 4804  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:08:23.0478 4804  megasas - ok
19:08:23.0502 4804  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:08:23.0524 4804  MegaSR - ok
19:08:23.0563 4804  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:08:23.0622 4804  MMCSS - ok
19:08:23.0642 4804  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:08:23.0693 4804  Modem - ok
19:08:23.0761 4804  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:08:23.0791 4804  monitor - ok
19:08:23.0817 4804  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:08:23.0833 4804  mouclass - ok
19:08:23.0862 4804  [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
19:08:23.0905 4804  moufiltr - ok
19:08:23.0923 4804  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:08:23.0957 4804  mouhid - ok
19:08:23.0976 4804  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:08:23.0994 4804  mountmgr - ok
19:08:24.0046 4804  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:08:24.0064 4804  MozillaMaintenance - ok
19:08:24.0084 4804  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:08:24.0103 4804  mpio - ok
19:08:24.0113 4804  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:08:24.0156 4804  mpsdrv - ok
19:08:24.0193 4804  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:08:24.0250 4804  MpsSvc - ok
19:08:24.0265 4804  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:08:24.0300 4804  MRxDAV - ok
19:08:24.0323 4804  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:24.0360 4804  mrxsmb - ok
19:08:24.0378 4804  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:24.0399 4804  mrxsmb10 - ok
19:08:24.0408 4804  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:24.0425 4804  mrxsmb20 - ok
19:08:24.0440 4804  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:08:24.0456 4804  msahci - ok
19:08:24.0476 4804  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:08:24.0496 4804  msdsm - ok
19:08:24.0509 4804  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:08:24.0544 4804  MSDTC - ok
19:08:24.0559 4804  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:08:24.0609 4804  Msfs - ok
19:08:24.0629 4804  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:08:24.0671 4804  mshidkmdf - ok
19:08:24.0681 4804  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:08:24.0699 4804  msisadrv - ok
19:08:24.0724 4804  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:08:24.0786 4804  MSiSCSI - ok
19:08:24.0792 4804  msiserver - ok
19:08:24.0821 4804  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:08:24.0874 4804  MSKSSRV - ok
19:08:24.0901 4804  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:24.0958 4804  MSPCLOCK - ok
19:08:24.0977 4804  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:08:25.0030 4804  MSPQM - ok
19:08:25.0066 4804  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:08:25.0089 4804  MsRPC - ok
19:08:25.0107 4804  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:25.0121 4804  mssmbios - ok
19:08:25.0127 4804  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:08:25.0179 4804  MSTEE - ok
19:08:25.0186 4804  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:08:25.0206 4804  MTConfig - ok
19:08:25.0224 4804  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:08:25.0241 4804  Mup - ok
19:08:25.0282 4804  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:08:25.0352 4804  napagent - ok
19:08:25.0395 4804  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:08:25.0446 4804  NativeWifiP - ok
19:08:25.0501 4804  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:08:25.0537 4804  NDIS - ok
19:08:25.0544 4804  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:25.0587 4804  NdisCap - ok
19:08:25.0614 4804  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:25.0656 4804  NdisTapi - ok
19:08:25.0673 4804  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:25.0714 4804  Ndisuio - ok
19:08:25.0723 4804  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:25.0779 4804  NdisWan - ok
19:08:25.0796 4804  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:08:25.0850 4804  NDProxy - ok
19:08:25.0875 4804  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:08:25.0935 4804  NetBIOS - ok
19:08:25.0957 4804  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:08:26.0012 4804  NetBT - ok
19:08:26.0029 4804  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:08:26.0048 4804  Netlogon - ok
19:08:26.0099 4804  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:08:26.0168 4804  Netman - ok
19:08:26.0207 4804  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:08:26.0234 4804  NetMsmqActivator - ok
19:08:26.0240 4804  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:08:26.0255 4804  NetPipeActivator - ok
19:08:26.0285 4804  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:08:26.0351 4804  netprofm - ok
19:08:26.0362 4804  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:08:26.0376 4804  NetTcpActivator - ok
19:08:26.0383 4804  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:08:26.0411 4804  NetTcpPortSharing - ok
19:08:26.0431 4804  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:08:26.0450 4804  nfrd960 - ok
19:08:26.0482 4804  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:08:26.0520 4804  NlaSvc - ok
19:08:26.0539 4804  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:08:26.0580 4804  Npfs - ok
19:08:26.0610 4804  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:08:26.0668 4804  nsi - ok
19:08:26.0691 4804  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:08:26.0748 4804  nsiproxy - ok
19:08:26.0787 4804  [ 13C0D9CBA38FFA6D0C9E721B5E7212A0 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
19:08:26.0803 4804  nSvcIp - ok
19:08:26.0869 4804  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:08:26.0920 4804  Ntfs - ok
19:08:26.0934 4804  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:08:26.0991 4804  Null - ok
19:08:27.0024 4804  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
19:08:27.0152 4804  nusb3hub - ok
19:08:27.0179 4804  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
19:08:27.0287 4804  nusb3xhc - ok
19:08:27.0340 4804  [ D60EB33D07A8C0D9CCA4265480A6CAB6 ] nvamacpi        C:\Windows\system32\DRIVERS\NVAMACPI.sys
19:08:27.0408 4804  nvamacpi - ok
19:08:27.0451 4804  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:08:27.0485 4804  NVENETFD - ok
19:08:27.0819 4804  [ C47D6B7299BA80A210BCAFA81AC978A1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:28.0327 4804  nvlddmkm - ok
19:08:28.0413 4804  [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
19:08:28.0434 4804  NVNET - ok
19:08:28.0474 4804  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:08:28.0493 4804  nvraid - ok
19:08:28.0515 4804  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:08:28.0533 4804  nvstor - ok
19:08:28.0569 4804  [ 71B6ECD3C56FBF12FB1968DA3953B703 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
19:08:28.0584 4804  nvstor64 - ok
19:08:28.0620 4804  [ 522845124DA947B2372C6F606CD105A8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:08:28.0638 4804  nvsvc - ok
19:08:28.0702 4804  [ A3A25E0509F67473B960DAF214828BE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:08:28.0752 4804  nvUpdatusService - ok
19:08:28.0775 4804  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:08:28.0792 4804  nv_agp - ok
19:08:28.0821 4804  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:08:28.0847 4804  ohci1394 - ok
