Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   bundestrojaner; suchlauf mit malwarebytes: pup.blabbers (https://www.trojaner-board.de/131395-bundestrojaner-suchlauf-malwarebytes-pup-blabbers.html)

OLI VAN DEN 22.02.2013 18:19
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers
 
nach laden einer webseite wurde explorer gesperrt und eine neue version der altbekannten bundestrojaner erschien.
windows 7 (64bit) - start im abgesicherten modus (ohne netzwerktreiber, da dies nicht möglich war, wurde angezeigt, trojaner erschien nach start, deshalb abgesicherter modus mit eingabeaufforderung).
unter ms-dos in console explorer.exe eingegeben, malwarebytes über 2.pc geladen, auf infiziertem installiert und schnellscann durchgeführt: 166 infizierte dateien gefunden.
alles pup.blabbers
laut benutzeroberfläche lässt sich nur die auswahl entfernen, ignorieren, logdatei speichern und zum hauptmenü zurückgehen.
welches weitere vorgehen kann empfohlen werden?
thx

evtl hilft folgender ausschnitt aus der logdatei weiter:

Infizierte Registrierungsschlüssel: 47
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\OLI\AppData\Roaming\skype.dat -> Keine Aktion durchgeführt.

und so weiter und so ähnlich

aharonov 22.02.2013 18:54
Hi,

Zitat:
laut benutzeroberfläche lässt sich nur die auswahl entfernen, ignorieren, logdatei speichern und zum hauptmenü zurückgehen.
welches weitere vorgehen kann empfohlen werden?
Markiere nach diesem Malwarebytes-Scan alle Funde und wähle Auswahl entfernen.
Danach solltest du auch wieder wie gewohnt in den normalen Modus booten können. MBAM hat die für den Sperrbildschirm verantworlichen Einträge erkannt.

Danach kannst du diese Anleitung abarbeiten und die Logs posten, damit man deinen Rechner noch eingehender untersuchen kann.

OLI VAN DEN 23.02.2013 16:53
danke für die infos,
wenn GMER als admin gestartet wird erscheint folgende error-nachricht:
"C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird."

hatte diese mit ok bestätigt und hacken an gewünschten stellen entfernt.
bin allerdings nicht ganz sicher ob nun hacken bei festplatte c:\ oder quickscan gesetzt werden soll (anleitung ist in diesem punkt nicht eindeutig)

Hey,

nach erneuter suche mit installiertem antivirenprogramm wurde dieses fündig auf eine bedrohung: Win32:LockScreen-RV[Trj]

unter c:\users\oli\appdata\local\temp\g1a0siss8zjm2v1uckua0a.exe

verschiebe dieses nun in container.


status der logfiles siehe status GMER-error.

aharonov 23.02.2013 21:20
Hi,

Zitat:
status der logfiles siehe status GMER-error.
Sorry, ich versteh das grad nicht ganz. Du kannst weder einen OTL noch einen Gmer-Scan durchführen?
(Bei Gmer sollte man C:\ anhaken, nicht Quickscan)

Kannst du dann diese Scans mal im abgesicherten Modus versuchen?

OLI VAN DEN 24.02.2013 16:22
defogger und otl suchen lassen. (logfiles in diesen thread posten oder neuen erstellen? wenn ja wie benennen? gehe von aus in log-file analyse...)

bei gmer gab es die genannte fehlernachricht. ("C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.")

werde gmer im abgesicherten modus erneut ausführen.

fehler tritt auch im abgesicherten modus auf. lass trotzdem suchen. oder?

aharonov 24.02.2013 16:40
Hi,

dann poste die beiden Logfiles von OTL (defogger brauch ich nicht) bitte hier in den Thread und mach mal noch nichts anderes.
(Den Inhalt der Logfiles direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)

OLI VAN DEN 24.02.2013 16:50
hoffe das ist so richtig eingefügt:

Code:
OTL logfile created on: 23.02.2013 15:30:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\M02Y13\malewarediagnose
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,08% Memory free
15,92 Gb Paging File | 14,31 Gb Available in Paging File | 89,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,04 Gb Total Space | 909,42 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive F: | 14,81 Gb Total Space | 14,58 Gb Free Space | 98,44% Space Free | Partition Type: FAT32
 
Computer Name: OLIVENOEL-PC | User Name: OLIVENOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\M02Y13\malewarediagnose\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.27 19:12:35 | 000,245,168 | ---- | M] (hxxp://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.05 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 12:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2011.09.19 08:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011.05.24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.02.22 14:53:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 18:11:17 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.10 12:24:19 | 002,309,656 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Disabled | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2011.03.31 04:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.31 04:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.21 20:01:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:01:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.08.18 11:03:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.28 07:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.05.20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.09.19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.21 09:00:22 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2012.05.30 13:22:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.05.30 13:21:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT280194
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1A 43 A6 E9 3D CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{04AACE3D-6BEC-44EF-9545-1F5ACDB8D9E2}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{1D2A669D-1647-4114-957F-197E22191314}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de171efa-a06d-44fa-9227-742195c7860d&apn_sauid=225CE576-68D0-4AF8-9DD4-95DF0951DDD3
IE - HKCU\..\SearchScopes\{C6F4A357-FDC3-4227-B4FD-6AF9CDD21F24}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.01 18:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.18 11:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.10 16:31:07 | 000,000,000 | ---D | M]
 
[2012.09.01 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.09.06 17:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.26 15:55:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.09.01 11:11:44 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
[2012.06.14 16:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - default_search_provider: dict.cc (Enabled)
CHR - default_search_provider: search_url = hxxp://www.dict.cc/?s={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Wajam (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DEE3FE-D533-437F-9D9D-D99B7E44B1CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AC0FAC-92C8-4CE8-904B-85A9E43C48F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD499B7-FCFA-4572-88A7-65C20A02DA6D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Malwarebytes
[2013.02.22 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Programs
[2013.02.22 17:21:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Man Who Wasn't There (2001)
[2013.02.02 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Harold und Maude (1971)
[2013.02.02 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Gorillas im Nebel (1988)
[2013.02.02 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Filofax - Ich bin du und du bist nichts (1990)
[2013.02.02 16:35:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Bob Roberts (1992)
[2013.02.02 16:34:58 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Rosenkranz & Güldenstern (1990)
[2013.02.02 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Mosquito Coast (1986)
[2013.02.02 16:27:38 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Mary & Max - oder schrumpfen Schafe, wenn es regnet (2009)
[2013.01.29 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine Other Profiles
[2013.01.29 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine
[2013.01.29 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2013.01.29 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.29 18:55:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.29 18:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Ignite
[2013.01.29 17:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.29 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Pokki
[2013.01.29 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.29 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.23 15:27:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 15:27:15 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 15:27:15 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 15:27:15 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 15:27:15 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 14:59:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 14:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 14:58:05 | 2117,795,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.22 23:45:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.22 23:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:23:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 17:18:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.22 16:18:40 | 000,000,004 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 16:16:35 | 000,000,178 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:41:51 | 011,165,867 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.16 18:03:02 | 000,001,603 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.14 13:54:45 | 000,420,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:08:49 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 12:21:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:31 | 000,293,841 | ---- | M] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.22 17:23:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 16:16:35 | 000,000,178 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:45:29 | 000,000,004 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 15:37:54 | 000,017,751 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:40:58 | 011,165,867 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.13 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 19:35:40 | 000,001,603 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:30 | 000,293,841 | ---- | C] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[2012.09.01 11:07:35 | 000,384,844 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
[2012.08.18 11:15:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 11:15:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 12:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.10 12:44:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.12 20:36:43 | 000,004,608 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 12:43:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\RemoveWlan.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.31 20:26:09 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:12:12 | 000,176,389 | ---- | C] () -- C:\Windows\hphins27.dat
[2012.05.31 15:12:12 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2012.05.30 13:22:07 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.30 12:17:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.05 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Amazon
[2012.05.30 21:31:17 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\ArmA II Launcher
[2012.08.20 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Audacity
[2012.08.18 12:53:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Babylon
[2012.08.18 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
[2012.07.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BANDISOFT
[2012.09.07 17:02:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BitTorrent
[2012.09.08 03:51:30 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
[2012.07.11 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.08.18 11:07:12 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DAEMON Tools Lite
[2012.11.05 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DarknessII
[2013.01.29 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.28 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\GoPro
[2013.01.29 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 18:56:33 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
[2012.05.30 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Opera
[2012.07.11 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PlayClaw3
[2012.08.18 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PunkBuster
[2012.08.15 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-updater
[2012.05.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-zsync
[2012.10.09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Sony
[2012.12.21 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Splashtop
[2012.08.30 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TeamViewer
[2012.07.12 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TechSmith
[2013.02.21 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TS3Client
[2013.01.29 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2012.08.20 11:34:40 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ubisoft
[2012.08.18 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >

