Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.06.2013, 10:08   #1
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Hallo,

seit Kurzem tauchen bei mir in Firefox auf den meisten Seiten große Werbebanner am linken und/oder unteren Rand auf. Klickt man hier auf einen Button, gelangt man auf eine Seite, auf der beschrieben wird, um was es sich hierbei handelt: angeblich personalisierte Werbung namens "Topic Torch" oder "iReview". Diese soll man auch beseitigen können, indem man ein Programm namens Yontoo über die Systemsteuerung deinstalliert. Beim Versuch erscheint aber immer der Fehler "Setup initialization error".

Hier also mal meine OTL- und Gmer-Logs. Seltsam hierbei: Ich kann seit neustem scheinbar nichts mehr auf dem Desktop speichern, weil "geschützt" oder ähnliches.

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.06.2013 11:23:24 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Freddy\Desktop\V-Scanner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,24 Gb Available Physical Memory | 11,82% Memory free
4,22 Gb Paging File | 1,56 Gb Available in Paging File | 37,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 14,14 Gb Free Space | 18,97% Space Free | Partition Type: NTFS
Drive D: | 644,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 73,06 Gb Total Space | 55,69 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.18 11:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Freddy\Desktop\V-Scanner\OTL.exe
PRC - [2013.06.12 01:02:49 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.24 04:58:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.05.21 17:17:01 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013.05.21 17:17:01 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013.05.16 19:10:55 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.01 06:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Freddy\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.05.01 06:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.04.04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013.03.28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013.03.18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013.02.19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2012.10.04 11:56:36 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.09.10 15:05:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.03.30 15:57:57 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.4\ICQ.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.07.10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007.07.06 11:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.04.24 16:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.03.22 17:09:28 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.17 10:38:14 | 000,013,600 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013.06.12 01:02:46 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.24 04:58:18 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.05.21 17:17:02 | 000,158,384 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013.05.15 22:42:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.05.15 22:41:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013.01.11 10:47:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.11 10:45:12 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.11 10:42:20 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 10:42:01 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.10.05 12:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011.12.27 04:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 06:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009.03.30 06:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009.03.30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\Freddy\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2013.06.12 01:02:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 04:58:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.21 17:17:01 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.09.10 15:05:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Freddy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.05.21 17:17:02 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.04.30 01:50:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.03.29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.03.21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.08 22:00:16 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.04.11 07:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008.05.27 11:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.05.27 11:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.05.27 11:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.05.27 11:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.05.27 11:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.27 11:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.05.27 11:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.10.25 18:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.07.13 16:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.06.18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 92 20 C5 A6 F5 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A8EE4762-FCD9-4514-9A7E-BA061892B70B}&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&lang=de&ds=AVG&pr=fr&d=2012-10-19 18:16:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A3E61A4B-FA03-4F1A-B8A1-EA2C2022E5FE}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.21 17:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.04 11:57:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.20 15:15:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BC8B309B-75FF-401C-A4D3-3E779FD88379}: C:\Users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
 
[2008.09.02 09:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Extensions
[2013.05.29 11:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions
[2010.01.23 01:05:56 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2013.05.29 11:49:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.31 18:20:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\eafo3fflauncher@ea.com
[2013.05.15 16:38:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\plugin@yontoo.com
[2013.05.09 00:04:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.15 14:31:43 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013.05.24 04:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.24 04:58:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.21 17:17:58 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.2.0.5
[2009.06.24 13:51:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.10.04 11:56:54 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013.05.21 17:18:02 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
 
O1 HOSTS File: ([2012.11.06 18:26:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Freddy\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB99B38-9040-4AD3-A534-6A04B83AE8CD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000.08.30 22:09:30 | 000,024,576 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.05.29 01:50:20 | 000,000,074 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.17 11:39:25 | 000,000,000 | R--D | C] -- C:\Users\Freddy\Desktop\V-Scanner
[2013.06.11 11:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.06.06 23:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.06 23:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.04 16:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.06.03 17:54:18 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2013.05.30 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.29 01:47:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Contacts
[2013.05.29 01:32:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Documents\Sony Ericsson
[2013.05.29 01:12:47 | 000,000,000 | ---D | C] -- C:\Users\Freddy\AppData\Local\Sony Ericsson
[2013.05.24 04:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.18 11:02:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.18 11:02:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.18 10:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.17 23:57:32 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.17 23:57:32 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.17 21:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.17 11:31:40 | 000,000,156 | ---- | M] () -- C:\Users\Freddy\defogger_reenable
[2013.06.17 10:35:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.06.11 11:13:24 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.10 23:47:53 | 000,175,104 | ---- | M] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.06 23:28:31 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 16:36:41 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.03 19:16:08 | 000,000,957 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.03 19:15:34 | 000,000,927 | ---- | M] () -- C:\Users\Freddy\Desktop\Dropbox.lnk
[2013.06.03 17:37:43 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.03 17:37:43 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.03 17:37:43 | 000,131,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.03 17:37:43 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.30 21:54:53 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.21 17:17:02 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.06 23:28:31 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 16:36:41 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.03 19:09:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.05.30 21:54:53 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.04.30 02:26:03 | 000,000,087 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.30 00:13:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.28 17:21:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.28 17:21:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.28 17:21:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.28 17:21:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.28 17:21:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.24 17:54:29 | 000,000,156 | ---- | C] () -- C:\Users\Freddy\defogger_reenable
[2011.11.11 04:04:47 | 000,000,094 | ---- | C] () -- C:\Users\Freddy\AppData\Local\fusioncache.dat
[2011.10.12 03:20:55 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.23 20:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat
[2011.04.23 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin
[2010.11.26 11:09:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.31 18:22:50 | 000,139,152 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\PnkBstrK.sys
[2010.03.11 21:15:39 | 000,017,408 | ---- | C] () -- C:\Users\Freddy\AppData\Local\WebpageIcons.db
[2010.02.28 18:29:30 | 000,000,600 | ---- | C] () -- C:\Users\Freddy\PUTTY.RND
[2010.01.23 03:48:05 | 000,008,026 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\.civclientrc
[2009.11.23 14:03:32 | 000,001,356 | ---- | C] () -- C:\Users\Freddy\AppData\Local\d3d9caps.dat
[2009.02.10 22:33:53 | 000,000,016 | ---- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.01.05 19:51:14 | 000,175,104 | ---- | C] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\mxfilerelatedcache.mxc2
[2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Local\mxfilerelatedcache.mxc2
[2007.11.15 19:33:48 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\mxfilerelatedcache.mxc2
[2007.11.01 17:45:16 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\persistent_state
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.26 03:29:33 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\.freeciv
[2010.11.26 09:24:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Amazon
[2012.12.20 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\APP_NAME_NON_STRING
[2011.03.28 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Ashampoo
[2012.10.19 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\AVG2013
[2013.06.17 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DAEMON Tools Lite
[2013.06.17 10:39:15 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Dropbox
[2011.01.20 18:19:17 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.26 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\ICQ
[2008.05.06 02:18:25 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\IT-Sevice Christian Hau
[2012.01.10 17:31:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Juniper Networks
[2012.12.20 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\PDF Architect
[2012.12.20 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\pdfforge
[2008.04.23 02:15:18 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\PTC
[2013.04.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\ScummVM
[2008.05.06 01:35:34 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\SmartDraw
[2009.06.26 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Sony
[2008.03.10 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Toshiba
[2012.10.19 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\TuneUp Software
[2013.06.17 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


GMER.txt:
Hier habe ich ein Problem. Das Textfile ist unglaublich lang (der Scan allein hat über 9 Stunden gedauert, ich vermute mal das ist ungewöhnlich?). Scheinbar auch zu lang, um es hier einfach im Text zu posten. Deswegen hänge ich es mal an.

Ein Extras.txt wurde bei OTL nicht ausgegeben, habe ich dort etwas falsch gemacht?

Vielen Dank schonmal für Eure Hilfe und viele Grüße
Freddy

Geändert von Ajin (19.06.2013 um 10:14 Uhr) Grund: GMER-Log zu groß

Alt 19.06.2013, 10:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.06.2013, 10:49   #3
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Hallo,

ich hatte ja eigentlich noch angekündigt, den Gmer-Scan anzuhängen. Der ist aber tatsächlich 17,7MB groß. Also wohl auch als Anhang zu groß.

Von Malwarebytes habe ich noch 7 Logdateien, 5 davon aus 2012, eine aus 2010, eine aus 2009. Soll ich die alle posten? Und falls ja, als Anhang oder direkt hier in den Thread?

Die Ergebnisse meines Virenscanners (AVG) reichen bis Oktober 2012 zurück, darunter 4 Scans mit Funden, der letzte vom 22.05.2013. Habe allerdings noch keine Möglichkeit gefunden, die in Textform zu exportieren. Soll ich die Funde dann einfach per Hand in den Thread übertragen?

Viele Grüße
Freddy

Edit: Habe gerade in einem Ordner names _OTL noch eine Art Log-File entdeckt, aus dem Februar 2012. Ist die auch relevant?
__________________

Geändert von Ajin (19.06.2013 um 10:58 Uhr) Grund: Noch eine Logfile entdeckt

Alt 19.06.2013, 11:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Eigentlich sind die älteren Log irrelevant. Aber du kannst ja einfachmal alles posten was du da hast
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2013, 12:22   #5
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Die Logs sind im Anhang.

Hier noch die Funde von AVG:

22.05.2013:
Code:
ATTFilter
Adware: Generic5.ZUV, C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll";"Gesichert"
         
04.03.2013:
Code:
ATTFilter
Virus gefunden: Script/PDF.Exploit, C:\Users\Freddy\AppData\Local\Mozilla\Firefox\Profiles\grohfmrs.default\Cache\3\33\6FF25d01";"Gesichert"
         
13.02.2013:
Code:
ATTFilter
Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S0HLU7J2\install_flashplayer11x32au_gtba_chra_dy_aih[1].exe";"Gesichert"

Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQ7WEQ2B\install_flashplayer11x32au_gtba_chra_dy_aih[1].exe";"Gesichert"
         
30.12.2012:
Code:
ATTFilter
Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\temp\SCC.dll";"Gesichert"

Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMFP02W8\SCC[1].dll";"Gesichert"

Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMO6KZL\SCC[1].dll";"Gesichert"
         
Das ist dann soweit alles, was ich noch gefunden habe.