19:08:28.0908 4804  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:28.0924 4804  ose - ok
19:08:29.0099 4804  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:08:29.0215 4804  osppsvc - ok
19:08:29.0279 4804  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:08:29.0325 4804  p2pimsvc - ok
19:08:29.0348 4804  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:08:29.0373 4804  p2psvc - ok
19:08:29.0413 4804  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:08:29.0446 4804  Parport - ok
19:08:29.0471 4804  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:08:29.0488 4804  partmgr - ok
19:08:29.0511 4804  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:08:29.0553 4804  PcaSvc - ok
19:08:29.0563 4804  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:08:29.0583 4804  pci - ok
19:08:29.0599 4804  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:08:29.0614 4804  pciide - ok
19:08:29.0631 4804  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:08:29.0652 4804  pcmcia - ok
19:08:29.0659 4804  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:08:29.0676 4804  pcw - ok
19:08:29.0706 4804  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:08:29.0771 4804  PEAUTH - ok
19:08:29.0837 4804  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:08:29.0892 4804  PeerDistSvc - ok
19:08:29.0966 4804  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:08:30.0172 4804  PerfHost - ok
19:08:30.0241 4804  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:08:30.0321 4804  pla - ok
19:08:30.0364 4804  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:08:30.0399 4804  PlugPlay - ok
19:08:30.0415 4804  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:08:30.0445 4804  PNRPAutoReg - ok
19:08:30.0473 4804  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:08:30.0493 4804  PNRPsvc - ok
19:08:30.0532 4804  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:08:30.0594 4804  PolicyAgent - ok
19:08:30.0627 4804  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:08:30.0687 4804  Power - ok
19:08:30.0752 4804  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:08:30.0808 4804  PptpMiniport - ok
19:08:30.0826 4804  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:08:30.0860 4804  Processor - ok
19:08:30.0903 4804  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:08:30.0946 4804  ProfSvc - ok
19:08:30.0963 4804  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:08:30.0981 4804  ProtectedStorage - ok
19:08:31.0008 4804  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:08:31.0064 4804  Psched - ok
19:08:31.0117 4804  [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
19:08:31.0163 4804  PSI - ok
19:08:31.0192 4804  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:08:31.0210 4804  PSI_SVC_2 - ok
19:08:31.0252 4804  [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:08:31.0267 4804  PxHlpa64 - ok
19:08:31.0587 4804  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:08:31.0634 4804  ql2300 - ok
19:08:31.0655 4804  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:08:31.0673 4804  ql40xx - ok
19:08:31.0709 4804  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:08:31.0737 4804  QWAVE - ok
19:08:31.0751 4804  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:08:31.0784 4804  QWAVEdrv - ok
19:08:31.0805 4804  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:08:31.0846 4804  RasAcd - ok
19:08:31.0889 4804  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:31.0930 4804  RasAgileVpn - ok
19:08:31.0948 4804  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:08:32.0002 4804  RasAuto - ok
19:08:32.0020 4804  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:32.0069 4804  Rasl2tp - ok
19:08:32.0092 4804  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:08:32.0139 4804  RasMan - ok
19:08:32.0147 4804  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:32.0205 4804  RasPppoe - ok
19:08:32.0221 4804  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:08:32.0281 4804  RasSstp - ok
19:08:32.0311 4804  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:08:32.0356 4804  rdbss - ok
19:08:32.0364 4804  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:08:32.0397 4804  rdpbus - ok
19:08:32.0414 4804  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:32.0455 4804  RDPCDD - ok
19:08:32.0490 4804  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:08:32.0555 4804  RDPDR - ok
19:08:32.0570 4804  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:08:32.0620 4804  RDPENCDD - ok
19:08:32.0639 4804  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:08:32.0681 4804  RDPREFMP - ok
19:08:32.0770 4804  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:08:32.0818 4804  RdpVideoMiniport - ok
19:08:32.0845 4804  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:08:32.0940 4804  RDPWD - ok
19:08:32.0956 4804  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:08:32.0976 4804  rdyboost - ok
19:08:33.0000 4804  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:08:33.0046 4804  RemoteAccess - ok
19:08:33.0098 4804  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:08:33.0211 4804  RemoteRegistry - ok
19:08:33.0263 4804  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:08:33.0363 4804  RpcEptMapper - ok
19:08:33.0392 4804  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:08:33.0427 4804  RpcLocator - ok
19:08:33.0459 4804  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:08:33.0505 4804  RpcSs - ok
19:08:33.0538 4804  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:08:33.0582 4804  rspndr - ok
19:08:33.0609 4804  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:08:33.0635 4804  s3cap - ok
19:08:33.0651 4804  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:08:33.0667 4804  SamSs - ok
19:08:33.0675 4804  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:08:33.0693 4804  sbp2port - ok
19:08:33.0709 4804  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:08:33.0756 4804  SCardSvr - ok
19:08:33.0770 4804  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:08:33.0822 4804  scfilter - ok
19:08:33.0861 4804  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:08:33.0930 4804  Schedule - ok
19:08:33.0962 4804  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:08:34.0002 4804  SCPolicySvc - ok
19:08:34.0022 4804  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:08:34.0073 4804  SDRSVC - ok
19:08:34.0095 4804  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:08:34.0154 4804  secdrv - ok
19:08:34.0174 4804  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:08:34.0215 4804  seclogon - ok
19:08:34.0289 4804  [ E43C0D32FF2D9A72F2D975B83B916964 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:08:34.0332 4804  Secunia PSI Agent - ok
19:08:34.0375 4804  [ CB2D183E27D1443F7D4CF10665B2BDED ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
19:08:34.0403 4804  Secunia Update Agent - ok
19:08:34.0418 4804  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:08:34.0461 4804  SENS - ok
19:08:34.0483 4804  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:08:34.0522 4804  SensrSvc - ok
19:08:34.0550 4804  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:08:34.0594 4804  Serenum - ok
19:08:34.0618 4804  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:08:34.0648 4804  Serial - ok
19:08:34.0666 4804  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:08:34.0693 4804  sermouse - ok