OLI VAN DEN 24.02.2013 16:52
Code:
OTL logfile created on: 23.02.2013 15:30:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\M02Y13\malewarediagnose
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,08% Memory free
15,92 Gb Paging File | 14,31 Gb Available in Paging File | 89,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,04 Gb Total Space | 909,42 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive F: | 14,81 Gb Total Space | 14,58 Gb Free Space | 98,44% Space Free | Partition Type: FAT32
 
Computer Name: OLIVENOEL-PC | User Name: OLIVENOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\M02Y13\malewarediagnose\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.27 19:12:35 | 000,245,168 | ---- | M] (hxxp://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.05 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 12:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2011.09.19 08:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011.05.24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.02.22 14:53:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 18:11:17 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.10 12:24:19 | 002,309,656 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Disabled | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2011.03.31 04:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.31 04:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.21 20:01:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:01:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.08.18 11:03:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.28 07:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.05.20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.09.19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.21 09:00:22 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2012.05.30 13:22:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.05.30 13:21:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT280194
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1A 43 A6 E9 3D CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{04AACE3D-6BEC-44EF-9545-1F5ACDB8D9E2}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{1D2A669D-1647-4114-957F-197E22191314}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de171efa-a06d-44fa-9227-742195c7860d&apn_sauid=225CE576-68D0-4AF8-9DD4-95DF0951DDD3
IE - HKCU\..\SearchScopes\{C6F4A357-FDC3-4227-B4FD-6AF9CDD21F24}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.01 18:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.18 11:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.10 16:31:07 | 000,000,000 | ---D | M]
 
[2012.09.01 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.09.06 17:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.26 15:55:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.09.01 11:11:44 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
[2012.06.14 16:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - default_search_provider: dict.cc (Enabled)
CHR - default_search_provider: search_url = hxxp://www.dict.cc/?s={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Wajam (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DEE3FE-D533-437F-9D9D-D99B7E44B1CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AC0FAC-92C8-4CE8-904B-85A9E43C48F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD499B7-FCFA-4572-88A7-65C20A02DA6D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Malwarebytes
[2013.02.22 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Programs
[2013.02.22 17:21:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Man Who Wasn't There (2001)
[2013.02.02 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Harold und Maude (1971)
[2013.02.02 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Gorillas im Nebel (1988)
[2013.02.02 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Filofax - Ich bin du und du bist nichts (1990)
[2013.02.02 16:35:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Bob Roberts (1992)
[2013.02.02 16:34:58 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Rosenkranz & Güldenstern (1990)
[2013.02.02 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Mosquito Coast (1986)
[2013.02.02 16:27:38 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Mary & Max - oder schrumpfen Schafe, wenn es regnet (2009)
[2013.01.29 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine Other Profiles
[2013.01.29 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine
[2013.01.29 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2013.01.29 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.29 18:55:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.29 18:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Ignite
[2013.01.29 17:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.29 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Pokki
[2013.01.29 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.29 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.23 15:27:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 15:27:15 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 15:27:15 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 15:27:15 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 15:27:15 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 14:59:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 14:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 14:58:05 | 2117,795,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.22 23:45:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.22 23:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:23:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 17:18:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.22 16:18:40 | 000,000,004 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 16:16:35 | 000,000,178 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:41:51 | 011,165,867 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.16 18:03:02 | 000,001,603 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.14 13:54:45 | 000,420,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:08:49 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 12:21:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:31 | 000,293,841 | ---- | M] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.22 17:23:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 16:16:35 | 000,000,178 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:45:29 | 000,000,004 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 15:37:54 | 000,017,751 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:40:58 | 011,165,867 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.13 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 19:35:40 | 000,001,603 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:30 | 000,293,841 | ---- | C] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[2012.09.01 11:07:35 | 000,384,844 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
[2012.08.18 11:15:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 11:15:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 12:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.10 12:44:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.12 20:36:43 | 000,004,608 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 12:43:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\RemoveWlan.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.31 20:26:09 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:12:12 | 000,176,389 | ---- | C] () -- C:\Windows\hphins27.dat
[2012.05.31 15:12:12 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2012.05.30 13:22:07 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.30 12:17:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.05 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Amazon
[2012.05.30 21:31:17 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\ArmA II Launcher
[2012.08.20 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Audacity
[2012.08.18 12:53:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Babylon
[2012.08.18 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
[2012.07.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BANDISOFT
[2012.09.07 17:02:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BitTorrent
[2012.09.08 03:51:30 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
[2012.07.11 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.08.18 11:07:12 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DAEMON Tools Lite
[2012.11.05 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DarknessII
[2013.01.29 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.28 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\GoPro
[2013.01.29 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 18:56:33 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
[2012.05.30 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Opera
[2012.07.11 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PlayClaw3
[2012.08.18 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PunkBuster
[2012.08.15 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-updater
[2012.05.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-zsync
[2012.10.09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Sony
[2012.12.21 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Splashtop
[2012.08.30 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TeamViewer
[2012.07.12 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TechSmith
[2013.02.21 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TS3Client
[2013.01.29 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2012.08.20 11:34:40 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ubisoft
[2012.08.18 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >

aharonov 24.02.2013 17:39
Hi,

dann versuch bitte mal das:


Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.
  • Starte die aswMBR.exe.
    Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte, bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere die Datei auf dem Desktop.
Poste mir diese aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung.

Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.



Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan.
  • Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von aswMBR
  • Log von TDSSKiller