Angehängte Dateien
Dateityp: txt mbam-log-2009-03-28 (09-19-05).txt (1.008 Bytes, 143x aufgerufen)
Dateityp: txt mbam-log-2010-11-24 (07-50-50).txt (1,1 KB, 141x aufgerufen)
Dateityp: txt mbam-log-2012-02-25 (16-15-18).txt (3,6 KB, 126x aufgerufen)
Dateityp: txt mbam-log-2012-02-26 (19-16-44).txt (2,2 KB, 134x aufgerufen)
Dateityp: txt mbam-log-2012-02-27 (00-05-18).txt (2,2 KB, 136x aufgerufen)
Dateityp: txt mbam-log-2012-03-01 (20-04-11).txt (2,1 KB, 134x aufgerufen)
Dateityp: txt mbam-log-2012-07-18 (22-13-15).txt (2,2 KB, 135x aufgerufen)
Dateityp: log 02272012_235541.log (50,3 KB, 133x aufgerufen)

Alt 19.06.2013, 12:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox

Alt 19.06.2013, 14:17   #7
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



So, die mbar-log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Freddy :: HOME-PC [administrator]

19.06.2013 13:52:18
mbar-log-2013-06-19 (13-52-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 214863
Time elapsed: 30 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 14:35:39
-----------------------------
14:35:39.130    OS Version: Windows 6.0.6002 Service Pack 2
14:35:39.130    Number of processors: 2 586 0xF0D
14:35:39.130    ComputerName: HOME-PC  UserName: Freddy
14:35:41.345    Initialize success
14:35:45.261    AVAST engine download error: 0
14:35:55.541    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:35:55.557    Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3
14:35:55.728    Disk 0 MBR read successfully
14:35:55.744    Disk 0 MBR scan
14:35:55.744    Disk 0 Windows VISTA default MBR code
14:35:55.760    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
14:35:55.791    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76313 MB offset 3074048
14:35:55.806    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        74812 MB offset 159363072
14:35:55.822    Disk 0 scanning sectors +312578048
14:35:56.104    Disk 0 scanning C:\Windows\system32\drivers
14:36:09.960    Service scanning
14:36:38.134    Modules scanning
14:37:02.504    Disk 0 trace - called modules:
14:37:03.050    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
14:37:03.066    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b671f8]
14:37:03.082    3 CLASSPNP.SYS[8890f8b3] -> nt!IofCallDriver -> [0x8582b798]
14:37:03.097    5 acpi.sys[806a66bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85815030]
14:37:03.113    Scan finished successfully
14:54:10.442    Disk 0 MBR has been saved successfully to "C:\Users\Freddy\Desktop\MBR.dat"
14:54:10.458    The log file has been saved successfully to "C:\Users\Freddy\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
15:03:23.0052 5300  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:03:23.0443 5300  ============================================================
15:03:23.0443 5300  Current date / time: 2013/06/19 15:03:23.0443
15:03:23.0443 5300  SystemInfo:
15:03:23.0443 5300  
15:03:23.0443 5300  OS Version: 6.0.6002 ServicePack: 2.0
15:03:23.0443 5300  Product type: Workstation
15:03:23.0443 5300  ComputerName: HOME-PC
15:03:23.0443 5300  UserName: Freddy
15:03:23.0443 5300  Windows directory: C:\Windows
15:03:23.0443 5300  System windows directory: C:\Windows
15:03:23.0443 5300  Processor architecture: Intel x86
15:03:23.0443 5300  Number of processors: 2
15:03:23.0443 5300  Page size: 0x1000
15:03:23.0443 5300  Boot type: Normal boot
15:03:23.0443 5300  ============================================================
15:03:24.0599 5300  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x209CD, SectorsPerTrack: 0x1A, TracksPerCylinder: 0x5A, Type 'K0', Flags 0x00000050
15:03:24.0630 5300  ============================================================
15:03:24.0630 5300  \Device\Harddisk0\DR0:
15:03:24.0630 5300  MBR partitions:
15:03:24.0630 5300  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x950C800
15:03:24.0630 5300  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x97FB000, BlocksNum 0x921E000
15:03:24.0630 5300  ============================================================
15:03:24.0661 5300  C: <-> \Device\Harddisk0\DR0\Partition1
15:03:24.0755 5300  E: <-> \Device\Harddisk0\DR0\Partition2
15:03:24.0771 5300  ============================================================
15:03:24.0771 5300  Initialize success
15:03:24.0771 5300  ============================================================
15:03:56.0690 4620  ============================================================
15:03:56.0690 4620  Scan started
15:03:56.0690 4620  Mode: Manual; SigCheck; TDLFS; 
15:03:56.0690 4620  ============================================================
15:03:57.0330 4620  ================ Scan system memory ========================
15:03:57.0330 4620  System memory - ok
15:03:57.0330 4620  ================ Scan services =============================
15:03:57.0486 4620  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:03:57.0782 4620  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
15:03:57.0782 4620  !SASCORE - detected UnsignedFile.Multi.Generic (1)
15:03:58.0141 4620  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:03:58.0188 4620  ACPI - ok
15:03:58.0313 4620  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:58.0344 4620  AdobeARMservice - ok
15:03:58.0547 4620  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:58.0593 4620  AdobeFlashPlayerUpdateSvc - ok
15:03:58.0656 4620  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:03:58.0718 4620  adp94xx - ok
15:03:58.0749 4620  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:03:58.0796 4620  adpahci - ok
15:03:58.0827 4620  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:03:58.0859 4620  adpu160m - ok
15:03:58.0890 4620  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:03:58.0921 4620  adpu320 - ok
15:03:58.0983 4620  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:03:59.0155 4620  AeLookupSvc - ok
15:03:59.0233 4620  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:03:59.0327 4620  AFD - ok
15:03:59.0389 4620  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:03:59.0483 4620  AgereModemAudio - ok
15:03:59.0623 4620  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
15:03:59.0732 4620  AgereSoftModem - ok
15:03:59.0779 4620  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:03:59.0810 4620  agp440 - ok
15:03:59.0857 4620  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:03:59.0888 4620  aic78xx - ok
15:03:59.0935 4620  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:04:00.0122 4620  ALG - ok
15:04:00.0138 4620  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:04:00.0169 4620  aliide - ok
15:04:00.0216 4620  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:04:00.0247 4620  amdagp - ok
15:04:00.0294 4620  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
15:04:00.0325 4620  amdide - ok
15:04:00.0356 4620  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:04:00.0621 4620  AmdK7 - ok
15:04:00.0699 4620  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:04:00.0840 4620  AmdK8 - ok
15:04:00.0902 4620  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:04:00.0996 4620  Appinfo - ok
15:04:01.0089 4620  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:04:01.0136 4620  Apple Mobile Device - ok
15:04:01.0199 4620  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
15:04:01.0230 4620  arc - ok
15:04:01.0277 4620  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:04:01.0308 4620  arcsas - ok
15:04:01.0401 4620  [ 66597AD6098352D11239C0C42100B176 ] ASLDRService    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
15:04:01.0433 4620  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
15:04:01.0433 4620  ASLDRService - detected UnsignedFile.Multi.Generic (1)
15:04:01.0573 4620  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:04:01.0604 4620  aspnet_state - ok
15:04:01.0667 4620  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:04:01.0760 4620  AsyncMac - ok
15:04:01.0823 4620  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:04:01.0854 4620  atapi - ok
15:04:01.0932 4620  [ B0C272DEF210B149C0BFA0D85600CE4B ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:04:02.0057 4620  athr - ok
15:04:02.0119 4620  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:04:02.0197 4620  AudioEndpointBuilder - ok
15:04:02.0213 4620  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:04:02.0275 4620  Audiosrv - ok
15:04:02.0322 4620  AVG Security Toolbar Service - ok
15:04:03.0149 4620  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
15:04:03.0476 4620  AVGIDSAgent - ok
15:04:03.0554 4620  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:04:04.0148 4620  AVGIDSDriver - ok
15:04:04.0226 4620  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
15:04:04.0257 4620  AVGIDSHX - ok
15:04:04.0335 4620  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:04:04.0366 4620  AVGIDSShim - ok
15:04:04.0413 4620  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
15:04:04.0444 4620  Avgldx86 - ok
15:04:04.0491 4620  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
15:04:04.0538 4620  Avglogx - ok
15:04:04.0585 4620  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
15:04:04.0616 4620  Avgmfx86 - ok
15:04:04.0678 4620  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
15:04:04.0710 4620  Avgrkx86 - ok
15:04:04.0803 4620  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
15:04:04.0834 4620  Avgtdix - ok
15:04:04.0881 4620  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
15:04:04.0912 4620  avgtp - ok
15:04:05.0115 4620  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
15:04:05.0162 4620  avgwd - ok
15:04:05.0224 4620  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:04:05.0302 4620  Beep - ok
15:04:05.0412 4620  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:04:05.0505 4620  BFE - ok
15:04:05.0677 4620  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
15:04:05.0802 4620  BITS - ok
15:04:05.0802 4620  blbdrive - ok
15:04:05.0911 4620  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:04:05.0958 4620  Bonjour Service - ok
15:04:05.0989 4620  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:04:06.0067 4620  bowser - ok
15:04:06.0114 4620  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:04:06.0207 4620  BrFiltLo - ok
15:04:06.0238 4620  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:04:06.0301 4620  BrFiltUp - ok
15:04:06.0426 4620  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:04:06.0519 4620  Browser - ok
15:04:06.0582 4620  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:04:06.0706 4620  Brserid - ok
15:04:06.0722 4620  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:04:06.0862 4620  BrSerWdm - ok
15:04:06.0956 4620  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:04:07.0096 4620  BrUsbMdm - ok
15:04:07.0112 4620  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:04:07.0252 4620  BrUsbSer - ok
15:04:07.0299 4620  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:04:07.0440 4620  BTHMODEM - ok
15:04:07.0627 4620  catchme - ok
15:04:07.0689 4620  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:04:07.0767 4620  cdfs - ok
15:04:07.0830 4620  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:04:07.0908 4620  cdrom - ok
15:04:07.0970 4620  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:04:08.0048 4620  CertPropSvc - ok
15:04:08.0126 4620  [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:04:08.0188 4620  CFSvcs ( UnsignedFile.Multi.Generic ) - warning
15:04:08.0188 4620  CFSvcs - detected UnsignedFile.Multi.Generic (1)
15:04:08.0235 4620  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:04:08.0344 4620  circlass - ok
15:04:08.0469 4620  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:04:08.0516 4620  CLFS - ok
15:04:08.0578 4620  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:08.0625 4620  clr_optimization_v2.0.50727_32 - ok
15:04:08.0734 4620  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:04:08.0751 4620  clr_optimization_v4.0.30319_32 - ok
15:04:08.0829 4620  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:04:08.0938 4620  CmBatt - ok
15:04:08.0985 4620  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:04:09.0016 4620  cmdide - ok
15:04:09.0079 4620  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:04:09.0110 4620  Compbatt - ok
15:04:09.0125 4620  COMSysApp - ok
15:04:09.0157 4620  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:04:09.0203 4620  crcdisk - ok
15:04:09.0250 4620  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:04:09.0391 4620  Crusoe - ok
15:04:09.0469 4620  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:04:09.0547 4620  CryptSvc - ok