19:08:34.0738 4804  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:08:34.0794 4804  SessionEnv - ok
19:08:34.0809 4804  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:08:34.0829 4804  sffdisk - ok
19:08:34.0847 4804  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:08:34.0878 4804  sffp_mmc - ok
19:08:34.0902 4804  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:08:34.0932 4804  sffp_sd - ok
19:08:34.0948 4804  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:08:34.0973 4804  sfloppy - ok
19:08:35.0006 4804  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:08:35.0068 4804  SharedAccess - ok
19:08:35.0100 4804  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:35.0148 4804  ShellHWDetection - ok
19:08:35.0172 4804  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:08:35.0190 4804  SiSRaid2 - ok
19:08:35.0211 4804  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:08:35.0229 4804  SiSRaid4 - ok
19:08:35.0290 4804  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:08:35.0353 4804  Smb - ok
19:08:35.0402 4804  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:08:35.0437 4804  SNMPTRAP - ok
19:08:35.0459 4804  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:08:35.0475 4804  spldr - ok
19:08:35.0516 4804  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:08:35.0555 4804  Spooler - ok
19:08:35.0647 4804  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:08:35.0758 4804  sppsvc - ok
19:08:35.0777 4804  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:08:35.0820 4804  sppuinotify - ok
19:08:35.0851 4804  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:08:35.0904 4804  srv - ok
19:08:35.0916 4804  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:08:35.0950 4804  srv2 - ok
19:08:35.0958 4804  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:08:35.0977 4804  srvnet - ok
19:08:36.0043 4804  [ 2F4595C0AFA2152D67AAE594DC461509 ] SSCBFS3         C:\Windows\system32\DRIVERS\sscbfs3.sys
19:08:36.0065 4804  SSCBFS3 - ok
19:08:36.0100 4804  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:08:36.0145 4804  SSDPSRV - ok
19:08:36.0156 4804  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:08:36.0199 4804  SstpSvc - ok
19:08:36.0223 4804  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:08:36.0239 4804  stexstor - ok
19:08:36.0290 4804  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:08:36.0324 4804  stisvc - ok
19:08:36.0356 4804  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:08:36.0372 4804  storflt - ok
19:08:36.0396 4804  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
19:08:36.0422 4804  StorSvc - ok
19:08:36.0446 4804  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:08:36.0461 4804  storvsc - ok
19:08:36.0477 4804  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:08:36.0492 4804  swenum - ok
19:08:36.0560 4804  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:08:36.0595 4804  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:08:36.0595 4804  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:08:36.0625 4804  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:08:36.0694 4804  swprv - ok
19:08:36.0745 4804  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:08:36.0809 4804  SysMain - ok
19:08:36.0832 4804  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:36.0868 4804  TabletInputService - ok
19:08:36.0892 4804  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:08:36.0939 4804  TapiSrv - ok
19:08:36.0955 4804  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:08:37.0015 4804  TBS - ok
19:08:37.0094 4804  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:08:37.0150 4804  Tcpip - ok
19:08:37.0192 4804  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:08:37.0237 4804  TCPIP6 - ok
19:08:37.0266 4804  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:08:37.0282 4804  tcpipreg - ok
19:08:37.0313 4804  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:08:37.0350 4804  TDPIPE - ok
19:08:37.0380 4804  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:08:37.0397 4804  TDTCP - ok
19:08:37.0426 4804  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:08:37.0481 4804  tdx - ok
19:08:37.0498 4804  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:08:37.0513 4804  TermDD - ok
19:08:37.0543 4804  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:08:37.0596 4804  TermService - ok
19:08:37.0610 4804  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:08:37.0633 4804  Themes - ok
19:08:37.0663 4804  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:08:37.0705 4804  THREADORDER - ok
19:08:37.0735 4804  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:08:37.0792 4804  TrkWks - ok
19:08:37.0847 4804  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:37.0889 4804  TrustedInstaller - ok
19:08:37.0911 4804  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:37.0967 4804  tssecsrv - ok
19:08:38.0006 4804  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:08:38.0030 4804  TsUsbFlt - ok
19:08:38.0054 4804  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:08:38.0127 4804  TsUsbGD - ok
19:08:38.0158 4804  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:08:38.0209 4804  tunnel - ok
19:08:38.0225 4804  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:08:38.0241 4804  uagp35 - ok
19:08:38.0264 4804  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:08:38.0323 4804  udfs - ok
19:08:38.0350 4804  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:08:38.0383 4804  UI0Detect - ok
19:08:38.0409 4804  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:08:38.0425 4804  uliagpkx - ok
19:08:38.0452 4804  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:08:38.0482 4804  umbus - ok
19:08:38.0500 4804  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:08:38.0528 4804  UmPass - ok
19:08:38.0556 4804  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:08:38.0592 4804  UmRdpService - ok
19:08:38.0622 4804  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:08:38.0683 4804  upnphost - ok
19:08:38.0753 4804  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:08:38.0790 4804  usbaudio - ok
19:08:38.0879 4804  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:38.0918 4804  usbccgp - ok
19:08:38.0936 4804  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:08:38.0958 4804  usbcir - ok
19:08:38.0969 4804  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:08:38.0999 4804  usbehci - ok
19:08:39.0013 4804  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:08:39.0047 4804  usbhub - ok
19:08:39.0063 4804  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:08:39.0096 4804  usbohci - ok
19:08:39.0129 4804  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:08:39.0163 4804  usbprint - ok
19:08:39.0202 4804  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:08:39.0221 4804  usbscan - ok
19:08:39.0250 4804  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:39.0290 4804  USBSTOR - ok
19:08:39.0305 4804  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:08:39.0338 4804  usbuhci - ok
19:08:39.0372 4804  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:08:39.0430 4804  UxSms - ok
19:08:39.0449 4804  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:08:39.0464 4804  VaultSvc - ok
19:08:39.0498 4804  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:08:39.0513 4804  vdrvroot - ok
19:08:39.0541 4804  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:08:39.0599 4804  vds - ok