OLI VAN DEN 24.02.2013 19:10
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-24 19:00:42
-----------------------------
19:00:42.479    OS Version: Windows x64 6.1.7601 Service Pack 1
19:00:42.479    Number of processors: 4 586 0x2A07
19:00:42.479    ComputerName: OLIVENOEL-PC  UserName: OLIVENOEL
19:00:42.479    Initialze error 1 Unzulässige Funktion.
19:00:42.526    AVAST engine defs: 13022301
19:01:56.143    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:01:56.143    Disk 0 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 3
19:01:56.174    Disk 0 MBR read successfully
19:01:56.174    Disk 0 MBR scan
19:01:56.439    Disk 0 unknown MBR code
19:01:56.439    Disk 0 Partition 1 00    EE          GPT          2097151 MB offset 1
19:01:56.767    Disk 0 scanning C:\Windows\system32\drivers
19:01:56.767    Service scanning
19:01:58.233    Modules scanning
19:01:58.233    Disk 0 trace - called modules:
19:01:58.249    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:01:58.249    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800768e060]
19:01:58.249    3 CLASSPNP.SYS[fffff880018c543f] -> nt!IofCallDriver -> [0xfffffa80075e19b0]
19:01:58.249    5 ACPI.sys[fffff88000f327a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8006745680]
19:01:58.264    AVAST engine scan C:\Windows
19:01:58.264    AVAST engine scan C:\Windows\system32
19:01:58.264    AVAST engine scan C:\Windows\system32\drivers
19:01:58.264    AVAST engine scan C:\Users\OLIVENOEL
19:01:58.264    AVAST engine scan C:\ProgramData
19:01:58.264    Scan finished successfully
19:03:14.704    Disk 0 MBR has been saved successfully to "F:\M02Y13\malewarediagnose\MBR.dat"
19:03:15.874    The log file has been saved successfully to "F:\M02Y13\malewarediagnose\aswMBR.txt"
Code:
19:04:36.0573 2008  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:04:36.0573 2008  UEFI system
19:04:36.0714 2008  ============================================================
19:04:36.0714 2008  Current date / time: 2013/02/24 19:04:36.0714
19:04:36.0714 2008  SystemInfo:
19:04:36.0714 2008 
19:04:36.0714 2008  OS Version: 6.1.7601 ServicePack: 1.0
19:04:36.0714 2008  Product type: Workstation
19:04:36.0714 2008  ComputerName: OLIVENOEL-PC
19:04:36.0714 2008  UserName: OLIVENOEL
19:04:36.0714 2008  Windows directory: C:\Windows
19:04:36.0714 2008  System windows directory: C:\Windows
19:04:36.0714 2008  Running under WOW64
19:04:36.0714 2008  Processor architecture: Intel x64
19:04:36.0714 2008  Number of processors: 4
19:04:36.0714 2008  Page size: 0x1000
19:04:36.0714 2008  Boot type: Safe boot
19:04:36.0714 2008  ============================================================
19:04:37.0572 2008  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:37.0587 2008  Drive \Device\Harddisk1\DR1 - Size: 0x3B4C00000 (14.82 Gb), SectorSize: 0x200, Cylinders: 0x78F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:37.0587 2008  ============================================================
19:04:37.0587 2008  \Device\Harddisk0\DR0:
19:04:37.0587 2008  GPT partitions:
19:04:37.0587 2008  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0A3C5989-A02A-4848-A7E6-E046B8FCBD6A}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:04:37.0587 2008  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AEB4033B-23DB-4D92-9E2C-3BFB7C9C505C}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:04:37.0587 2008  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A5954350-BC56-4881-9297-3FB949604DAE}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xAEA15000
19:04:37.0587 2008  MBR partitions:
19:04:37.0587 2008  \Device\Harddisk1\DR1:
19:04:37.0587 2008  MBR partitions:
19:04:37.0587 2008  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DA5FE0
19:04:37.0587 2008  ============================================================
19:04:37.0619 2008  C: <-> \Device\Harddisk0\DR0\Partition3
19:04:37.0619 2008  ============================================================
19:04:37.0619 2008  Initialize success
19:04:37.0619 2008  ============================================================
19:04:45.0497 2036  ============================================================
19:04:45.0497 2036  Scan started
19:04:45.0497 2036  Mode: Manual;
19:04:45.0497 2036  ============================================================
19:04:45.0746 2036  ================ Scan system memory ========================
19:04:45.0746 2036  System memory - ok
19:04:45.0746 2036  ================ Scan services =============================
19:04:45.0871 2036  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:04:45.0871 2036  !SASCORE - ok
19:04:46.0401 2036  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:04:46.0417 2036  1394ohci - ok
19:04:46.0433 2036  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:04:46.0448 2036  ACPI - ok
19:04:46.0464 2036  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:04:46.0464 2036  AcpiPmi - ok
19:04:46.0620 2036  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:04:46.0620 2036  AdobeARMservice - ok
19:04:48.0320 2036  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:48.0336 2036  AdobeFlashPlayerUpdateSvc - ok
19:04:48.0383 2036  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
19:04:48.0383 2036  adp94xx - ok
19:04:48.0414 2036  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
19:04:48.0414 2036  adpahci - ok
19:04:48.0445 2036  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
19:04:48.0445 2036  adpu320 - ok
19:04:48.0476 2036  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:04:48.0476 2036  AeLookupSvc - ok
19:04:48.0523 2036  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:04:48.0523 2036  AFD - ok
19:04:48.0539 2036  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:04:48.0554 2036  agp440 - ok
19:04:48.0570 2036  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:04:48.0570 2036  ALG - ok
19:04:48.0585 2036  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:04:48.0585 2036  aliide - ok
19:04:48.0663 2036  [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:04:48.0663 2036  AMD External Events Utility - ok
19:04:48.0663 2036  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:04:48.0663 2036  amdide - ok
19:04:48.0679 2036  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
19:04:48.0679 2036  AmdK8 - ok
19:04:48.0819 2036  [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:04:48.0913 2036  amdkmdag - ok
19:04:48.0960 2036  [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:04:48.0960 2036  amdkmdap - ok
19:04:48.0991 2036  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:04:48.0991 2036  AmdPPM - ok
19:04:49.0007 2036  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:04:49.0007 2036  amdsata - ok
19:04:49.0038 2036  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:04:49.0038 2036  amdsbs - ok
19:04:49.0053 2036  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:04:49.0053 2036  amdxata - ok
19:04:49.0178 2036  [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
19:04:49.0178 2036  AntUpdaterService - ok
19:04:49.0209 2036  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:04:49.0209 2036  AppID - ok
19:04:49.0209 2036  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:04:49.0209 2036  AppIDSvc - ok
19:04:49.0241 2036  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
19:04:49.0241 2036  Appinfo - ok
19:04:49.0256 2036  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
19:04:49.0256 2036  AppleCharger - ok
19:04:49.0272 2036  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
19:04:49.0272 2036  AppleChargerSrv - ok
19:04:49.0287 2036  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
19:04:49.0287 2036  arc - ok
19:04:49.0303 2036  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:04:49.0303 2036  arcsas - ok
19:04:49.0365 2036  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:04:49.0365 2036  aswFsBlk - ok
19:04:49.0443 2036  [ F146F83E8F7AC22BD011D5942E4C155C ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
19:04:49.0443 2036  aswKbd - ok
19:04:49.0459 2036  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
19:04:49.0459 2036  aswMonFlt - ok
19:04:49.0506 2036  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:04:49.0506 2036  aswRdr - ok
19:04:49.0521 2036  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:04:49.0537 2036  aswSnx - ok
19:04:49.0568 2036  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
19:04:49.0568 2036  aswSP - ok
19:04:49.0584 2036  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:04:49.0584 2036  aswTdi - ok
19:04:49.0599 2036  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:49.0599 2036  AsyncMac - ok
19:04:49.0599 2036  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:04:49.0599 2036  atapi - ok
19:04:49.0662 2036  [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:04:49.0662 2036  AtiHDAudioService - ok
19:04:49.0677 2036  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:04:49.0677 2036  AudioEndpointBuilder - ok
19:04:49.0693 2036  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:04:49.0693 2036  AudioSrv - ok
19:04:49.0833 2036  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:04:49.0833 2036  avast! Antivirus - ok
19:04:49.0849 2036  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:04:49.0849 2036  AxInstSV - ok
19:04:49.0896 2036  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
19:04:49.0896 2036  b06bdrv - ok
19:04:49.0958 2036  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:04:49.0958 2036  b57nd60a - ok
19:04:50.0005 2036  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:04:50.0005 2036  BDESVC - ok
19:04:50.0036 2036  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:04:50.0036 2036  Beep - ok
19:04:50.0083 2036  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService      C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
19:04:50.0083 2036  BEService - ok
19:04:50.0145 2036  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:04:50.0161 2036  BFE - ok
19:04:50.0177 2036  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:04:50.0395 2036  BITS - ok
19:04:50.0411 2036  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:04:50.0411 2036  blbdrive - ok
19:04:50.0489 2036  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:04:50.0489 2036  bowser - ok
19:04:50.0489 2036  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:04:50.0489 2036  BrFiltLo - ok
19:04:50.0489 2036  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:04:50.0489 2036  BrFiltUp - ok
19:04:50.0535 2036  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:04:50.0535 2036  Browser - ok