15:04:09.0593 4620  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
15:04:09.0656 4620  CVirtA - ok
15:04:09.0859 4620  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:04:09.0968 4620  DcomLaunch - ok
15:04:09.0999 4620  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:04:10.0077 4620  DfsC - ok
15:04:10.0436 4620  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:04:10.0623 4620  DFSR - ok
15:04:10.0701 4620  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:04:10.0779 4620  Dhcp - ok
15:04:10.0841 4620  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:04:10.0873 4620  disk - ok
15:04:10.0935 4620  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:04:11.0029 4620  Dnscache - ok
15:04:11.0075 4620  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:04:11.0169 4620  dot3svc - ok
15:04:11.0231 4620  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:04:11.0309 4620  DPS - ok
15:04:11.0372 4620  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:04:11.0434 4620  drmkaud - ok
15:04:11.0497 4620  [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:04:11.0543 4620  dsNcAdpt - ok
15:04:11.0668 4620  [ 60AE3D932BC594FF9CDC91F7CD2C2015 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
15:04:11.0731 4620  dsNcService - ok
15:04:11.0824 4620  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:04:11.0855 4620  dtsoftbus01 - ok
15:04:12.0089 4620  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:04:12.0152 4620  DXGKrnl - ok
15:04:12.0199 4620  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:04:12.0323 4620  E1G60 - ok
15:04:12.0386 4620  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:04:12.0464 4620  EapHost - ok
15:04:12.0542 4620  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:04:12.0589 4620  Ecache - ok
15:04:12.0698 4620  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:04:12.0760 4620  ehRecvr - ok
15:04:12.0791 4620  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:04:12.0869 4620  ehSched - ok
15:04:12.0885 4620  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:04:12.0916 4620  ehstart - ok
15:04:12.0979 4620  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:04:13.0025 4620  elxstor - ok
15:04:13.0103 4620  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:04:13.0228 4620  EMDMgmt - ok
15:04:13.0275 4620  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:04:13.0353 4620  EventSystem - ok
15:04:13.0415 4620  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:04:13.0493 4620  exfat - ok
15:04:13.0556 4620  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:04:13.0634 4620  fastfat - ok
15:04:13.0696 4620  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:04:13.0822 4620  fdc - ok
15:04:13.0931 4620  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:04:13.0994 4620  fdPHost - ok
15:04:14.0040 4620  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:04:14.0181 4620  FDResPub - ok
15:04:14.0322 4620  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:04:14.0369 4620  FileInfo - ok
15:04:14.0525 4620  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:04:14.0634 4620  Filetrace - ok
15:04:14.0697 4620  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:04:14.0821 4620  flpydisk - ok
15:04:14.0915 4620  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:04:14.0962 4620  FltMgr - ok
15:04:15.0087 4620  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
15:04:15.0196 4620  FontCache - ok
15:04:15.0383 4620  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:04:15.0414 4620  FontCache3.0.0.0 - ok
15:04:15.0477 4620  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:04:15.0555 4620  Fs_Rec - ok
15:04:15.0586 4620  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:04:15.0617 4620  gagp30kx - ok
15:04:15.0679 4620  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:04:15.0711 4620  GEARAspiWDM - ok
15:04:15.0867 4620  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:04:15.0976 4620  gpsvc - ok
15:04:16.0085 4620  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:04:16.0116 4620  gupdate - ok
15:04:16.0163 4620  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:04:16.0194 4620  gupdatem - ok
15:04:16.0272 4620  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:04:16.0303 4620  gusvc - ok
15:04:16.0381 4620  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:04:16.0522 4620  HdAudAddService - ok
15:04:16.0818 4620  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:04:16.0927 4620  HDAudBus - ok
15:04:16.0974 4620  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:04:17.0099 4620  HidBth - ok
15:04:17.0146 4620  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:04:17.0333 4620  HidIr - ok
15:04:17.0536 4620  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
15:04:17.0629 4620  hidserv - ok
15:04:17.0661 4620  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:04:17.0739 4620  HidUsb - ok
15:04:17.0801 4620  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:04:17.0895 4620  hkmsvc - ok
15:04:18.0066 4620  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:04:18.0097 4620  HpCISSs - ok
15:04:18.0238 4620  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:04:18.0332 4620  HTTP - ok
15:04:18.0348 4620  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:04:18.0379 4620  i2omp - ok
15:04:18.0442 4620  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:04:18.0520 4620  i8042prt - ok
15:04:18.0582 4620  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:04:18.0613 4620  iaStor - ok
15:04:18.0816 4620  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:04:18.0864 4620  iaStorV - ok
15:04:18.0973 4620  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:04:19.0051 4620  idsvc - ok
15:04:19.0301 4620  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:04:19.0550 4620  igfx - ok
15:04:19.0581 4620  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:04:19.0628 4620  iirsp - ok
15:04:19.0800 4620  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:04:19.0971 4620  IKEEXT - ok
15:04:20.0642 4620  [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:04:20.0829 4620  IntcAzAudAddService - ok
15:04:20.0892 4620  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:04:20.0923 4620  intelide - ok
15:04:20.0970 4620  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:04:21.0063 4620  intelppm - ok
15:04:21.0126 4620  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:04:21.0219 4620  IPBusEnum - ok
15:04:21.0266 4620  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:21.0329 4620  IpFilterDriver - ok
15:04:21.0453 4620  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:04:21.0531 4620  iphlpsvc - ok
15:04:21.0531 4620  IpInIp - ok
15:04:21.0578 4620  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:04:21.0719 4620  IPMIDRV - ok
15:04:21.0765 4620  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:04:21.0859 4620  IPNAT - ok
15:04:21.0968 4620  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:04:22.0031 4620  iPod Service - ok
15:04:22.0077 4620  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:04:22.0171 4620  IRENUM - ok
15:04:22.0202 4620  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:04:22.0233 4620  isapnp - ok
15:04:22.0296 4620  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:04:22.0327 4620  iScsiPrt - ok
15:04:22.0374 4620  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:04:22.0405 4620  iteatapi - ok
15:04:22.0421 4620  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:04:22.0467 4620  iteraid - ok
15:04:22.0545 4620  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:04:22.0577 4620  kbdclass - ok
15:04:22.0608 4620  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:04:22.0748 4620  kbdhid - ok
15:04:22.0779 4620  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:04:22.0857 4620  KeyIso - ok
15:04:22.0889 4620  [ A383F2CEA0A8F4E76E71ABC869BD5748 ] KR10I           C:\Windows\system32\drivers\kr10i.sys
15:04:22.0967 4620  KR10I - ok
15:04:23.0060 4620  [ 6E9922332386C2A49936B30B2B6FD298 ] KR10N           C:\Windows\system32\drivers\kr10n.sys
15:04:23.0123 4620  KR10N - ok
15:04:23.0232 4620  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:04:23.0294 4620  KSecDD - ok
15:04:23.0357 4620  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:04:23.0466 4620  KtmRm - ok
15:04:23.0559 4620  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:04:23.0653 4620  LanmanServer - ok
15:04:23.0731 4620  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:04:23.0825 4620  LanmanWorkstation - ok
15:04:23.0871 4620  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:04:23.0935 4620  lltdio - ok
15:04:23.0993 4620  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:04:24.0086 4620  lltdsvc - ok
15:04:24.0133 4620  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:04:24.0258 4620  lmhosts - ok
15:04:24.0305 4620  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:04:24.0336 4620  LSI_FC - ok
15:04:24.0367 4620  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:04:24.0398 4620  LSI_SAS - ok
15:04:24.0414 4620  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:04:24.0445 4620  LSI_SCSI - ok
15:04:24.0539 4620  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:04:24.0648 4620  luafv - ok
15:04:24.0741 4620  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:04:24.0804 4620  Mcx2Svc - ok
15:04:24.0866 4620  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
15:04:24.0897 4620  megasas - ok
15:04:24.0929 4620  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:04:25.0007 4620  MMCSS - ok
15:04:25.0053 4620  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:04:25.0147 4620  Modem - ok
15:04:25.0194 4620  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:04:25.0256 4620  monitor - ok
15:04:25.0303 4620  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:04:25.0334 4620  mouclass - ok
15:04:25.0350 4620  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:04:25.0443 4620  mouhid - ok
15:04:25.0475 4620  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:04:25.0500 4620  MountMgr - ok
15:04:25.0607 4620  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:04:25.0653 4620  MozillaMaintenance - ok
15:04:25.0700 4620  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:04:25.0731 4620  mpio - ok
15:04:25.0778 4620  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:04:25.0841 4620  mpsdrv - ok
15:04:25.0903 4620  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:04:25.0997 4620  MpsSvc - ok
15:04:26.0043 4620  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:04:26.0075 4620  Mraid35x - ok
15:04:26.0137 4620  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:04:26.0168 4620  MRxDAV - ok
15:04:26.0215 4620  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:26.0309 4620  mrxsmb - ok
15:04:26.0340 4620  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:26.0402 4620  mrxsmb10 - ok
15:04:26.0433 4620  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:26.0480 4620  mrxsmb20 - ok
15:04:26.0527 4620  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:04:26.0558 4620  msahci - ok
15:04:26.0589 4620  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:04:26.0621 4620  msdsm - ok
15:04:26.0683 4620  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:04:26.0777 4620  MSDTC - ok
15:04:26.0855 4620  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:04:26.0948 4620  Msfs - ok
15:04:27.0011 4620  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:04:27.0042 4620  msisadrv - ok
15:04:27.0104 4620  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:04:27.0213 4620  MSiSCSI - ok
15:04:27.0229 4620  msiserver - ok
15:04:27.0276 4620  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:04:27.0354 4620  MSKSSRV - ok
15:04:27.0416 4620  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:27.0479 4620  MSPCLOCK - ok
15:04:27.0525 4620  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:04:27.0603 4620  MSPQM - ok
15:04:27.0713 4620  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:04:27.0744 4620  MsRPC - ok
15:04:27.0931 4620  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:04:27.0962 4620  mssmbios - ok
15:04:28.0025 4620  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:04:28.0134 4620  MSTEE - ok
15:04:28.0181 4620  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
15:04:28.0259 4620  MTsensor - ok
15:04:28.0290 4620  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:04:28.0337 4620  Mup - ok
15:04:28.0477 4620  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:04:28.0571 4620  napagent - ok
15:04:28.0649 4620  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:04:28.0711 4620  NativeWifiP - ok