19:08:39.0622 4804  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:39.0640 4804  vga - ok
19:08:39.0652 4804  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:08:39.0708 4804  VgaSave - ok
19:08:39.0732 4804  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:08:39.0753 4804  vhdmp - ok
19:08:39.0798 4804  [ C2C95D62C90CA809240112B41C1765F2 ] vhidmini        C:\Windows\system32\DRIVERS\walvhid.sys
19:08:39.0828 4804  vhidmini - ok
19:08:39.0842 4804  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:08:39.0857 4804  viaide - ok
19:08:39.0879 4804  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:08:39.0899 4804  vmbus - ok
19:08:39.0917 4804  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:08:39.0958 4804  VMBusHID - ok
19:08:39.0964 4804  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:08:39.0981 4804  volmgr - ok
19:08:40.0005 4804  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:08:40.0030 4804  volmgrx - ok
19:08:40.0041 4804  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:08:40.0061 4804  volsnap - ok
19:08:40.0140 4804  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:08:40.0204 4804  vsmraid - ok
19:08:40.0251 4804  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:08:40.0346 4804  VSS - ok
19:08:40.0365 4804  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:08:40.0400 4804  vwifibus - ok
19:08:40.0438 4804  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:08:40.0486 4804  W32Time - ok
19:08:40.0506 4804  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:08:40.0537 4804  WacomPen - ok
19:08:40.0574 4804  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:08:40.0624 4804  WANARP - ok
19:08:40.0629 4804  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:08:40.0670 4804  Wanarpv6 - ok
19:08:40.0716 4804  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:08:40.0791 4804  wbengine - ok
19:08:40.0814 4804  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:08:40.0841 4804  WbioSrvc - ok
19:08:40.0860 4804  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:08:40.0907 4804  wcncsvc - ok
19:08:40.0928 4804  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:40.0978 4804  WcsPlugInService - ok
19:08:40.0991 4804  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:08:41.0006 4804  Wd - ok
19:08:41.0057 4804  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:08:41.0091 4804  Wdf01000 - ok
19:08:41.0109 4804  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:08:41.0196 4804  WdiServiceHost - ok
19:08:41.0201 4804  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:08:41.0224 4804  WdiSystemHost - ok
19:08:41.0238 4804  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:08:41.0279 4804  WebClient - ok
19:08:41.0308 4804  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:08:41.0370 4804  Wecsvc - ok
19:08:41.0387 4804  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:08:41.0430 4804  wercplsupport - ok
19:08:41.0458 4804  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:08:41.0503 4804  WerSvc - ok
19:08:41.0526 4804  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:41.0569 4804  WfpLwf - ok
19:08:41.0583 4804  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:08:41.0599 4804  WIMMount - ok
19:08:41.0635 4804  WinDefend - ok
19:08:41.0654 4804  WinHttpAutoProxySvc - ok
19:08:41.0704 4804  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:08:41.0750 4804  Winmgmt - ok
19:08:41.0824 4804  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:08:41.0900 4804  WinRM - ok
19:08:41.0947 4804  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:08:41.0978 4804  WinUsb - ok
19:08:42.0013 4804  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:08:42.0064 4804  Wlansvc - ok
19:08:42.0081 4804  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:08:42.0098 4804  WmiAcpi - ok
19:08:42.0127 4804  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:08:42.0177 4804  wmiApSrv - ok
19:08:42.0197 4804  WMPNetworkSvc - ok
19:08:42.0208 4804  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:08:42.0236 4804  WPCSvc - ok
19:08:42.0253 4804  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:08:42.0275 4804  WPDBusEnum - ok
19:08:42.0295 4804  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:08:42.0336 4804  ws2ifsl - ok
19:08:42.0352 4804  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:08:42.0391 4804  wscsvc - ok
19:08:42.0397 4804  WSearch - ok
19:08:42.0439 4804  WTService - ok
19:08:42.0521 4804  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:08:42.0588 4804  wuauserv - ok
19:08:42.0625 4804  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:08:42.0665 4804  WudfPf - ok
19:08:42.0685 4804  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:42.0712 4804  WUDFRd - ok
19:08:42.0729 4804  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:08:42.0758 4804  wudfsvc - ok
19:08:42.0790 4804  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:08:42.0834 4804  WwanSvc - ok
19:08:42.0865 4804  ================ Scan global ===============================
19:08:42.0898 4804  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:08:42.0929 4804  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:42.0941 4804  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:42.0967 4804  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:08:43.0000 4804  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:08:43.0005 4804  [Global] - ok
19:08:43.0007 4804  ================ Scan MBR ==================================
19:08:43.0021 4804  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:08:43.0296 4804  \Device\Harddisk0\DR0 - ok
19:08:43.0302 4804  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:08:43.0689 4804  \Device\Harddisk1\DR1 - ok
19:08:43.0694 4804  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:08:44.0104 4804  \Device\Harddisk2\DR2 - ok
19:08:44.0105 4804  ================ Scan VBR ==================================
19:08:44.0122 4804  [ C2AC99F8C65496AF80A07451230959D7 ] \Device\Harddisk0\DR0\Partition1
19:08:44.0123 4804  \Device\Harddisk0\DR0\Partition1 - ok
19:08:44.0131 4804  [ BA0C10BCDAE9E8200BFC90393F03A9BF ] \Device\Harddisk0\DR0\Partition2
19:08:44.0132 4804  \Device\Harddisk0\DR0\Partition2 - ok
19:08:44.0154 4804  [ E431775C6483B9A027263829686DF97A ] \Device\Harddisk0\DR0\Partition3
19:08:44.0156 4804  \Device\Harddisk0\DR0\Partition3 - ok
19:08:44.0161 4804  [ DA5DEF75BB81028110FDB12E54669DC1 ] \Device\Harddisk1\DR1\Partition1
19:08:44.0165 4804  \Device\Harddisk1\DR1\Partition1 - ok
19:08:44.0169 4804  [ 192A0AEB188AE727484B2C87C1DBEA08 ] \Device\Harddisk2\DR2\Partition1
19:08:44.0170 4804  \Device\Harddisk2\DR2\Partition1 - ok
19:08:44.0172 4804  ============================================================
19:08:44.0173 4804  Scan finished
19:08:44.0173 4804  ============================================================
19:08:44.0192 5068  Detected object count: 3
19:08:44.0192 5068  Actual detected object count: 3
19:11:47.0166 5068  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:47.0166 5068  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:11:47.0168 5068  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:47.0169 5068  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:11:47.0171 5068  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:47.0171 5068  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:12:12.0921 4504  Deinitialize success
         