19:04:50.0738 2036  [ 9FCD0930616714A752F48DDBA54F3109 ] Browser Manager C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
19:04:50.0769 2036  Browser Manager - ok
19:04:50.0785 2036  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:04:50.0801 2036  Brserid - ok
19:04:50.0801 2036  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:04:50.0801 2036  BrSerWdm - ok
19:04:50.0816 2036  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:04:50.0816 2036  BrUsbMdm - ok
19:04:50.0816 2036  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:04:50.0816 2036  BrUsbSer - ok
19:04:50.0832 2036  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:04:50.0832 2036  BTHMODEM - ok
19:04:50.0863 2036  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:04:50.0879 2036  bthserv - ok
19:04:50.0894 2036  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:04:50.0894 2036  cdfs - ok
19:04:50.0925 2036  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:04:50.0925 2036  cdrom - ok
19:04:50.0972 2036  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:04:50.0972 2036  CertPropSvc - ok
19:04:50.0972 2036  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:04:50.0988 2036  circlass - ok
19:04:51.0003 2036  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:04:51.0003 2036  CLFS - ok
19:04:51.0206 2036  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:51.0206 2036  clr_optimization_v2.0.50727_32 - ok
19:04:51.0253 2036  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:04:51.0253 2036  clr_optimization_v2.0.50727_64 - ok
19:04:51.0331 2036  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:51.0378 2036  clr_optimization_v4.0.30319_32 - ok
19:04:51.0393 2036  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:04:51.0425 2036  clr_optimization_v4.0.30319_64 - ok
19:04:51.0440 2036  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:04:51.0440 2036  CmBatt - ok
19:04:51.0440 2036  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:04:51.0440 2036  cmdide - ok
19:04:51.0487 2036  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
19:04:51.0487 2036  CNG - ok
19:04:51.0518 2036  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:04:51.0518 2036  Compbatt - ok
19:04:51.0534 2036  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:04:51.0534 2036  CompositeBus - ok
19:04:51.0549 2036  COMSysApp - ok
19:04:51.0627 2036  [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer  C:\Program Files (x86)\CPUCooL\CooLSrv.exe
19:04:51.0643 2036  CPUCooLServer - ok
19:04:51.0643 2036  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
19:04:51.0659 2036  crcdisk - ok
19:04:51.0705 2036  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:04:51.0705 2036  CryptSvc - ok
19:04:51.0737 2036  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:04:51.0752 2036  DcomLaunch - ok
19:04:51.0783 2036  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:04:51.0783 2036  defragsvc - ok
19:04:51.0783 2036  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:04:51.0783 2036  DfsC - ok
19:04:51.0799 2036  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:04:51.0799 2036  Dhcp - ok
19:04:51.0830 2036  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:04:51.0830 2036  discache - ok
19:04:51.0830 2036  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:04:51.0830 2036  Disk - ok
19:04:51.0861 2036  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:04:51.0861 2036  Dnscache - ok
19:04:51.0877 2036  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:04:51.0877 2036  dot3svc - ok
19:04:51.0893 2036  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:04:51.0893 2036  DPS - ok
19:04:51.0924 2036  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:04:51.0924 2036  drmkaud - ok
19:04:51.0971 2036  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:04:51.0971 2036  dtsoftbus01 - ok
19:04:52.0002 2036  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:04:52.0017 2036  DXGKrnl - ok
19:04:52.0033 2036  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:04:52.0033 2036  EapHost - ok
19:04:52.0080 2036  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
19:04:52.0173 2036  ebdrv - ok
19:04:52.0205 2036  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:04:52.0205 2036  EFS - ok
19:04:52.0283 2036  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:04:52.0283 2036  ehRecvr - ok
19:04:52.0314 2036  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
19:04:52.0314 2036  ehSched - ok
19:04:52.0329 2036  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
19:04:52.0329 2036  elxstor - ok
19:04:52.0345 2036  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:04:52.0345 2036  ErrDev - ok
19:04:52.0392 2036  [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3      C:\Windows\system32\Drivers\EtronHub3.sys
19:04:52.0392 2036  EtronHub3 - ok
19:04:52.0407 2036  [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI      C:\Windows\system32\Drivers\EtronXHCI.sys
19:04:52.0423 2036  EtronXHCI - ok
19:04:52.0439 2036  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:04:52.0439 2036  EventSystem - ok
19:04:52.0470 2036  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:04:52.0470 2036  exfat - ok
19:04:52.0485 2036  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:04:52.0485 2036  fastfat - ok
19:04:52.0517 2036  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:04:52.0532 2036  Fax - ok
19:04:52.0548 2036  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
19:04:52.0548 2036  fdc - ok
19:04:52.0563 2036  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:04:52.0563 2036  fdPHost - ok
19:04:52.0579 2036  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:04:52.0579 2036  FDResPub - ok
19:04:52.0579 2036  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:04:52.0595 2036  FileInfo - ok
19:04:52.0595 2036  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:04:52.0595 2036  Filetrace - ok
19:04:52.0610 2036  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:04:52.0610 2036  flpydisk - ok
19:04:52.0626 2036  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:04:52.0641 2036  FltMgr - ok
19:04:52.0688 2036  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
19:04:52.0704 2036  FontCache - ok
19:04:52.0751 2036  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:04:52.0751 2036  FontCache3.0.0.0 - ok
19:04:52.0766 2036  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:04:52.0766 2036  FsDepends - ok
19:04:52.0782 2036  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:04:52.0782 2036  Fs_Rec - ok
19:04:52.0829 2036  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:04:52.0829 2036  fvevol - ok
19:04:52.0844 2036  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:04:52.0844 2036  gagp30kx - ok
19:04:52.0875 2036  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
19:04:52.0875 2036  gdrv - ok
19:04:52.0922 2036  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt          C:\Windows\system32\DRIVERS\ggflt.sys
19:04:52.0922 2036  ggflt - ok
19:04:52.0969 2036  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
19:04:52.0969 2036  ggsemc - ok
19:04:52.0985 2036  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:04:52.0985 2036  gpsvc - ok
19:04:53.0078 2036  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:53.0078 2036  gupdate - ok
19:04:53.0109 2036  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:53.0109 2036  gupdatem - ok
19:04:53.0125 2036  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
19:04:53.0125 2036  GVTDrv64 - ok
19:04:53.0141 2036  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:04:53.0141 2036  hcw85cir - ok
19:04:53.0172 2036  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:04:53.0172 2036  HdAudAddService - ok
19:04:53.0187 2036  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:04:53.0187 2036  HDAudBus - ok
19:04:53.0187 2036  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
19:04:53.0187 2036  HidBatt - ok
19:04:53.0203 2036  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:04:53.0203 2036  HidBth - ok
19:04:53.0234 2036  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
19:04:53.0250 2036  HidIr - ok
19:04:53.0250 2036  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
19:04:53.0250 2036  hidserv - ok
19:04:53.0281 2036  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:04:53.0281 2036  HidUsb - ok
19:04:53.0281 2036  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:04:53.0297 2036  hkmsvc - ok
19:04:53.0312 2036  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:04:53.0312 2036  HomeGroupListener - ok
19:04:53.0328 2036  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:04:53.0328 2036  HomeGroupProvider - ok
19:04:53.0406 2036  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:04:53.0421 2036  hpqcxs08 - ok
19:04:53.0437 2036  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:04:53.0437 2036  hpqddsvc - ok
19:04:53.0468 2036  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:04:53.0468 2036  HpSAMD - ok
19:04:53.0484 2036  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:04:53.0484 2036  HTTP - ok
19:04:53.0499 2036  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:04:53.0499 2036  hwpolicy - ok
19:04:53.0515 2036  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:04:53.0515 2036  i8042prt - ok
19:04:53.0531 2036  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:04:53.0546 2036  iaStorV - ok
19:04:53.0609 2036  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:04:53.0609 2036  ICCS - ok
19:04:53.0655 2036  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:04:53.0655 2036  IDriverT - ok
19:04:53.0687 2036  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:04:53.0687 2036  idsvc - ok
19:04:53.0702 2036  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
19:04:53.0702 2036  iirsp - ok
19:04:53.0749 2036  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:04:53.0765 2036  IKEEXT - ok
19:04:53.0765 2036  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:04:53.0765 2036  intelide - ok
19:04:53.0780 2036  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:04:53.0780 2036  intelppm - ok
19:04:53.0780 2036  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:04:53.0796 2036  IPBusEnum - ok
19:04:53.0811 2036  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:53.0811 2036  IpFilterDriver - ok
19:04:53.0905 2036  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:04:53.0905 2036  iphlpsvc - ok
19:04:53.0921 2036  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:04:53.0921 2036  IPMIDRV - ok