15:04:28.0789 4620  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:04:28.0851 4620  NDIS - ok
15:04:29.0007 4620  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:29.0085 4620  NdisTapi - ok
15:04:29.0335 4620  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:29.0413 4620  Ndisuio - ok
15:04:29.0507 4620  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:29.0569 4620  NdisWan - ok
15:04:29.0631 4620  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:04:29.0709 4620  NDProxy - ok
15:04:29.0819 4620  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:04:29.0912 4620  NetBIOS - ok
15:04:30.0162 4620  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:04:30.0209 4620  netbt - ok
15:04:30.0287 4620  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:04:30.0318 4620  Netlogon - ok
15:04:30.0536 4620  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:04:30.0630 4620  Netman - ok
15:04:30.0755 4620  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:04:30.0864 4620  netprofm - ok
15:04:30.0973 4620  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:31.0004 4620  NetTcpPortSharing - ok
15:04:31.0035 4620  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:04:31.0067 4620  nfrd960 - ok
15:04:31.0191 4620  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:04:31.0285 4620  NlaSvc - ok
15:04:31.0488 4620  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:04:31.0581 4620  Npfs - ok
15:04:31.0644 4620  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:04:31.0737 4620  nsi - ok
15:04:31.0784 4620  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:04:31.0847 4620  nsiproxy - ok
15:04:32.0252 4620  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:04:32.0377 4620  Ntfs - ok
15:04:32.0455 4620  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:04:32.0580 4620  ntrigdigi - ok
15:04:32.0736 4620  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:04:32.0798 4620  Null - ok
15:04:32.0892 4620  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:04:32.0923 4620  nvraid - ok
15:04:33.0001 4620  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:04:33.0032 4620  nvstor - ok
15:04:33.0173 4620  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:04:33.0204 4620  nv_agp - ok
15:04:33.0219 4620  NwlnkFlt - ok
15:04:33.0235 4620  NwlnkFwd - ok
15:04:33.0500 4620  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:33.0563 4620  odserv - ok
15:04:33.0609 4620  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:04:33.0750 4620  ohci1394 - ok
15:04:33.0828 4620  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:33.0875 4620  ose - ok
15:04:34.0093 4620  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:04:34.0233 4620  p2pimsvc - ok
15:04:34.0374 4620  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:04:34.0436 4620  p2psvc - ok
15:04:34.0530 4620  [ 9482616A0F87384C5AFB5F34A317BF6C ] PAC207          C:\Windows\system32\DRIVERS\PFC027.SYS
15:04:34.0623 4620  PAC207 - ok
15:04:34.0655 4620  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
15:04:34.0795 4620  Parport - ok
15:04:34.0951 4620  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:04:34.0982 4620  partmgr - ok
15:04:35.0154 4620  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:04:35.0372 4620  Parvdm - ok
15:04:35.0419 4620  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:04:35.0497 4620  PcaSvc - ok
15:04:35.0559 4620  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:04:35.0606 4620  pci - ok
15:04:35.0715 4620  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:04:35.0747 4620  pciide - ok
15:04:35.0856 4620  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:04:35.0903 4620  pcmcia - ok
15:04:36.0620 4620  [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
15:04:36.0792 4620  PDF Architect Helper Service - ok
15:04:37.0229 4620  [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
15:04:37.0369 4620  PDF Architect Service - ok
15:04:37.0447 4620  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:04:37.0634 4620  PEAUTH - ok
15:04:38.0477 4620  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:04:38.0695 4620  pla - ok
15:04:38.0742 4620  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:04:38.0804 4620  PlugPlay - ok
15:04:38.0867 4620  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
15:04:38.0898 4620  PnkBstrA - ok
15:04:38.0960 4620  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:04:39.0023 4620  PNRPAutoReg - ok
15:04:39.0039 4620  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:04:39.0133 4620  PNRPsvc - ok
15:04:39.0320 4620  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:04:39.0382 4620  PolicyAgent - ok
15:04:39.0445 4620  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:04:39.0538 4620  PptpMiniport - ok
15:04:39.0632 4620  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
15:04:39.0772 4620  Processor - ok
15:04:39.0928 4620  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:04:40.0053 4620  ProfSvc - ok
15:04:40.0084 4620  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:04:40.0131 4620  ProtectedStorage - ok
15:04:40.0552 4620  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:04:40.0646 4620  PSched - ok
15:04:40.0740 4620  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:04:40.0833 4620  ql2300 - ok
15:04:40.0911 4620  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:04:40.0974 4620  ql40xx - ok
15:04:41.0020 4620  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:04:41.0098 4620  QWAVE - ok
15:04:41.0145 4620  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:04:41.0208 4620  QWAVEdrv - ok
15:04:41.0254 4620  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:04:41.0317 4620  RasAcd - ok
15:04:41.0410 4620  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:04:41.0488 4620  RasAuto - ok
15:04:41.0613 4620  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:41.0691 4620  Rasl2tp - ok
15:04:41.0754 4620  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:04:41.0832 4620  RasMan - ok
15:04:41.0910 4620  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:41.0956 4620  RasPppoe - ok
15:04:42.0019 4620  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:04:42.0066 4620  RasSstp - ok
15:04:42.0159 4620  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:04:42.0237 4620  rdbss - ok
15:04:42.0268 4620  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:42.0378 4620  RDPCDD - ok
15:04:42.0487 4620  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:04:42.0627 4620  rdpdr - ok
15:04:42.0658 4620  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:04:42.0736 4620  RDPENCDD - ok
15:04:42.0783 4620  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:04:42.0846 4620  RDPWD - ok
15:04:42.0892 4620  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:04:42.0986 4620  RemoteAccess - ok
15:04:43.0033 4620  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:04:43.0126 4620  RemoteRegistry - ok
15:04:43.0173 4620  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
15:04:43.0236 4620  rimmptsk - ok
15:04:43.0251 4620  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
15:04:43.0314 4620  rimsptsk - ok
15:04:43.0345 4620  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
15:04:43.0392 4620  rismxdp - ok
15:04:43.0438 4620  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:04:43.0516 4620  RpcLocator - ok
15:04:43.0548 4620  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:04:43.0626 4620  RpcSs - ok
15:04:43.0657 4620  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:04:43.0750 4620  rspndr - ok
15:04:43.0813 4620  [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:04:43.0906 4620  RTL8023xp - ok
15:04:43.0969 4620  [ 6381D7FAC6CE956F37AA76031939F8CC ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
15:04:44.0000 4620  s0017bus - ok
15:04:44.0078 4620  [ 3A0B4FC02D9D79A4F7EE9C13E287C5EB ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
15:04:44.0095 4620  s0017mdfl - ok
15:04:44.0148 4620  [ AA689C79D62CAF565357520CAE065F17 ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
15:04:44.0179 4620  s0017mdm - ok
15:04:44.0195 4620  [ 547B1A09017A4C4CE6B535BA810523DA ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
15:04:44.0226 4620  s0017mgmt - ok
15:04:44.0273 4620  [ 6DB4820821E819CF61546E1F991A298D ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
15:04:44.0288 4620  s0017nd5 - ok
15:04:44.0335 4620  [ D623BF6F04F7603EE1C4B59C737B69A7 ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
15:04:44.0366 4620  s0017obex - ok
15:04:44.0397 4620  [ 0C970A53FC43815E948628442F8983AD ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
15:04:44.0429 4620  s0017unic - ok
15:04:44.0460 4620  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:04:44.0491 4620  SamSs - ok
15:04:44.0553 4620  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:04:44.0569 4620  SASDIFSV - ok
15:04:44.0600 4620  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:04:44.0631 4620  SASKUTIL - ok
15:04:44.0678 4620  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:04:44.0709 4620  sbp2port - ok
15:04:44.0772 4620  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:04:44.0850 4620  SCardSvr - ok
15:04:44.0912 4620  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:04:45.0021 4620  Schedule - ok
15:04:45.0068 4620  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:04:45.0131 4620  SCPolicySvc - ok
15:04:45.0162 4620  [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:04:45.0209 4620  sdbus - ok
15:04:45.0255 4620  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:04:45.0302 4620  SDRSVC - ok
15:04:45.0333 4620  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:04:45.0458 4620  secdrv - ok
15:04:45.0521 4620  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:04:45.0599 4620  seclogon - ok
15:04:45.0661 4620  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
15:04:45.0739 4620  seehcri - ok
15:04:45.0755 4620  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
15:04:45.0833 4620  SENS - ok
15:04:45.0848 4620  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:04:45.0957 4620  Serenum - ok
15:04:45.0989 4620  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:04:46.0113 4620  Serial - ok
15:04:46.0129 4620  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:04:46.0207 4620  sermouse - ok
15:04:46.0254 4620  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:04:46.0332 4620  SessionEnv - ok
15:04:46.0347 4620  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:04:46.0472 4620  sffdisk - ok
15:04:46.0488 4620  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:04:46.0597 4620  sffp_mmc - ok
15:04:46.0644 4620  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:04:46.0753 4620  sffp_sd - ok
15:04:46.0769 4620  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:04:46.0878 4620  sfloppy - ok
15:04:46.0925 4620  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:04:47.0003 4620  SharedAccess - ok
15:04:47.0065 4620  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:04:47.0127 4620  ShellHWDetection - ok
15:04:47.0159 4620  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:04:47.0190 4620  sisagp - ok
15:04:47.0205 4620  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:04:47.0237 4620  SiSRaid2 - ok
15:04:47.0268 4620  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:04:47.0299 4620  SiSRaid4 - ok
15:04:47.0361 4620  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:04:47.0393 4620  SkypeUpdate - ok
15:04:47.0564 4620  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:04:47.0751 4620  slsvc - ok
15:04:47.0798 4620  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:04:47.0876 4620  SLUINotify - ok
15:04:47.0923 4620  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:04:47.0985 4620  Smb - ok
15:04:48.0032 4620  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:04:48.0079 4620  SNMPTRAP - ok
15:04:48.0204 4620  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
15:04:48.0235 4620  Sony PC Companion - ok
15:04:48.0282 4620  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:04:48.0313 4620  spldr - ok
15:04:48.0375 4620  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
15:04:48.0469 4620  Spooler - ok
15:04:48.0516 4620  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:04:48.0578 4620  srv - ok
15:04:48.0625 4620  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:04:48.0703 4620  srv2 - ok
15:04:48.0719 4620  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:04:48.0765 4620  srvnet - ok
15:04:48.0828 4620  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:04:48.0907 4620  SSDPSRV - ok