Böni
__________________

Alt 16.06.2013, 18:18   #4
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.06.2013, 18:56   #5
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Hiere kommt nun die Combofix-Log-Datei:



Combofix Logfile:
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-15.01 - Bernd 16.06.2013  19:27:28.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2047.878 [GMT 2:00]
ausgeführt von:: c:\users\Arbeitskonto Bernd\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-16 bis 2013-06-16  ))))))))))))))))))))))))))))))
.
.
2013-06-16 17:37 . 2013-06-16 17:37	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 17:37 . 2013-06-16 17:37	--------	d-----w-	c:\users\UpdatusUser.BERNDS-PC\AppData\Local\temp
2013-06-14 06:01 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{67DBE121-15AD-447D-8AC8-20BDEB6A7177}\mpengine.dll
2013-06-12 06:18 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 06:18 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-07 17:57 . 2013-06-07 17:57	--------	d-----w-	c:\users\Arbeitskonto Bernd\AppData\Local\Apple
2013-06-06 14:00 . 2013-06-06 14:00	--------	d-----w-	c:\users\Arbeitskonto Bernd\AppData\Local\Apple Computer
2013-06-06 14:00 . 2013-06-06 14:00	--------	d-----w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Apple Computer
2013-06-06 13:59 . 2013-06-06 13:59	--------	d-----w-	c:\program files (x86)\Safari
2013-06-06 13:58 . 2013-06-06 13:58	--------	d-----w-	c:\users\Bernd\AppData\Local\Apple
2013-06-06 13:58 . 2013-06-06 13:58	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-06-06 13:58 . 2013-06-06 13:58	--------	d-----w-	c:\programdata\Apple
2013-05-31 07:58 . 2013-05-31 07:58	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 18:42 . 2012-09-26 04:36	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 18:42 . 2012-09-26 04:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:55 . 2012-10-05 09:49	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-13 10:40 . 2013-05-13 10:40	636760	----a-w-	c:\windows\system32\drivers\klif.sys
2013-05-09 08:52 . 2013-05-09 08:52	53248	----a-r-	c:\users\Bernd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-05-09 08:52 . 2013-05-09 08:52	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-29 09:20 . 2013-04-29 09:20	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-29 09:20 . 2013-04-29 09:21	311200	----a-w-	c:\windows\system32\javaws.exe
2013-04-29 09:20 . 2013-04-29 09:20	188832	----a-w-	c:\windows\system32\javaw.exe
2013-04-29 09:20 . 2013-04-29 09:20	188320	----a-w-	c:\windows\system32\java.exe
2013-04-29 09:20 . 2012-10-04 09:25	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-29 09:20 . 2012-10-04 09:25	1092512	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-04-13 05:49 . 2013-05-16 06:43	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 06:43	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 06:43	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 06:43	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 06:43	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 06:43	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:15	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 06:43	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 06:43	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 06:42	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-03-29 19:42 . 2013-05-09 08:48	3379272	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2013-03-29 17:28 . 2013-03-29 17:28	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-29 17:27 . 2012-10-04 09:09	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-29 17:27 . 2012-10-04 09:09	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-29 16:04 . 2013-05-09 08:48	21170176	----a-w-	c:\windows\system32\RCoRes64.dat
2013-03-29 15:52 . 2013-05-09 08:48	914992	----a-w-	c:\windows\system32\SFSS_APO.dll
2013-03-27 14:57 . 2013-05-09 08:48	135240	----a-w-	c:\windows\system32\RCoInstII64.dll
2013-03-26 15:06 . 2013-05-09 08:48	2797128	----a-w-	c:\windows\system32\RtPgEx64.dll
2013-03-26 15:04 . 2013-05-09 08:47	2734624	----a-w-	c:\windows\system32\FMAPO64.dll
2013-03-26 13:40 . 2013-05-09 08:48	3693128	----a-w-	c:\windows\system32\RtkAPO64.dll
2013-03-26 12:38 . 2013-05-09 08:48	1659464	----a-w-	c:\windows\system32\RTSnMg64.cpl
2013-03-23 01:43 . 2013-05-09 08:47	208072	----a-w-	c:\windows\system32\AERTAC64.dll
2013-03-20 11:17 . 2013-05-09 08:48	9123608	----a-w-	c:\windows\system32\MaxxAudioVnA64.dll
2013-03-20 11:16 . 2013-05-09 08:47	1900312	----a-w-	c:\windows\system32\MaxxAudioRealtek264.dll
2013-03-20 11:16 . 2013-05-09 08:48	2102040	----a-w-	c:\windows\system32\WavesGUILib64.dll
2013-03-20 11:16 . 2013-05-09 08:47	910104	----a-w-	c:\windows\system32\MaxxAudioAPOShell64.dll
2013-03-19 06:04 . 2013-04-10 07:53	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-16 06:42	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-16 06:42	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-10 07:53	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 07:53	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 07:53	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 07:53	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 07:53	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12	159488	----a-w-	c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 20:24	496056	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"*ForceDelete"="c:\users\Arbeitskonto Bernd\Downloads\adwcleaner.exe" [2013-06-16 648201]
.
c:\users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 cxbu1x64;OEM USB Smart Card Reader;c:\windows\system32\DRIVERS\cxbu1x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu1x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14211975
*Deregistered* - 14211975
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 07:10	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 18:42]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 05:50]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 05:50]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003Core.job
- c:\users\Arbeitskonto Bernd\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 12:58]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003UA.job
- c:\users\Arbeitskonto Bernd\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-05-02 15:16	3932048	----a-w-	c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt_v_1_0_500.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-05-02 15:16	3932048	----a-w-	c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt_v_1_0_500.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-05-02 15:16	3932048	----a-w-	c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt_v_1_0_500.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12	192256	----a-w-	c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 20:26	566712	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-05 18:50	2157408	----a-w-	c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-05 18:50	2157408	----a-w-	c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-05 18:50	2157408	----a-w-	c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-05 18:50	2157408	----a-w-	c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-05 18:50	2157408	----a-w-	c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-04-29 14:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-09 10:51; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SSODL-EldosMountNotificator    REG_SZ    {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zo_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zo_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16  19:41:15
ComboFix-quarantined-files.txt  2013-06-16 17:41
.
Vor Suchlauf: 12 Verzeichnis(se), 103.728.500.736 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 103.326.089.216 Bytes frei
.
- - End Of File - - CDEFF20BA045AF2E0DB6AAC692267DA4
         