19:04:53.0936 2036  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:04:53.0936 2036  IPNAT - ok
19:04:53.0952 2036  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:04:53.0952 2036  IRENUM - ok
19:04:53.0967 2036  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:04:53.0967 2036  isapnp - ok
19:04:53.0999 2036  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:04:53.0999 2036  iScsiPrt - ok
19:04:54.0030 2036  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:04:54.0030 2036  iusb3hcs - ok
19:04:54.0061 2036  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:04:54.0061 2036  iusb3hub - ok
19:04:54.0077 2036  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:04:54.0077 2036  iusb3xhc - ok
19:04:54.0108 2036  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:04:54.0108 2036  kbdclass - ok
19:04:54.0108 2036  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:04:54.0108 2036  kbdhid - ok
19:04:54.0123 2036  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:04:54.0123 2036  KeyIso - ok
19:04:54.0170 2036  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:04:54.0170 2036  KSecDD - ok
19:04:54.0186 2036  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:04:54.0186 2036  KSecPkg - ok
19:04:54.0186 2036  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:04:54.0186 2036  ksthunk - ok
19:04:54.0201 2036  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:04:54.0201 2036  KtmRm - ok
19:04:54.0217 2036  [ B8040D3B97B16B89701E31A17353856C ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
19:04:54.0233 2036  L1C - ok
19:04:54.0248 2036  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:04:54.0248 2036  LanmanServer - ok
19:04:54.0279 2036  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:04:54.0279 2036  LanmanWorkstation - ok
19:04:54.0295 2036  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:04:54.0311 2036  lltdio - ok
19:04:54.0326 2036  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:04:54.0326 2036  lltdsvc - ok
19:04:54.0326 2036  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:04:54.0326 2036  lmhosts - ok
19:04:54.0373 2036  [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:04:54.0373 2036  LMS - ok
19:04:54.0389 2036  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:04:54.0389 2036  LSI_FC - ok
19:04:54.0435 2036  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
19:04:54.0435 2036  LSI_SAS - ok
19:04:54.0467 2036  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:04:54.0467 2036  LSI_SAS2 - ok
19:04:54.0513 2036  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:04:54.0513 2036  LSI_SCSI - ok
19:04:54.0545 2036  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:04:54.0545 2036  luafv - ok
19:04:54.0607 2036  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
19:04:54.0607 2036  MBAMProtector - ok
19:04:54.0669 2036  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:04:54.0685 2036  MBAMScheduler - ok
19:04:54.0701 2036  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:04:54.0716 2036  MBAMService - ok
19:04:54.0732 2036  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:04:54.0732 2036  Mcx2Svc - ok
19:04:54.0747 2036  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
19:04:54.0747 2036  megasas - ok
19:04:54.0763 2036  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:04:54.0763 2036  MegaSR - ok
19:04:54.0794 2036  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:04:54.0794 2036  MEIx64 - ok
19:04:54.0888 2036  Microsoft SharePoint Workspace Audit Service - ok
19:04:54.0919 2036  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:04:54.0919 2036  MMCSS - ok
19:04:54.0935 2036  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:04:54.0935 2036  Modem - ok
19:04:54.0966 2036  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:04:54.0966 2036  monitor - ok
19:04:54.0981 2036  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:04:54.0981 2036  mouclass - ok
19:04:54.0997 2036  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:04:54.0997 2036  mouhid - ok
19:04:55.0013 2036  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:04:55.0013 2036  mountmgr - ok
19:04:55.0028 2036  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:04:55.0028 2036  mpio - ok
19:04:55.0028 2036  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:04:55.0028 2036  mpsdrv - ok
19:04:55.0059 2036  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:04:55.0059 2036  MpsSvc - ok
19:04:55.0075 2036  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:04:55.0075 2036  MRxDAV - ok
19:04:55.0106 2036  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:55.0106 2036  mrxsmb - ok
19:04:55.0122 2036  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:55.0122 2036  mrxsmb10 - ok
19:04:55.0137 2036  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:55.0137 2036  mrxsmb20 - ok
19:04:55.0153 2036  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:04:55.0153 2036  msahci - ok
19:04:55.0215 2036  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:04:55.0215 2036  MSCamSvc - ok
19:04:55.0231 2036  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:04:55.0231 2036  msdsm - ok
19:04:55.0262 2036  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:04:55.0262 2036  MSDTC - ok
19:04:55.0278 2036  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:04:55.0278 2036  Msfs - ok
19:04:55.0293 2036  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:04:55.0293 2036  mshidkmdf - ok
19:04:55.0309 2036  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:04:55.0309 2036  msisadrv - ok
19:04:55.0340 2036  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:04:55.0340 2036  MSiSCSI - ok
19:04:55.0340 2036  msiserver - ok
19:04:55.0340 2036  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:04:55.0340 2036  MSKSSRV - ok
19:04:55.0356 2036  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:55.0356 2036  MSPCLOCK - ok
19:04:55.0387 2036  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:04:55.0387 2036  MSPQM - ok
19:04:55.0403 2036  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:04:55.0403 2036  MsRPC - ok
19:04:55.0403 2036  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:04:55.0403 2036  mssmbios - ok
19:04:55.0418 2036  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:04:55.0418 2036  MSTEE - ok
19:04:55.0418 2036  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:04:55.0418 2036  MTConfig - ok
19:04:55.0434 2036  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:04:55.0434 2036  Mup - ok
19:04:55.0449 2036  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:04:55.0465 2036  napagent - ok
19:04:55.0496 2036  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:04:55.0496 2036  NativeWifiP - ok
19:04:55.0543 2036  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:04:55.0543 2036  NDIS - ok
19:04:55.0559 2036  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:55.0559 2036  NdisCap - ok
19:04:55.0574 2036  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:55.0574 2036  NdisTapi - ok
19:04:55.0605 2036  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:55.0605 2036  Ndisuio - ok
19:04:55.0605 2036  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:55.0605 2036  NdisWan - ok
19:04:55.0621 2036  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:04:55.0621 2036  NDProxy - ok
19:04:55.0637 2036  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:04:55.0637 2036  NetBIOS - ok
19:04:55.0652 2036  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:04:55.0668 2036  NetBT - ok
19:04:55.0668 2036  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:04:55.0668 2036  Netlogon - ok
19:04:55.0730 2036  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:04:55.0730 2036  Netman - ok
19:04:55.0730 2036  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:04:55.0730 2036  netprofm - ok
19:04:55.0777 2036  [ D60945C192EC4A7C6455B11B0D7C4610 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
19:04:55.0808 2036  netr28ux - ok
19:04:55.0824 2036  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:04:55.0824 2036  NetTcpPortSharing - ok
19:04:55.0855 2036  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
19:04:55.0855 2036  nfrd960 - ok
19:04:55.0886 2036  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:04:55.0886 2036  NlaSvc - ok
19:04:55.0902 2036  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:04:55.0902 2036  Npfs - ok
19:04:55.0917 2036  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:04:55.0917 2036  nsi - ok
19:04:55.0917 2036  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:04:55.0933 2036  nsiproxy - ok
19:04:55.0980 2036  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:04:56.0011 2036  Ntfs - ok
19:04:56.0058 2036  [ 69E894C5A09C6A6E6372E35653BB05F3 ] ntiopnp        C:\Windows\system32\drivers\ntiopnp.sys
19:04:56.0058 2036  ntiopnp - ok
19:04:56.0089 2036  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:04:56.0089 2036  Null - ok
19:04:56.0261 2036  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:04:56.0448 2036  nvlddmkm - ok
19:04:56.0526 2036  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:04:56.0526 2036  nvraid - ok
19:04:56.0541 2036  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:04:56.0541 2036  nvstor - ok
19:04:56.0573 2036  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc          C:\Windows\system32\nvvsvc.exe
19:04:56.0588 2036  nvsvc - ok
19:04:56.0619 2036  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:04:56.0619 2036  nv_agp - ok
19:04:56.0635 2036  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:04:56.0635 2036  ohci1394 - ok
19:04:56.0744 2036  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:04:56.0744 2036  ose - ok
19:04:56.0869 2036  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:04:56.0931 2036  osppsvc - ok
19:04:56.0963 2036  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:04:56.0963 2036  p2pimsvc - ok
19:04:56.0978 2036  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:04:56.0978 2036  p2psvc - ok
19:04:57.0009 2036  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
19:04:57.0009 2036  Parport - ok
19:04:57.0025 2036  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:04:57.0025 2036  partmgr - ok
19:04:57.0041 2036  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:04:57.0041 2036  PcaSvc - ok
19:04:57.0056 2036  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:04:57.0056 2036  pci - ok
19:04:57.0056 2036  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:04:57.0072 2036  pciide - ok