15:04:48.0985 4620  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:04:49.0047 4620  SstpSvc - ok
15:04:49.0094 4620  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:04:49.0172 4620  StillCam - ok
15:04:49.0235 4620  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:04:49.0313 4620  stisvc - ok
15:04:49.0329 4620  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:04:49.0376 4620  swenum - ok
15:04:49.0438 4620  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:04:49.0516 4620  swprv - ok
15:04:49.0563 4620  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:04:49.0594 4620  Symc8xx - ok
15:04:49.0610 4620  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:04:49.0657 4620  Sym_hi - ok
15:04:49.0672 4620  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:04:49.0719 4620  Sym_u3 - ok
15:04:49.0766 4620  [ BAA29028E7DB52837198465C5C53A2F0 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:04:49.0813 4620  SynTP - ok
15:04:49.0891 4620  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:04:49.0984 4620  SysMain - ok
15:04:50.0031 4620  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:04:50.0078 4620  TabletInputService - ok
15:04:50.0140 4620  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:04:50.0234 4620  TapiSrv - ok
15:04:50.0265 4620  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:04:50.0343 4620  TBS - ok
15:04:50.0405 4620  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:04:50.0499 4620  Tcpip - ok
15:04:50.0530 4620  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:04:50.0608 4620  Tcpip6 - ok
15:04:50.0655 4620  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:04:50.0717 4620  tcpipreg - ok
15:04:50.0764 4620  [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:04:50.0827 4620  tdcmdpst - ok
15:04:50.0873 4620  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:04:50.0951 4620  TDPIPE - ok
15:04:50.0983 4620  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:04:51.0045 4620  TDTCP - ok
15:04:51.0092 4620  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:04:51.0154 4620  tdx - ok
15:04:51.0170 4620  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:04:51.0217 4620  TermDD - ok
15:04:51.0248 4620  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:04:51.0357 4620  TermService - ok
15:04:51.0388 4620  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:04:51.0435 4620  Themes - ok
15:04:51.0466 4620  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:04:51.0529 4620  THREADORDER - ok
15:04:51.0560 4620  [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
15:04:51.0607 4620  TODDSrv ( UnsignedFile.Multi.Generic ) - warning
15:04:51.0607 4620  TODDSrv - detected UnsignedFile.Multi.Generic (1)
15:04:51.0653 4620  [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
15:04:51.0700 4620  tos_sps32 - ok
15:04:51.0731 4620  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:04:51.0825 4620  TrkWks - ok
15:04:51.0919 4620  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:04:51.0997 4620  TrustedInstaller - ok
15:04:52.0028 4620  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:52.0106 4620  tssecsrv - ok
15:04:52.0168 4620  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:04:52.0215 4620  tunmp - ok
15:04:52.0262 4620  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:04:52.0309 4620  tunnel - ok
15:04:52.0355 4620  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:04:52.0387 4620  uagp35 - ok
15:04:52.0449 4620  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:04:52.0527 4620  udfs - ok
15:04:52.0574 4620  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:04:52.0652 4620  UI0Detect - ok
15:04:52.0667 4620  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:04:52.0699 4620  uliagpkx - ok
15:04:52.0730 4620  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:04:52.0777 4620  uliahci - ok
15:04:52.0808 4620  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:04:52.0839 4620  UlSata - ok
15:04:52.0855 4620  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:04:52.0901 4620  ulsata2 - ok
15:04:52.0933 4620  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:04:52.0995 4620  umbus - ok
15:04:53.0042 4620  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:04:53.0151 4620  upnphost - ok
15:04:53.0182 4620  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:04:53.0245 4620  USBAAPL - ok
15:04:53.0307 4620  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:04:53.0385 4620  usbaudio - ok
15:04:53.0416 4620  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:53.0494 4620  usbccgp - ok
15:04:53.0525 4620  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:04:53.0635 4620  usbcir - ok
15:04:53.0697 4620  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:04:53.0759 4620  usbehci - ok
15:04:53.0791 4620  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:04:53.0853 4620  usbhub - ok
15:04:53.0869 4620  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:04:53.0994 4620  usbohci - ok
15:04:54.0026 4620  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:04:54.0104 4620  usbprint - ok
15:04:54.0166 4620  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:04:54.0213 4620  usbscan - ok
15:04:54.0276 4620  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:54.0339 4620  USBSTOR - ok
15:04:54.0370 4620  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:04:54.0432 4620  usbuhci - ok
15:04:54.0479 4620  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:04:54.0541 4620  UxSms - ok
15:04:54.0604 4620  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:04:54.0682 4620  vds - ok
15:04:54.0713 4620  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:54.0822 4620  vga - ok
15:04:54.0869 4620  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:04:54.0964 4620  VgaSave - ok
15:04:54.0995 4620  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:04:55.0026 4620  viaagp - ok
15:04:55.0042 4620  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:04:55.0166 4620  ViaC7 - ok
15:04:55.0198 4620  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:04:55.0229 4620  viaide - ok
15:04:55.0244 4620  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:04:55.0276 4620  volmgr - ok
15:04:55.0338 4620  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:04:55.0385 4620  volmgrx - ok
15:04:55.0432 4620  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:04:55.0478 4620  volsnap - ok
15:04:55.0541 4620  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:04:55.0588 4620  vsmraid - ok
15:04:55.0666 4620  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:04:55.0775 4620  VSS - ok
15:04:55.0900 4620  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
15:04:55.0993 4620  vToolbarUpdater15.2.0 - ok
15:04:56.0040 4620  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:04:56.0102 4620  W32Time - ok
15:04:56.0134 4620  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:04:56.0258 4620  WacomPen - ok
15:04:56.0290 4620  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:04:56.0368 4620  Wanarp - ok
15:04:56.0368 4620  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:04:56.0430 4620  Wanarpv6 - ok
15:04:56.0524 4620  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:04:56.0586 4620  wcncsvc - ok
15:04:56.0617 4620  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:04:56.0695 4620  WcsPlugInService - ok
15:04:56.0726 4620  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
15:04:56.0758 4620  Wd - ok
15:04:56.0804 4620  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:04:56.0882 4620  Wdf01000 - ok
15:04:56.0929 4620  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:04:57.0007 4620  WdiServiceHost - ok
15:04:57.0023 4620  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:04:57.0101 4620  WdiSystemHost - ok
15:04:57.0148 4620  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:04:57.0194 4620  WebClient - ok
15:04:57.0257 4620  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:04:57.0350 4620  Wecsvc - ok
15:04:57.0382 4620  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:04:57.0460 4620  wercplsupport - ok
15:04:57.0506 4620  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:04:57.0569 4620  WerSvc - ok
15:04:57.0647 4620  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:04:57.0694 4620  WinDefend - ok
15:04:57.0709 4620  WinHttpAutoProxySvc - ok
15:04:57.0803 4620  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:04:57.0865 4620  Winmgmt - ok
15:04:57.0943 4620  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:04:58.0068 4620  WinRM - ok
15:04:58.0162 4620  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:04:58.0271 4620  Wlansvc - ok
15:04:58.0302 4620  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:04:58.0411 4620  WmiAcpi - ok
15:04:58.0474 4620  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:04:58.0536 4620  wmiApSrv - ok
15:04:58.0630 4620  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:04:58.0754 4620  WMPNetworkSvc - ok
15:04:58.0786 4620  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:04:58.0879 4620  WPCSvc - ok
15:04:58.0942 4620  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:04:59.0035 4620  WPDBusEnum - ok
15:04:59.0113 4620  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:04:59.0160 4620  WpdUsb - ok
15:04:59.0456 4620  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:04:59.0534 4620  WPFFontCache_v0400 - ok
15:04:59.0566 4620  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:04:59.0644 4620  ws2ifsl - ok
15:04:59.0690 4620  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
15:04:59.0737 4620  wscsvc - ok
15:04:59.0784 4620  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:04:59.0831 4620  WSDPrintDevice - ok
15:04:59.0893 4620  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
15:04:59.0987 4620  WSDScan - ok
15:05:00.0002 4620  WSearch - ok
15:05:00.0361 4620  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:05:00.0502 4620  wuauserv - ok
15:05:00.0548 4620  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:05:00.0611 4620  WudfPf - ok
15:05:00.0673 4620  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:00.0720 4620  WUDFRd - ok
15:05:00.0751 4620  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:05:00.0798 4620  wudfsvc - ok
15:05:00.0907 4620  [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
15:05:00.0907 4620  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
15:05:00.0907 4620  Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
15:05:00.0938 4620  ================ Scan global ===============================
15:05:01.0001 4620  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:05:01.0048 4620  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:05:01.0079 4620  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:05:01.0157 4620  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:05:01.0157 4620  [Global] - ok
15:05:01.0157 4620  ================ Scan MBR ==================================
15:05:01.0172 4620  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:05:02.0436 4620  \Device\Harddisk0\DR0 - ok
15:05:02.0436 4620  ================ Scan VBR ==================================
15:05:02.0467 4620  [ 9F66481563F3E13E18297B6867A6DE48 ] \Device\Harddisk0\DR0\Partition1
15:05:02.0467 4620  \Device\Harddisk0\DR0\Partition1 - ok
15:05:02.0498 4620  [ ED80CB87387BC837C59B31D2DB9654D6 ] \Device\Harddisk0\DR0\Partition2
15:05:02.0498 4620  \Device\Harddisk0\DR0\Partition2 - ok
15:05:02.0498 4620  ============================================================
15:05:02.0498 4620  Scan finished
15:05:02.0498 4620  ============================================================
15:05:02.0514 5612  Detected object count: 5
15:05:02.0514 5612  Actual detected object count: 5
15:05:30.0956 5612  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0956 5612  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:30.0971 5612  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0971 5612  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:30.0971 5612  CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0971 5612  CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:30.0971 5612  TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0971 5612  TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:30.0987 5612  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0987 5612  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Bei der Gelegenheit habe ich noch eine alte TDSSKiller-log sowie eine alte ComboFix-log gefunden (Februar 2012). Weiß nicht, ob die auch relevant sind, ich hänge sie der Vollständigkeit halber einfach mal dran .
Angehängte Dateien
Dateityp: txt ComboFix.txt (10,3 KB, 142x aufgerufen)