--- --- ---
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]

Gruß
Böni


Geändert von Böni (16.06.2013 um 19:04 Uhr)

Alt 16.06.2013, 19:04   #6
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> Sm.de und Delta-Search beim Laden von Chrome

Alt 16.06.2013, 22:01   #7
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Log des Malwarebyte-Scans

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernd :: BERNDS-PC [Administrator]

Schutz: Deaktiviert

16.06.2013 20:08:54
mbam-log-2013-06-16 (20-08-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 677251
Laufzeit: 2 Stunde(n), 38 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
G:\Downloads\agsetup183se.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hi,

nur zur Info:
Bislang laden sich noch immer beim Öffnen von Chrome beide Programme (Sm.de;Delta-search) fleißig mit auf den Schirm ....

Alt 17.06.2013, 13:54   #8
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Immer mit der Ruhe, dass kommt jetzt drann.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 15:07   #9
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Code:
ATTFilter
7-Zip 9.20 (x64 edition)	Igor Pavlov	27.09.2012	4,53MB	9.20.00.0                              (notwendig)
ABBYY FineReader 8.0 Professional Edition	ABBYY Software House	26.09.2012	250MB	8.00.1095.4743 (notwendig)
Adobe AIR	Adobe Systems Incorporated	05.04.2013		3.6.0.6090                             (notwendig)
Adobe Creative Cloud Connection	Adobe Systems Incorporated	30.04.2013	15,1MB	1.0.223.0              (notwendig)
Adobe Edge Animate	Adobe Systems Incorporated	30.04.2013	217MB	1.5                            (notwendig)
Adobe Edge Inspect	Adobe Systems Incorporated	30.04.2013	65,3MB	1.0.388                        (notwendig)
Adobe Edge Reflow Preview	Adobe Systems Incorporated	30.04.2013	54,1MB	0.12.9232              (notwendig)
Adobe Exchange Panel	Adobe Systems Incorporated	30.04.2013	45,3MB	1                              (unbekannt)
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	05.04.2013	6,00MB	10.3.183.68            (unbekannt)
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.06.2013	6,00MB	11.7.700.224           (notwendig)
Adobe Help Manager	Adobe Systems Incorporated	05.04.2013		4.0.244                        (notwendig)
Adobe Photoshop CS6	Adobe Systems Incorporated	30.04.2013	2,92GB	13.0                           (notwendig)
Adobe Reader X (10.1.7) - Deutsch	Adobe Systems Incorporated	16.05.2013	121MB	10.1.7         (notwendig)
Adobe Touch App Plugins	Adobe Systems Incorporated	30.04.2013	3,41MB	1.0                            (unbekannt)
Adobe Widget Browser	Adobe Systems Incorporated.	05.04.2013		2.0 Build 348                  (unbekannt)
Apple Software Update	Apple Inc.	06.06.2013	2,38MB	2.1.3.127                                (nicht notwendig)
Ashampoo Burning Studio 6 FREE v.6.81	Ashampoo GmbH & Co. KG	01.11.2012	34,0MB	6.8.1                  (notwendig)
Ashampoo Snap 5 v.5.1.5	Ashampoo GmbH & Co. KG	27.01.2013	43,4MB	5.1.5                                  (notwendig)
Audacity 2.0.2	Audacity Team	27.09.2012	43,5MB	2.0.2                                                  (notwendig)
Audiograbber 1.83 SE	Audiograbber	27.09.2012		1.83 SE                                  (nicht notwendig) 
Audiograbber MP3-Plugin (64 bit)	AG	27.09.2012		1.0                              (nicht notwendig)
AVM FRITZ!WLAN	AVM Berlin	04.02.2013                                                                     (notwendig)		
AVS Screen Capture version 2.0.1	Online Media Technologies Ltd.	27.09.2012                       (nicht notwendig)		
AVS Update Manager 1.0	Online Media Technologies Ltd.	27.09.2012                                       (nicht notwendig)		
AVS Video Editor 6	Online Media Technologies Ltd.	27.09.2012                                             (notwendig)		
AVS Video Recorder 2.5	Online Media Technologies Ltd.	27.09.2012		                               (notwendig)
AVS4YOU Software Navigator 1.4	Online Media Technologies Ltd.	27.09.2012	                               (notwendig)	
calibre 64bit	Kovid Goyal	12.02.2013	162MB	0.9.18                                           (nicht notwendig)
Canon Easy-PhotoPrint EX		27.09.2012		                                               (notwendig)
Canon iP4800 series Printer Driver		27.09.2012	                                               (notwendig)	
capella 7	capella software AG	15.11.2012	48,5MB	7.1.15                                         (notwendig)
capella-scan 8 Ergänzungswörterbücher	capella-software	17.04.2013	94,7MB	8.1.0                  (notwendig)
capella-scan 8.0	capella-software AG	17.04.2013	106MB	8.0.12                                 (notwendig)
CCleaner	Piriform	24.05.2013		4.02
CD-LabelPrint		27.09.2012		                                                               (notwendig)
CorelDRAW Essentials 4	Corel Corporation	04.03.2013	                                         (nicht notwendig)	
CorelDRAW Essentials 4 - Extra Content	Corel Corporation	04.03.2013		                 (nicht notwendig)
CorelDRAW Essentials 4 - Windows Shell Extension	Corel Corporation	04.03.2013	2,93MB	 (nicht notwendig)
CutePDF Writer 2.9	CutePDF.com	26.09.2012		 2.9                                           (notwendig)
Demo-capella-Vienna-orchestra 1.20		17.04.2013		                                 (nicht notwendig)
Direct MIDI to MP3 Converter Version 7.0.0.0	Piston Software	09.05.2013	14,6MB	7.0.0.0                (notwendig)
Driver Genius	Driver-Soft Inc.	09.05.2013	13,2MB	12.0                                           (notwendig)
FileZilla Client 3.7.0.1	FileZilla Project	14.05.2013	17,6MB	3.7.0.1                        (notwendig)
Finale NotePad 2012	MakeMusic	06.03.2013		2012..r1.1                                     (notwendig)
Free Notes & Office Ink	 	04.03.2013	                                                         (nicht notwendig)	 
G&D StarSign USB Token für ELSTER	Secunet Security Networks AG	11.02.2013	25,9MB	1.2.0          (notwendig)
Google Chrome	Google Inc.	17.06.2013		27.0.1453.110                                    (nicht notwendig)
GPL Ghostscript	Artifex Software Inc.	16.01.2013		9.06                                           (notwendig)