19:04:57.0087 2036  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:04:57.0087 2036  pcmcia - ok
19:04:57.0103 2036  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:04:57.0103 2036  pcw - ok
19:04:57.0134 2036  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:04:57.0134 2036  PEAUTH - ok
19:04:58.0788 2036  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:04:58.0788 2036  PerfHost - ok
19:04:58.0835 2036  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:04:58.0850 2036  pla - ok
19:04:58.0881 2036  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:04:58.0881 2036  PlugPlay - ok
19:04:58.0881 2036  PnkBstrA - ok
19:04:58.0913 2036  PnkBstrB - ok
19:04:58.0928 2036  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:04:58.0928 2036  PNRPAutoReg - ok
19:04:58.0928 2036  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:04:58.0928 2036  PNRPsvc - ok
19:04:58.0959 2036  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:04:58.0975 2036  PolicyAgent - ok
19:04:58.0991 2036  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:04:58.0991 2036  Power - ok
19:04:59.0006 2036  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:04:59.0022 2036  PptpMiniport - ok
19:04:59.0037 2036  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
19:04:59.0037 2036  Processor - ok
19:04:59.0069 2036  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
19:04:59.0069 2036  ProfSvc - ok
19:04:59.0069 2036  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:04:59.0069 2036  ProtectedStorage - ok
19:04:59.0100 2036  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:04:59.0100 2036  Psched - ok
19:04:59.0131 2036  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:04:59.0147 2036  ql2300 - ok
19:04:59.0162 2036  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:04:59.0178 2036  ql40xx - ok
19:04:59.0193 2036  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:04:59.0193 2036  QWAVE - ok
19:04:59.0193 2036  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:04:59.0193 2036  QWAVEdrv - ok
19:04:59.0271 2036  [ F502A4B72524D21C5CA7183E61FB522E ] RalinkRegistryWriter C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe
19:04:59.0271 2036  RalinkRegistryWriter - ok
19:04:59.0303 2036  [ 56B2EED5F1F150519DFAC03AA9825AF5 ] RalinkRegistryWriter64 C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe
19:04:59.0318 2036  RalinkRegistryWriter64 - ok
19:04:59.0334 2036  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:04:59.0334 2036  RasAcd - ok
19:04:59.0381 2036  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:59.0381 2036  RasAgileVpn - ok
19:04:59.0381 2036  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:04:59.0381 2036  RasAuto - ok
19:04:59.0412 2036  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:59.0412 2036  Rasl2tp - ok
19:04:59.0427 2036  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:04:59.0427 2036  RasMan - ok
19:04:59.0459 2036  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:59.0459 2036  RasPppoe - ok
19:04:59.0474 2036  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:04:59.0474 2036  RasSstp - ok
19:04:59.0490 2036  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:04:59.0490 2036  rdbss - ok
19:04:59.0505 2036  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:04:59.0505 2036  rdpbus - ok
19:04:59.0521 2036  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:59.0521 2036  RDPCDD - ok
19:04:59.0537 2036  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:04:59.0537 2036  RDPENCDD - ok
19:04:59.0537 2036  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:04:59.0552 2036  RDPREFMP - ok
19:04:59.0568 2036  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:04:59.0568 2036  RDPWD - ok
19:04:59.0599 2036  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:04:59.0599 2036  rdyboost - ok
19:04:59.0615 2036  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:04:59.0615 2036  RemoteAccess - ok
19:04:59.0615 2036  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:04:59.0615 2036  RemoteRegistry - ok
19:04:59.0630 2036  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:04:59.0646 2036  RpcEptMapper - ok
19:04:59.0646 2036  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:04:59.0646 2036  RpcLocator - ok
19:04:59.0677 2036  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:04:59.0677 2036  RpcSs - ok
19:04:59.0693 2036  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:04:59.0693 2036  rspndr - ok
19:04:59.0708 2036  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:04:59.0708 2036  SamSs - ok
19:04:59.0802 2036  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:04:59.0802 2036  SASDIFSV - ok
19:04:59.0833 2036  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:04:59.0833 2036  SASKUTIL - ok
19:04:59.0833 2036  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:04:59.0849 2036  sbp2port - ok
19:04:59.0849 2036  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:04:59.0849 2036  SCardSvr - ok
19:04:59.0864 2036  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:04:59.0864 2036  scfilter - ok
19:04:59.0880 2036  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:04:59.0895 2036  Schedule - ok
19:04:59.0911 2036  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:04:59.0911 2036  SCPolicySvc - ok
19:04:59.0927 2036  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:04:59.0927 2036  SDRSVC - ok
19:04:59.0942 2036  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:04:59.0942 2036  secdrv - ok
19:04:59.0958 2036  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:04:59.0958 2036  seclogon - ok
19:04:59.0973 2036  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:04:59.0973 2036  SENS - ok
19:04:59.0989 2036  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:05:00.0005 2036  SensrSvc - ok
19:05:00.0005 2036  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:05:00.0005 2036  Serenum - ok
19:05:00.0020 2036  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:05:00.0020 2036  Serial - ok
19:05:00.0020 2036  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:05:00.0036 2036  sermouse - ok
19:05:00.0036 2036  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:05:00.0036 2036  SessionEnv - ok
19:05:00.0051 2036  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:05:00.0051 2036  sffdisk - ok
19:05:00.0067 2036  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:05:00.0067 2036  sffp_mmc - ok
19:05:00.0067 2036  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:05:00.0067 2036  sffp_sd - ok
19:05:00.0083 2036  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
19:05:00.0083 2036  sfloppy - ok
19:05:00.0114 2036  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:05:00.0114 2036  SharedAccess - ok
19:05:00.0129 2036  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:05:00.0129 2036  ShellHWDetection - ok
19:05:00.0145 2036  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:05:00.0145 2036  SiSRaid2 - ok
19:05:00.0161 2036  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:05:00.0161 2036  SiSRaid4 - ok
19:05:00.0223 2036  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
19:05:00.0223 2036  SkypeUpdate - ok
19:05:00.0254 2036  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:05:00.0254 2036  Smb - ok
19:05:00.0301 2036  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:05:00.0301 2036  SNMPTRAP - ok
19:05:00.0410 2036  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:05:00.0410 2036  Sony PC Companion - ok
19:05:00.0426 2036  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:05:00.0426 2036  spldr - ok
19:05:00.0473 2036  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:05:00.0473 2036  Spooler - ok
19:05:00.0535 2036  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:05:00.0566 2036  sppsvc - ok
19:05:00.0582 2036  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:05:00.0582 2036  sppuinotify - ok
19:05:00.0597 2036  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:05:00.0613 2036  srv - ok
19:05:00.0629 2036  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:05:00.0629 2036  srv2 - ok
19:05:00.0644 2036  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:05:00.0644 2036  srvnet - ok
19:05:00.0660 2036  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:05:00.0660 2036  SSDPSRV - ok
19:05:00.0691 2036  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:05:00.0691 2036  SstpSvc - ok
19:05:00.0722 2036  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus        C:\Windows\system32\DRIVERS\ss_bbus.sys
19:05:00.0722 2036  ss_bbus - ok
19:05:00.0769 2036  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
19:05:00.0769 2036  ss_bmdfl - ok
19:05:00.0800 2036  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm        C:\Windows\system32\DRIVERS\ss_bmdm.sys
19:05:00.0800 2036  ss_bmdm - ok
19:05:00.0816 2036  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:05:00.0831 2036  stexstor - ok
19:05:00.0863 2036  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:05:00.0863 2036  stisvc - ok
19:05:00.0878 2036  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:05:00.0878 2036  swenum - ok
19:05:00.0894 2036  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:05:00.0894 2036  swprv - ok
19:05:00.0925 2036  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:05:00.0956 2036  SysMain - ok
19:05:00.0972 2036  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:05:00.0972 2036  TabletInputService - ok
19:05:00.0987 2036  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:05:00.0987 2036  TapiSrv - ok
19:05:01.0019 2036  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:05:01.0019 2036  TBS - ok
19:05:01.0081 2036  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:05:01.0112 2036  Tcpip - ok
19:05:01.0143 2036  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:05:01.0143 2036  TCPIP6 - ok
19:05:01.0190 2036  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:05:01.0190 2036  tcpipreg - ok
19:05:01.0206 2036  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:05:01.0206 2036  TDPIPE - ok
19:05:01.0221 2036  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:05:01.0221 2036  TDTCP - ok
19:05:01.0253 2036  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:05:01.0253 2036  tdx - ok
19:05:01.0346 2036  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:05:01.0377 2036  TeamViewer7 - ok
19:05:01.0393 2036  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:05:01.0393 2036  TermDD - ok