Alt 19.06.2013, 15:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2013, 10:02   #9
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Freddy on 19.06.2013 at 21:54:48,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] yontoo desktop updater 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yontoo desktop



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Freddy\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Freddy\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Freddy\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Freddy\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\yontoo"



~~~ FireFox

Successfully deleted: [File] C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\user.js
Successfully deleted: [File] C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\plugin@yontoo.com
Successfully deleted the following from C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\prefs.js

user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome:/
user_pref("vshare.install.date", "1330384944");
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.fresh", "false");
user_pref("vshare.install.guid", "{4d20e147-5782-4cd9-83bd-cc4a189d69cc}");
user_pref("vshare.install.newtab", false);
Emptied folder: C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\minidumps [172 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 21:59:15,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner[S1].txt:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 19/06/2013 um 22:28:08 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Freddy - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Freddy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Freddy\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Freddy\AppData\Local\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Freddy\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Freddy\AppData\LocalLow\AVG Security Toolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\prefs.js

Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.2.0.5");
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "52eb2707-18f7-47a9-b711-baefa354cf63");
Gelöscht : user_pref("vshare.install.date", "1371673263");
Gelöscht : user_pref("vshare.install.finished", "1.0.0");
Gelöscht : user_pref("vshare.install.fresh", "false");
Gelöscht : user_pref("vshare.install.guid", "{6ea53c39-8b59-491d-9c93-af94eecaca2d}");
Gelöscht : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[S1].txt - [8873 octets] - [19/06/2013 22:28:08]

########## EOF - C:\AdwCleaner[S1].txt - [8933 octets] ##########
         
--- --- ---


OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.06.2013 04:18:03 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Freddy\Desktop\V-Scanner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,89% Memory free
4,22 Gb Paging File | 2,69 Gb Available in Paging File | 63,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 13,42 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 55,69 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Freddy\Desktop\V-Scanner\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll ()
MOD - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (PDF Architect Helper Service) -- C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Freddy\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 92 20 C5 A6 F5 CC 01  [binary data]
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes\{A3E61A4B-FA03-4F1A-B8A1-EA2C2022E5FE}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.04 11:57:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.20 15:15:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BC8B309B-75FF-401C-A4D3-3E779FD88379}: C:\Users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M]
 
[2008.09.02 09:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Extensions
[2013.06.19 21:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions
[2010.01.23 01:05:56 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2013.05.29 11:49:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.31 18:20:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\eafo3fflauncher@ea.com
[2013.05.09 00:04:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.15 14:31:43 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013.05.24 04:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.24 04:58:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.06.24 13:51:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.10.04 11:56:54 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2012.11.06 18:26:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB99B38-9040-4AD3-A534-6A04B83AE8CD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 21:54:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.19 21:54:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.19 21:50:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Freddy\Desktop\JRT.exe
[2013.06.19 15:00:33 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Freddy\Desktop\tdsskiller.exe
[2013.06.19 14:32:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Freddy\Desktop\aswMBR.exe
[2013.06.19 13:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.19 13:44:33 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Desktop\mbar
[2013.06.17 11:39:25 | 000,000,000 | R--D | C] -- C:\Users\Freddy\Desktop\V-Scanner
[2013.06.12 18:24:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.12 18:24:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.12 18:24:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.12 18:24:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.12 18:24:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.12 18:24:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.12 18:24:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.12 18:24:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.12 12:29:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.06.12 12:29:06 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 12:29:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 12:27:51 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 12:27:49 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.12 12:27:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.11 11:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.06.06 23:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.06 23:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.04 16:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.06.03 17:54:18 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2013.05.30 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.29 01:47:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Contacts
[2013.05.29 01:32:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Documents\Sony Ericsson
[2013.05.29 01:12:47 | 000,000,000 | ---D | C] -- C:\Users\Freddy\AppData\Local\Sony Ericsson
[2013.05.24 04:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.20 04:09:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.20 04:08:17 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.20 04:07:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 22:53:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.19 22:52:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.06.19 22:51:04 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 22:51:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 22:28:56 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.19 22:27:24 | 000,648,201 | ---- | M] () -- C:\Users\Freddy\Desktop\adwcleaner.exe
[2013.06.19 21:51:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Freddy\Desktop\JRT.exe
[2013.06.19 15:00:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Freddy\Desktop\tdsskiller.exe
[2013.06.19 14:54:10 | 000,000,512 | ---- | M] () -- C:\Users\Freddy\Desktop\MBR.dat
[2013.06.19 14:33:10 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Freddy\Desktop\aswMBR.exe
[2013.06.19 13:44:03 | 013,169,742 | ---- | M] () -- C:\Users\Freddy\Desktop\mbar-1.06.0.1003.zip
[2013.06.19 11:27:59 | 000,000,854 | ---- | M] () -- C:\Users\Freddy\Documents\AVG_22-05-13.csv
[2013.06.18 11:59:33 | 000,000,299 | ---- | M] () -- C:\Users\Freddy\Freddy - Verknüpfung.lnk
[2013.06.17 11:31:40 | 000,000,156 | ---- | M] () -- C:\Users\Freddy\defogger_reenable
[2013.06.12 01:02:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 01:02:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 11:13:24 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.10 23:47:53 | 000,175,104 | ---- | M] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.06 23:28:31 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 16:36:41 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.03 19:16:08 | 000,000,957 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.03 19:15:34 | 000,000,927 | ---- | M] () -- C:\Users\Freddy\Desktop\Dropbox.lnk
[2013.06.03 17:37:43 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.03 17:37:43 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.03 17:37:43 | 000,131,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.03 17:37:43 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.30 21:54:53 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.21 17:17:02 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.19 22:28:26 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.19 22:27:19 | 000,648,201 | ---- | C] () -- C:\Users\Freddy\Desktop\adwcleaner.exe
[2013.06.19 14:54:10 | 000,000,512 | ---- | C] () -- C:\Users\Freddy\Desktop\MBR.dat
[2013.06.19 13:43:49 | 013,169,742 | ---- | C] () -- C:\Users\Freddy\Desktop\mbar-1.06.0.1003.zip
[2013.06.19 11:27:58 | 000,000,854 | ---- | C] () -- C:\Users\Freddy\Documents\AVG_22-05-13.csv
[2013.06.18 11:59:33 | 000,000,299 | ---- | C] () -- C:\Users\Freddy\Freddy - Verknüpfung.lnk
[2013.06.06 23:28:31 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 16:36:41 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.03 19:09:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.05.30 21:54:53 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.04.30 02:26:03 | 000,000,087 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.30 00:13:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.28 17:21:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.28 17:21:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.28 17:21:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.28 17:21:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.28 17:21:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.24 17:54:29 | 000,000,156 | ---- | C] () -- C:\Users\Freddy\defogger_reenable
[2011.11.11 04:04:47 | 000,000,094 | ---- | C] () -- C:\Users\Freddy\AppData\Local\fusioncache.dat
[2011.10.12 03:20:55 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.23 20:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat
[2011.04.23 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin
[2010.11.26 11:09:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.31 18:22:50 | 000,139,152 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\PnkBstrK.sys
[2010.03.11 21:15:39 | 000,017,408 | ---- | C] () -- C:\Users\Freddy\AppData\Local\WebpageIcons.db
[2010.02.28 18:29:30 | 000,000,600 | ---- | C] () -- C:\Users\Freddy\PUTTY.RND
[2010.01.23 03:48:05 | 000,008,026 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\.civclientrc
[2009.11.23 14:03:32 | 000,001,356 | ---- | C] () -- C:\Users\Freddy\AppData\Local\d3d9caps.dat
[2009.02.10 22:33:53 | 000,000,016 | ---- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.01.05 19:51:14 | 000,175,104 | ---- | C] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\mxfilerelatedcache.mxc2