Hear & Play Song Learner Pro	Hear And Play	28.09.2012	2,17MB	                                       (notwendig)
Inkscape 0.48.4		24.01.2013		0.48.4                                                   (nicht notwendig)
Java 7 Update 17	Oracle	29.03.2013	129MB	7.0.170                                          (nicht notwendig)
Java 7 Update 21 (64-bit)	Oracle	29.04.2013	128MB	7.0.210                                  (nicht notwendig)
Kaspersky PURE 2.0	Kaspersky Lab	13.05.2013		12.0.2.733                                     (notwendig)
LAME v3.99.3 (for Windows)		21.10.2012	1,52MB	                                               (notwendig)
Logitech SetPoint 6.52	Logitech	09.05.2013	39,0MB	6.52.74                                  (nicht notwendig)
Macromedia Dreamweaver MX 2004	Macromedia	26.09.2012		7.0                                    (notwendig)
Macromedia Extension Manager	Macromedia	26.09.2012		1.5                              (nicht notwendig)
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	16.06.2013	19,2MB	1.75.0.1300
MatheAss 8.2	MatheAss	27.09.2012	5,91MB	                                                       (notwendig)
Mein CEWE FOTOBUCH	CEWE COLOR AG u Co. OHG	08.12.2012	266MB	5.0.1                                  (notwendig)
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.09.2012	38,8MB	4.0.30319      (unbekannt)
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.09.2012	2,93MB	4.0.30319(unbekannt)
Microsoft .NET Framework 4 Extended	Microsoft Corporation	17.05.2013	51,9MB	4.0.30319              (unbekannt)
Microsoft Office Home and Student 2010	Microsoft Corporation	15.04.2013		14.0.6029.1000         (unbekannt)
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.09.2012	300KB	8.0.61001      (unbekannt)
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	31.01.2013	572KB	8.0.61000      (unbekannt)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	31.01.2013	240KB	9.0.30729.4148(unbekannt)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	26.09.2012	788KB	9.0.30729.6161(unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	08.12.2012	234KB	9.0.30729(unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	28.10.2012	240KB	9.0.30729(unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	18.01.2013	228KB	9.0.30729.4148(unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	26.09.2012	600KB	9.0.30729.6161(unbekannt)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	01.02.2013	13,8MB	10.0.40219(unbekannt)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	19.01.2013	15,0MB	10.0.40219(unbekannt)
MIDI4all	Webdesign-Forum.de	27.09.2012		MIDI4all 1.5                             (nicht notwendig)
Mozilla Firefox 21.0 (x86 de)	Mozilla	31.05.2013	44,9MB	21.0                                           (notwendig)
Mozilla Maintenance Service	Mozilla	31.05.2013	333KB	21.0                                           (unbekannt)
Mozilla Thunderbird 17.0.5 (x86 de)	Mozilla	05.04.2013	41,9MB	17.0.5                                 (notwendig)
NAVIGON Fresh 3.4.1	NAVIGON	28.10.2012		3.4.1                                                  (notwendig)
Notepad++	Notepad++ Team	15.05.2013		6.3.3                                                  (notwendig)
NVIDIA Display Control Panel	NVIDIA Corporation	13.06.2013	135MB	6.14.11.9713                   (notwendig)
NVIDIA Drivers	NVIDIA Corporation	13.06.2013	67,0MB	1.10.62.40                                     (notwendig)
NVIDIA ForceWare Network Access Manager	NVIDIA Corporation	13.06.2013		1.00.7325.0            (unbekannt)
NVIDIA Grafiktreiber 307.83	NVIDIA Corporation	05.04.2013		307.83                         (notwendig)
NVIDIA MediaShield	NVIDIA Corporation	13.06.2013		11.1.0.43                              (unbekannt)
NVIDIA Update 1.10.8	NVIDIA Corporation	05.04.2013		1.10.8                                 (notwendig)
OpenOffice.org 3.4.1	Apache Software Foundation	26.09.2012	331MB	3.41.9593                      (notwendig)
PDF-Viewer	Tracker Software Products Ltd	05.04.2013	54,9MB	2.5.210.0                              (notwendig)
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.05.2013		6.0.1.6873(nicht notwendig)
Safari	Apple Inc.	06.06.2013	104MB	5.34.57.2                                                (nicht notwendig)
Secunia PSI (3.0.0.6005)	Secunia	05.04.2013	5,92MB	3.0.0.6005                               (nicht notwendig)
SugarSync	SugarSync, Inc.	16.06.2013		2.0.24.113934                                    (nicht notwendig)
Tablet Driver With Macrokey Manager		04.03.2013		4.13                                   (notwendig)
Ulead PhotoImpact 11	Ulead System	26.09.2012		11.0                                           (notwendig)
USB CCID Smartcard Reader - Version 1.2.1.2	USB CCID	11.02.2013	128KB	3.0.0.1                (notwendig)
VLC media player 2.0.6	VideoLAN	29.04.2013		2.0.6                                          (notwendig)
Winamp	Nullsoft, Inc	17.01.2013		5.63                                                           (notwendig)
Winamp Erkennungs-Plug-in	Nullsoft, Inc	17.01.2013	75,0KB	1.0.0.1                                (unbekannt)
         

Alt 18.06.2013, 15:30   #10
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



bdeinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Audiograbber : alle
calibre
Corel: alle
Demo

Free Notes
Google Chrome
Inkscape
Java 7 Update 17
MIDI4all
Safari
SugarSync

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.06.2013, 16:36   #11
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 18/06/2013 um 17:23:49 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Bernd - BERNDS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Arbeitskonto Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\9xvjz5ff.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [15204 octets] - [16/06/2013 14:18:50]
AdwCleaner[S3].txt - [936 octets] - [18/06/2013 17:23:49]

########## EOF - \AdwCleaner[S3].txt - [995 octets] ##########
         
--- --- ---


Wegen Löschens von Sugar Sync meckert er mich nun beim Neustart an, er könne irgendwas nicht finden und ich solle Quit drücken. Naja wird sich regeln lassen ...