19:05:01.0409 2036  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:05:01.0409 2036  TermService - ok
19:05:01.0471 2036  [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon        C:\Windows\system32\drivers\TfFsMon.sys
19:05:01.0471 2036  TfFsMon - ok
19:05:01.0502 2036  [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon        C:\Windows\system32\drivers\TfNetMon.sys
19:05:01.0518 2036  TfNetMon - ok
19:05:01.0549 2036  [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon        C:\Windows\system32\drivers\TfSysMon.sys
19:05:01.0565 2036  TfSysMon - ok
19:05:01.0565 2036  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:05:01.0565 2036  Themes - ok
19:05:01.0580 2036  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:05:01.0596 2036  THREADORDER - ok
19:05:01.0627 2036  ThreatFire - ok
19:05:01.0643 2036  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:05:01.0643 2036  TrkWks - ok
19:05:01.0674 2036  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:05:01.0674 2036  TrustedInstaller - ok
19:05:01.0674 2036  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:05:01.0689 2036  tssecsrv - ok
19:05:01.0705 2036  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:05:01.0705 2036  TsUsbFlt - ok
19:05:01.0721 2036  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
19:05:01.0721 2036  TsUsbGD - ok
19:05:01.0752 2036  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:05:01.0752 2036  tunnel - ok
19:05:01.0767 2036  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:05:01.0767 2036  uagp35 - ok
19:05:01.0783 2036  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:05:01.0783 2036  udfs - ok
19:05:01.0799 2036  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:05:01.0799 2036  UI0Detect - ok
19:05:01.0830 2036  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:05:01.0830 2036  uliagpkx - ok
19:05:01.0845 2036  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
19:05:01.0845 2036  umbus - ok
19:05:01.0861 2036  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:05:01.0861 2036  UmPass - ok
19:05:01.0877 2036  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:05:01.0877 2036  upnphost - ok
19:05:01.0923 2036  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:05:01.0923 2036  usbaudio - ok
19:05:01.0939 2036  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:05:01.0939 2036  usbccgp - ok
19:05:01.0955 2036  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:05:01.0955 2036  usbcir - ok
19:05:01.0955 2036  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
19:05:01.0955 2036  usbehci - ok
19:05:01.0970 2036  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:05:01.0970 2036  usbhub - ok
19:05:01.0986 2036  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
19:05:01.0986 2036  usbohci - ok
19:05:02.0017 2036  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:05:02.0017 2036  usbprint - ok
19:05:02.0033 2036  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:05:02.0033 2036  USBSTOR - ok
19:05:02.0048 2036  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
19:05:02.0048 2036  usbuhci - ok
19:05:02.0064 2036  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:05:02.0064 2036  UxSms - ok
19:05:02.0064 2036  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:05:02.0064 2036  VaultSvc - ok
19:05:02.0079 2036  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:05:02.0079 2036  vdrvroot - ok
19:05:02.0111 2036  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:05:02.0111 2036  vds - ok
19:05:02.0142 2036  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:05:02.0142 2036  vga - ok
19:05:02.0142 2036  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:05:02.0142 2036  VgaSave - ok
19:05:02.0157 2036  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:05:02.0157 2036  vhdmp - ok
19:05:02.0220 2036  [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:05:02.0251 2036  VIAHdAudAddService - ok
19:05:02.0267 2036  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:05:02.0267 2036  viaide - ok
19:05:02.0282 2036  [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:05:02.0282 2036  VIAKaraokeService - ok
19:05:02.0298 2036  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:05:02.0298 2036  volmgr - ok
19:05:02.0298 2036  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:05:02.0298 2036  volmgrx - ok
19:05:02.0313 2036  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:05:02.0329 2036  volsnap - ok
19:05:02.0329 2036  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
19:05:02.0345 2036  vsmraid - ok
19:05:02.0376 2036  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:05:02.0407 2036  VSS - ok
19:05:02.0423 2036  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:05:02.0423 2036  vwifibus - ok
19:05:02.0438 2036  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:05:02.0438 2036  vwififlt - ok
19:05:02.0516 2036  [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
19:05:02.0547 2036  VX1000 - ok
19:05:02.0563 2036  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:05:02.0579 2036  W32Time - ok
19:05:02.0594 2036  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:05:02.0594 2036  WacomPen - ok
19:05:02.0610 2036  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:05:02.0610 2036  WANARP - ok
19:05:02.0625 2036  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:05:02.0625 2036  Wanarpv6 - ok
19:05:02.0657 2036  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:05:02.0688 2036  wbengine - ok
19:05:02.0703 2036  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:05:02.0703 2036  WbioSrvc - ok
19:05:02.0719 2036  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:05:02.0719 2036  wcncsvc - ok
19:05:02.0735 2036  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:05:02.0735 2036  WcsPlugInService - ok
19:05:02.0750 2036  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:05:02.0750 2036  Wd - ok
19:05:02.0813 2036  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:05:02.0813 2036  Wdf01000 - ok
19:05:02.0828 2036  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:05:02.0828 2036  WdiServiceHost - ok
19:05:02.0828 2036  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:05:02.0828 2036  WdiSystemHost - ok
19:05:02.0844 2036  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:05:02.0844 2036  WebClient - ok
19:05:02.0859 2036  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:05:02.0859 2036  Wecsvc - ok
19:05:02.0891 2036  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:05:02.0891 2036  wercplsupport - ok
19:05:02.0906 2036  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:05:02.0906 2036  WerSvc - ok
19:05:02.0953 2036  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:05:02.0953 2036  WfpLwf - ok
19:05:02.0953 2036  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:05:02.0953 2036  WIMMount - ok
19:05:02.0969 2036  WinDefend - ok
19:05:02.0969 2036  WinHttpAutoProxySvc - ok
19:05:03.0171 2036  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:05:03.0171 2036  Winmgmt - ok
19:05:03.0218 2036  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
19:05:03.0249 2036  WinRM - ok
19:05:03.0327 2036  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:05:03.0327 2036  WinUsb - ok
19:05:03.0343 2036  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:05:03.0359 2036  Wlansvc - ok
19:05:03.0468 2036  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:05:03.0499 2036  wlidsvc - ok
19:05:03.0499 2036  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:05:03.0499 2036  WmiAcpi - ok
19:05:03.0515 2036  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:05:03.0530 2036  wmiApSrv - ok
19:05:03.0530 2036  WMPNetworkSvc - ok
19:05:03.0546 2036  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:05:03.0546 2036  WPCSvc - ok
19:05:03.0561 2036  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:05:03.0561 2036  WPDBusEnum - ok
19:05:03.0577 2036  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:05:03.0577 2036  ws2ifsl - ok
19:05:03.0593 2036  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:05:03.0593 2036  wscsvc - ok
19:05:03.0593 2036  WSearch - ok
19:05:03.0655 2036  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:05:03.0686 2036  wuauserv - ok
19:05:03.0733 2036  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:05:03.0749 2036  WudfPf - ok
19:05:03.0764 2036  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:05:03.0764 2036  WUDFRd - ok
19:05:03.0811 2036  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:05:03.0811 2036  wudfsvc - ok
19:05:03.0827 2036  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:05:03.0889 2036  WwanSvc - ok
19:05:03.0936 2036  [ AEC505976EF01BBD8F57CBA912F39259 ] XG762_VS        C:\Windows\system32\DRIVERS\WlanGZG.sys
19:05:03.0936 2036  XG762_VS - ok
19:05:03.0967 2036  ================ Scan global ===============================
19:05:03.0983 2036  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:05:04.0014 2036  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:05:04.0014 2036  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:05:04.0045 2036  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:05:04.0045 2036  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:05:04.0061 2036  [Global] - ok
19:05:04.0061 2036  ================ Scan MBR ==================================
19:05:04.0076 2036  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:05:04.0076 2036  \Device\Harddisk0\DR0 - ok
19:05:04.0076 2036  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:05:04.0092 2036  \Device\Harddisk1\DR1 - ok
19:05:04.0092 2036  ================ Scan VBR ==================================
19:05:04.0092 2036  [ 9132931FDB2E7A79E0E303FB799F4F05 ] \Device\Harddisk0\DR0\Partition1
19:05:04.0092 2036  \Device\Harddisk0\DR0\Partition1 - ok
19:05:04.0092 2036  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
19:05:04.0092 2036  \Device\Harddisk0\DR0\Partition2 - ok
19:05:04.0092 2036  [ B57AAE6C79CC0AC4104657D0DE9BD155 ] \Device\Harddisk0\DR0\Partition3
19:05:04.0107 2036  \Device\Harddisk0\DR0\Partition3 - ok
19:05:04.0107 2036  [ 5BBF4EDCB2F105EB4F594D567469EBCD ] \Device\Harddisk1\DR1\Partition1
19:05:04.0107 2036  \Device\Harddisk1\DR1\Partition1 - ok
19:05:04.0107 2036  ============================================================
19:05:04.0107 2036  Scan finished
19:05:04.0107 2036  ============================================================
19:05:04.0107 2028  Detected object count: 0
19:05:04.0107 2028  Actual detected object count: 0
19:05:51.0672 2000  Deinitialize success