[2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Local\mxfilerelatedcache.mxc2
[2007.11.15 19:33:48 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\mxfilerelatedcache.mxc2
[2007.11.01 17:45:16 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\persistent_state
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.06.2013 04:18:03 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Freddy\Desktop\V-Scanner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,89% Memory free
4,22 Gb Paging File | 2,69 Gb Available in Paging File | 63,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 13,42 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 55,69 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C90E0E-A629-41BC-AF98-66CE148B5C2D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1883CDEA-9102-40A3-8D17-926662DF66A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1F02F3D2-9D38-410F-9EB3-430A9B395037}" = lport=138 | protocol=17 | dir=in | app=system | 
"{63731208-F33B-44A9-880B-946F947B1083}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6551E1B4-B1B1-4234-88F5-FBE5349B0EC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8CEC1E07-0E7A-42A8-8F2C-FF403B01C2E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9B1A6857-391A-42DE-B45C-32C3C31E88AE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA1B3DA4-0C4A-4348-A3C4-0A94853C71D0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFD6E303-DB27-4094-942E-E6BC1BAB9472}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C6CD8ABA-946F-4D5D-BCED-3C45483FA016}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CCD0B2-C7F1-4A62-9B3A-73B95ACD4DB7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{0A9484CD-46EF-4948-8BFB-AA54D0CDDD01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D75D503-B355-4FDF-9A60-A2667FE98EFE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{1A0B3620-F847-417C-B537-BB0939F1CF11}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{28BA928A-1C7C-4F3E-A200-8A5B6187E3FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2A63B805-44A2-44FD-BBD1-8F4B19EABE8E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{31CEDA88-B26A-42E3-B99A-195991F04A51}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{337387A3-FE6E-4D8C-B124-C8C9CCCD2526}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{35B8F017-0308-42C7-8288-AED729463C45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3C662165-808C-465C-B2CE-7AEDC7207482}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{3FA5E4D3-6309-4853-9D55-67EA81FE3DEB}" = protocol=17 | dir=in | app=f:\alicesetup.exe | 
"{4A501CF4-EBDB-4832-AAC1-62033138E4D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4DD7B992-9E23-4586-AB40-5F545C1DD21A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{5B98C980-EBEA-4315-990C-8E850F5C606F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{5D631426-89F2-411B-8E11-DF9C95D08B29}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{6018F1E6-D394-4B9B-BB20-2E300C1008CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{62F03426-8092-420F-84DA-0B147EE8166F}" = protocol=17 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe | 
"{632C0B95-42D1-4ABF-B913-A7E09FAFA8DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{6892DCCC-FEA0-4E61-8756-E76F0CC47CA9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{72B43C2F-DCD6-4CC9-A385-BAF223D41387}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7777196C-419C-4858-A2F8-849A376DEA6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{7BE75BFB-99A7-4269-BA41-FF31F9FE9F43}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{8B584AA0-83FB-445E-A588-AD48AA13AB42}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{8C7C004A-DEA0-4C4E-A525-28A3DB3C73B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{8EC10E0C-6163-44AE-91F0-3A69B7B7C1A3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{9274595B-99D2-4CDA-B569-A05221864E38}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{97B17415-EC7F-482E-A4D3-EAB239895F93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{98F7CA46-7B41-435F-954A-524652A56FBB}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{9E6B0D20-204D-44BA-BFD1-2E86DCAB1EE1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{A63584E5-3726-47FB-9435-3A636E043651}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{ACBE206E-1A36-4484-B9F3-AC74FC613A45}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{AD90903D-FCBC-4CDA-88E7-E6F204AAA191}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{B1A6D0D0-2C0D-4794-BE35-09A16070D4A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{BAB92817-AD63-4FC3-B97E-11E9489C027C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF6B7563-2013-4C09-BA00-274A50FBE300}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{C263444B-EF16-4D6D-8711-B51938BD21BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{D1B5D380-95BC-4D55-899E-B8C54BBA5904}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{D1D6B5C5-642D-47F9-94E8-FFDA274CDDA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{D576EE70-8F74-4D5D-9508-FB2CAD1AE921}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D6AB8B5B-A33C-4819-A6A1-613DFBE0FA7C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D82F9709-A617-4BF9-A567-C9DCAFB7B1BD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{D8DE3341-0E5F-4AC2-8DEB-0697701CE72A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D96F2A99-BBAF-4B64-8157-4E5D35BEC389}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DBF2A352-1EB1-414D-A9CC-00552DC9FCA9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DD718E12-5055-4FCC-A091-183EBDD845A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{DEB658C9-39F3-493E-97B9-5A721131F47D}" = protocol=6 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E1826C71-58D1-4897-A106-AB183FDE55CF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{E3DD6F57-B910-406E-A1A9-48E294CDF9DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{E4666163-A852-4C5B-BAE3-F548C3311ACA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E4F2C630-8DE2-4CFE-9F3C-36F7DF597A9D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E569FB48-6B51-49CB-8230-4A611A4035DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E8D72D61-3F8F-49D1-B0FA-4D5C992193F8}" = protocol=6 | dir=in | app=f:\alicesetup.exe | 
"{F951C6EB-CFAD-43F8-9C0C-79408F159DC3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{FC9834A8-CCD8-48FB-AD1E-EAA497728486}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FCBC7F67-9439-42E3-8477-D583DA907653}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"TCP Query User{0CE5C2EE-1913-4A82-8BE8-12C1993A4FDB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{0F3DD217-9C93-420F-9090-F47CD81D22EC}C:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe | 
"TCP Query User{143AA5D3-E184-47BD-A3B1-25F6B92BEB6A}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe | 
"TCP Query User{2151C05B-3CB1-4487-A62A-BB11F0367D59}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{21661621-8D6A-4B09-AB41-15C14049EFD1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{24DCDC03-A16E-4DDD-BE10-E3A8F405AF58}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{2B97F9DA-4A0A-41FE-B4B3-1D53B1F5CDB7}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe | 
"TCP Query User{327AE9FA-6869-4546-B4C7-59534E40DADE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3C6D926A-E179-47A7-AC54-35B36263AB59}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{3ED8DF9A-9A9F-49D7-A5DA-DB8152A0812B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{454710FA-A973-4A2D-A62B-9A6EA24A2DCB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4676846A-3C67-4489-A074-0FD4097A7E28}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{4AAC6EE0-337A-4E51-8DB9-8491212D9665}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{4B2A6FAF-933C-4E93-B5B9-7907912AA96D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{4C8DDB83-AEE6-4B97-AC95-5C68B1917ADB}C:\users\freddy\downloads\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\freddy\downloads\eclipse\eclipse.exe | 
"TCP Query User{4DA57036-83FF-483B-B2D6-784EA5C6570F}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{596EA95A-ED98-44CD-995D-D6F0B7F08570}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{5A8C498E-10E4-43B1-AB29-33E07DD63ED8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{6DE47BDE-B9E6-49D7-9487-8A18C1DB0979}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{70F2394D-230F-410B-862A-78D5C66E8871}C:\program files\proengineer student edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\nms\nmsd.exe | 
"TCP Query User{7D452FC9-4FDD-4B00-8C0F-18AAA77934FF}C:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{842A9EEC-FBAB-4BA0-8F4E-C88C0E757C2F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{8D1DD487-8923-4A9B-AE4B-473FE8CC3A32}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{8E3075BD-A91B-46A5-84AC-6D846AA285B1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{9271C334-6C83-4AA8-805C-9664395305DA}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"TCP Query User{971CD4D3-5379-4D23-BD7A-B5C6812C7FA6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{A4478816-F809-4ACE-BC20-95863E2197FF}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{A8E894FC-3EA9-46EA-BD55-B928AF539548}C:\program files\proengineer student edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\xtop.exe | 
"TCP Query User{AE02C50F-6BC9-4E5A-932C-57F389B7D6FB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{B4A39896-6636-4A63-AE26-63591F33D281}C:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe | 
"TCP Query User{BD8130A5-F066-4F63-B3C1-DE917E52F244}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{BFD4193B-0213-437B-BBA9-E88C4CE4E834}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{C5408C30-E361-46D6-89A5-65168B2EDE13}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{CDB9818B-D67E-4492-9D1D-1A6C513107BE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D4D6836B-3B16-428A-8C7D-C195475486BC}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe | 
"TCP Query User{D8048D03-7424-465F-A6FB-63B2C29CF213}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{DE9E363C-1029-44A9-B86C-8DCD89C0759F}C:\program files\freeciv-2.1.10-win32\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.1.10-win32\civserver.exe | 
"TCP Query User{E3CCF07E-7539-4A88-BA4E-97DEE2854C5A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E71FB915-E2F4-48D2-AA63-C5652FC662A5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{F0689AD7-6E9B-47B4-807E-5EB4991454F9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{F8E7FFD5-D32E-4355-8E30-8FD5960F4AB8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{01711F82-84B5-4989-A445-5EDEA4FB9BE0}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{0D867EAF-E124-4BFA-B0B9-AB0609CB549C}C:\program files\proengineer student edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\nms\nmsd.exe | 
"UDP Query User{12B496D2-52D1-4620-9584-F2365A5E2920}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{13A02B25-B1F0-40B8-82C3-5BFC4B00536F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1C2EFC75-88C7-4DCB-ACFC-7D117C06331E}C:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1CB853DD-B950-4860-A11A-72CAB94A0B53}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1CE3E483-356F-424C-A65F-09EB09F26DED}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe | 
"UDP Query User{2AC5750E-F106-4CE6-A688-41FFB51345B3}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{2F2B7767-46D1-4595-B937-4E5EE0F27FC5}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{304D4439-66CF-4B74-A305-EEA74269B0E3}C:\users\freddy\downloads\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\freddy\downloads\eclipse\eclipse.exe | 