Alt 18.06.2013, 17:10   #12
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



was ist irgendwas genau...?
HitmanPro - Download - Filepony

Lade bitte Hitmanpro, klicke auf Scan, nichts löschen.
Klicke weiter.
Log speichern und posten, bzw als xml exportieren, packen und anhängen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.06.2013, 18:12   #13
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : BERNDS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : BERNDS-PC\Bernd
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-18 18:59:42
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 48

   Objects scanned . . . : 1.675.753
   Files scanned . . . . : 33.354
   Remnants scanned  . . : 573.240 files / 1.069.159 keys

Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3566009820-3197285289-3489268995-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro)
   HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS\ (Claro)
   HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Wajam\ (Claro)
         
Irgendwas sieht so aus:
Angehängte Grafiken
Dateityp: png Ashampoo_Snap_2013.06.18_18h55m58s_001_.png (41,0 KB, 124x aufgerufen)

Alt 18.06.2013, 18:31   #14
markusg
/// Malware-holic
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



als text posten bitte.
hitmanpro funde löschen lassen.
CCleaner öffnen, extras, autostartliste, windows, als txt speichern und posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.06.2013, 22:30   #15
Böni
 
Sm.de und Delta-Search beim Laden von Chrome - Standard

Sm.de und Delta-Search beim Laden von Chrome



Text der Fehlermeldung: " The application resources could not be reloaded and the application must quit. Please try relaunching the application."

Wie soll ich die Hitmanpro Funde löschen lassen? Da ist kein Befehl nach dem Scan.

CCleaner Txt-Datei wie beschrieben:
Code:
ATTFilter
Ja	HKCU:Run	AshSnap		C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
Ja	HKCU:Run	Sidebar	Microsoft Corporation	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Nein	HKCU:Run	SolidCapture		C:\Program Files (x86)\SolidDocuments\SolidCapture\solidcapture.exe
Ja	HKCU:Run	SugarSync	SugarSync, Inc.	"C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
Ja	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja	HKLM:Run	AdobeAAMUpdater-1.0	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Ja	HKLM:Run	AdobeCS6ServiceManager	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Ja	HKLM:Run	AVMWlanClient	AVM Berlin	C:\Program Files (x86)\avmwlanstick\wlangui.exe
Ja	HKLM:Run	AVP	Kaspersky Lab ZAO	"C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
Ja	HKLM:Run	EvtMgr6	Logitech, Inc.	C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
Nein	HKLM:Run	Logitech Download Assistant	Microsoft Corporation	C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Nein	HKLM:Run	MacrokeyManager		WTMKM.exe
Ja	HKLM:Run	NVRaidService		C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
Ja	HKLM:Run	RTHDVCPL	Realtek Semiconductor	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Nein	HKLM:Run	Ulead AutoDetector v2	Ulead Systems, Inc.	C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
Nein	HKLM:Run	WinampAgent	Nullsoft, Inc.	"C:\Program Files (x86)\Winamp\winampa.exe"
Ja	HKLM:RunOnce	*ForceDelete		C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe /forcedelete
Ja	HKLM:RunOnce	*WerKernelReporting	Microsoft Corporation	%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
Ja	HKLM:RunOnce	GrpConv		grpconv -o
Ja	HKLM:RunOnce	 Malwarebytes Anti-Malware 	Malwarebytes Corporation	C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Ja	HKLM:RunOnce	 Malwarebytes Anti-Malware  (cleanup)	Microsoft Corporation	rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Nein	Startup Common	Secunia PSI Tray.lnk	Secunia	C:\PROGRA~2\Secunia\PSI\psi_tray.exe 
Ja	Startup User	OpenOffice.org 3.4.1.lnk		C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
         

Antwort

Themen zu Sm.de und Delta-Search beim Laden von Chrome
7-zip, acrobat update, application/pdf:, audiograbber, beseitigung, bho, cloud, delta-search, desktop, driver genius, error, firefox, flash player, format, helper, install.exe, installation, kaspersky, logfile, mozilla, msiinstaller, ntdll.dll, problem, prozessor, realtek, registry, rundll, scan, secunia psi, security, senden, sm.de, stick, svchost.exe, tastatur, tracker, trojaner, windows



Ähnliche Themen: Sm.de und Delta-Search beim Laden von Chrome


  1. Win 7: beim Start kommt eine Fehlermeldung: Regsvr32 Fehler beim laden des Moduls
    Alles rund um Windows - 11.06.2014 (1)
  2. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  3. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  4. Delta-Homes bzw. QV06 in IE, FF und Chrome
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (9)
  5. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  6. Delta Search entfernen nicht möglich. Windows 7, google chrome
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (3)
  7. Delta Search verändert Suchmaschine in Chrome
    Log-Analyse und Auswertung - 11.08.2013 (15)
  8. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  9. Delta-Search
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (10)
  10. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Delta Search in Chrome geht nicht mehr weg und Avira meldete 8 Funde
    Log-Analyse und Auswertung - 13.04.2013 (15)
  12. delta search
    Log-Analyse und Auswertung - 01.04.2013 (9)
  13. 3 Mal Formatiert immernoch Delta-Search im Chrome...
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (16)
  14. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  15. delta-search Startseite in Google Chrome und Firefox
    Log-Analyse und Auswertung - 26.02.2013 (4)
  16. yhs.delta-search Startseite in Google Chrome und Programm Spyhunter 4 entfernen
    Log-Analyse und Auswertung - 19.02.2013 (24)
  17. Fehlermeldung beim Starten von Windows Vista PC "Fehler beim Laden von C.\User\***\sshas21.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (13)

Zum Thema Sm.de und Delta-Search beim Laden von Chrome - Hallo liebe Trojaner, nachdem ich einen Artikel über die Beseitigung von delta-search durchgearbeitet hatte, wende ich mich nun doch an euch, da ich das Problem leider nicht alleine beseitigen konnte. - Sm.de und Delta-Search beim Laden von Chrome...
Archiv
Du betrachtest: Sm.de und Delta-Search beim Laden von Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.