"UDP Query User{30D28C3E-74F4-483B-9496-0CB432975EA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3C189BAD-FC8A-4E3E-8B1A-CED630FEE84D}C:\program files\proengineer student edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\xtop.exe | 
"UDP Query User{47C04BD5-21A7-4F76-9F5F-85664EDCB845}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4AA9C47C-D99E-4D14-9184-D2D0D42D5534}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe | 
"UDP Query User{4D5C115B-CDBF-442C-B4CD-D415135243D4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{538D4552-4D8F-4FF2-9795-39D5D3FDF222}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{5402C0FA-AC1D-4865-8D73-5D7F39519DE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6B722157-A7D6-440F-83E4-BDC09482F795}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{84778502-597E-4240-91A3-4EB89941D9B9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{87F7227B-1474-4C99-BCC4-8889E2A1F425}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{8E381227-A30D-41B9-987B-D6C56D48C648}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{9292DBA6-BB5B-4B63-89FF-3BD014FB6AF0}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{9BD874E3-2F52-4D39-BCE6-CE21773034A6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{A109BCDE-C38B-4005-A5B4-7C383F66BB9C}C:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe | 
"UDP Query User{AC0926DA-5ADC-4325-9B38-E213760FCCB1}C:\program files\freeciv-2.1.10-win32\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.1.10-win32\civserver.exe | 
"UDP Query User{B691683B-EB2B-437F-938C-959379CA1607}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{B741FFFD-C46F-4124-9859-D43B2D991ADC}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe | 
"UDP Query User{BD936C70-1FEA-4B74-8FF9-34CDB1B19378}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C0A0D508-09EB-48EE-92D3-40B2E62E8FB0}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{C0ADA884-B580-425B-B4BD-70A5E3884C57}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{C12E53B7-78DE-490F-A59D-728C89889CEF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{C8195DB6-6E81-4FA6-BC7D-F926B028C4C6}C:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe | 
"UDP Query User{C9F8F3D5-B77D-4562-BD7B-04BF015B2584}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DCFEC4BD-DD64-4A18-ACDE-CB2968E4B201}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{E5282760-BADD-4D50-8B2E-5611A92FCBD6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{E8EB1139-6795-448F-82A2-A98FA56EABE5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{ECBAA96E-C645-4C1C-846D-A88E7840B41C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{EFBC227C-1904-46BA-9350-632FD297DC54}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{F61E57F0-83A0-4B98-91D4-BFA9A17ABBEA}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{F703FDE7-3D14-4068-AB6A-7F6BE9777A41}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{FF54B688-3519-4712-844F-CE8B1C8B336A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D774186B-031F-4186-BC4D-B256B9831B85}" = AVG 2013
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AVG" = AVG 2013
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"realMYST Interactive 3D Edition" = realMYST Interactive 3D Edition
"RealPlayer 15.0" = RealPlayer
"ScummVM_is1" = ScummVM 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TQVault_is1" = TQVault 2.11
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.2
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.06.2013 22:07:38 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 19.06.2013 22:07:38 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18805203
 
Error - 19.06.2013 22:07:38 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18805203
 
[ OSession Events ]
Error - 23.06.2010 05:05:37 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 580
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 30.11.2010 11:18:21 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347353
 seconds with 16680 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.06.2013 16:49:11 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 19.06.2013 16:52:19 | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19.06.2013 16:52:19 | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19.06.2013 16:52:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.06.2013 16:52:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.06.2013 16:52:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 20.06.2013, 10:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2011.04.23 20:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat
[2011.04.23 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin
[2013.06.19 14:54:10 | 000,000,512 | ---- | C] () -- C:\Users\Freddy\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2013, 10:36   #11
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Freddy\AppData\Local\Mnubiwa.dat moved successfully.
C:\Users\Freddy\AppData\Local\Jjuyi.bin moved successfully.
C:\Users\Freddy\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Freddy\Desktop\V-Scanner\cmd.bat deleted successfully.
C:\Users\Freddy\Desktop\V-Scanner\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Freddy
->Temp folder emptied: 154093125 bytes
->Temporary Internet Files folder emptied: 808031 bytes
->Java cache emptied: 350042 bytes
->FireFox cache emptied: 48701991 bytes
->Flash cache emptied: 3245 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103283 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46022 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 31493479 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 225,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06202013_111732

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 20.06.2013, 11:09   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2013, 19:56   #13
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



mbam-log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Freddy :: HOME-PC [Administrator]

20.06.2013 12:24:55
mbam-log-2013-06-20 (12-24-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378836
Laufzeit: 3 Stunde(n), 52 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Eset-log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57186669914d8345ba07cdf08e744cf9
# engine=14115
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 06:30:50
# local_time=2013-06-20 08:30:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 34711 58887034 0 0
# compatibility_mode=5892 16776574 100 100 81219163 209285778 0 0
# scanned=196524
# found=3
# cleaned=0
# scan_time=12975
sh=CDE683A5E86BE1C26519AF3D1E7DCCCA60D92FC8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02272012_235541\C_Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\e785aca-15b7cbe4"
sh=69E79853C4227AF902A71A53F82CF1CCD2D03DC2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02272012_235541\C_Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-39a01378"
sh=9344652CAED7F50C0B4C3C03CA16A1EFAC4EB5FC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02272012_235541\C_Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\448bc1ac-22f7fb7c"
         

Alt 20.06.2013, 20:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Sieht soweit ok aus, nur Funde in der Q von OTL

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2013, 21:20   #15
Ajin
 
Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Standard

Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox



Super, vielen Dank schonmal!

Zu den Cookies: Ich lasse sowieso nie meine Passwörter vom Brwoser speichern. Daher wäre es auch kein Problem für mich, mich jedes Mal wieder komplett neu einzuloggen. Wusste bisher nichts von dieser Möglichkeit, habe jetzt aber unter Einstellungen > Datenschutz > Chronik "Cookies akzeptieren" sowie "Cookies von Drittanbietern akzeptieren" angehakt. Darunter habe ich eingestellt: "Behalten bis: Firefox geschlossen wird". Ist das so, wie du es gemeint hast? Und sollte ich den Haken bei den Drittanbietern auch noch entfernen (was bedeutet das überhaupt genau?)? Wären außerdem die anderen Schritte, die du vorgeschlagen hast, damit überflüssig? Wenn ich das richtig verstanden habe, wäre dieses MVPS Host Files dennoch sinnvoll, oder?

Dann wäre da noch eine weitere Sache, die mir vorhin erst wieder aufgefallen ist: Auf einigen Seiten mit Eingabefeldern, wie zum Beispiel bei der Bahnseite, öffnet sich bei mir ein spezielles Such-Tool (im Beispiel der Bahnseite, wenn ich Start- und Zielbahnhof eingeben möchte). Bisher habe ich immer gedacht, das sei von Firefox selbst. Jetzt bin ich mal darauf gekommen, das genauer zu untersuchen und habe festgestellt, dass sich dahinter etwas names "searchcompletion.com" verbirgt. Über google habe ich zumindest schonmal erfahren, dass das an sich nicht schädlich ist, aber einige Lücken für Malware bringt. Weißt du, wie ich das noch loswerden könnte?

Viele Grüße
Freddy

Antwort

Themen zu Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox
autorun, avg, avg secure search, avg security toolbar, bho, bonjour, cid, converter, defender, desktop, error, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, nodrives, object, programm, realtek, registry, secure search, security, software, vista, vtoolbarupdater, werbung



Ähnliche Themen: Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox


  1. Mozilla FIrefox lässt sich nicht deinstallieren
    Alles rund um Windows - 04.11.2015 (5)
  2. Windows 8, Mozilla Firefox: Feven 2.2 lässt sich nicht deinstallieren, re-markit eventuell noch vorhanden
    Log-Analyse und Auswertung - 08.10.2015 (24)
  3. snapdo lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 30.09.2014 (3)
  4. webssearches.com als Startseite in Firefox lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (13)
  5. VAF Player lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 28.02.2014 (3)
  6. yontoo 2.052 lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (5)
  7. Win 7 Firefox stürzt ab, Advanceed System Protector lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 03.01.2014 (7)
  8. Spyhunter lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (7)
  9. HDvid Codec V1 eingefangen, lässt sich nicht deinstallieren, Rechner hängt sich bei Beutzerwechsel auf
    Log-Analyse und Auswertung - 28.09.2013 (15)
  10. Windows 7 : Yontoo 2.052 lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 10.09.2013 (9)
  11. ASK Toolbar lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (21)
  12. Yontoo 2.051 lässt sich nicht deinstallieren/trojaner/virus internet downloads extrem langsam.
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (7)
  13. Yontoo Adware lässt sich nicht deinstallieren, habe Scans durchgeführt
    Log-Analyse und Auswertung - 22.05.2013 (4)
  14. Yontoo 1.10.03 lässt sich nicht entfernen
    Log-Analyse und Auswertung - 10.04.2013 (12)
  15. Claro Search (Firefox) lässt sich nicht deinstallieren!
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (27)
  16. AVG lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 24.05.2011 (3)
  17. AntiVir lässt sich nicht deinstallieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 09.02.2006 (11)

Zum Thema Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox - Hallo, seit Kurzem tauchen bei mir in Firefox auf den meisten Seiten große Werbebanner am linken und/oder unteren Rand auf. Klickt man hier auf einen Button, gelangt man auf eine - Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox...
Archiv
Du betrachtest: Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.