aharonov 24.02.2013 19:41
Hallo,

bitte wenn immer möglich im normalen Modus arbeiten und alle Tools auf den Desktop speichern und von dort ausführen.


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL

OLI VAN DEN 24.02.2013 20:05
gerade windows im normalen modus gebootet.
desktophintergrundbild sowie komplette untere startleitste wird angezeigt.
allerdings reagiert pc auf keine aktion, kein taskmanager aufrufbar.

was nun. wieder im abgesicherten modus mit malwarebytes scannen um auf normalmodus zugreifen zu können oder im abgesicherten modus deine vorher genannten 3 programme durchlaufen lassen?

aharonov 24.02.2013 20:25
Ok, dann geh wieder in den abgesicherten Modus und versuche obige Schritte dort auszuführen.

OLI VAN DEN 24.02.2013 20:57
im abgesicherten modus adwcleaner durchlaufen. nach neustart im normalmodus weiterhin genanntes problem-->start im abgesicherten modus hier logfile

Code:
# AdwCleaner v2.113 - Datei am 24/02/2013 um 20:32:50 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : OLIVENOEL - OLIVENOEL-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Program Files (x86)\1ClickDownload
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\NCH_EN
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\NCH_EN
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\OLIVENOEL\Funmoods
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_EN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\a538dddb06aba48
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Schlüssel Gelöscht : HKLM\Software\NCH_EN
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a538dddb06aba48
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{544F518B-727B-45DA-AA64-C64FB2631BA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E83544B-A4F2-4027-975A-4C3B808A2FED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.39] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec[...]
Gelöscht [l.44] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&[...]
Gelöscht [l.1947] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44f[...]
Gelöscht [l.2408] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&bab[...]

-\\ Opera v12.14.1738.0

Datei : C:\Users\OLIVENOEL\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27124 octets] - [24/02/2013 20:32:50]

########## EOF - C:\AdwCleaner[S1].txt - [27185 octets] ##########

combofix meldet, dass avast im hintergrund läuft. allerdings kein avast prozess offen ist. auch kein avast dienst aktiv. somit mit ok bestätigt, 2tes fenster erscheint, in welchem erneut darauf hingewiesen wird, dass avast aktiv ist.
was nun

werde den combofix-suchlauf trotz der warnmeldung , dass avast aktiv ist und demnach daten beschädigt werden könnten, starten.
kenne keine andere möglichkeit avast zu beenden, außer über taskmanager prozess und dienst zu beenden.
besserer vorschlag vorhanden?

aharonov 24.02.2013 22:39
Zitat:
kenne keine andere möglichkeit avast zu beenden, außer über taskmanager prozess und dienst zu beenden.
Du kannst in der Taskleiste und rechts einen Rechtsklick auf das avast-Symbol machen und dann avast! Schutzsteuerung -> Dauerhaft deaktivieren auswählen.

OLI VAN DEN 25.02.2013 09:04
Da bedienung des pc nur im abgesicherten modus möglich und dabei kein symbol unten rechts in leiste, auch keine deaktivierung möglich.

aharonov 25.02.2013 11:26
Dann ignorier die Meldung von Combofix und starte den Scan.

OLI VAN DEN 25.02.2013 17:38
bitte besonders aktivitäten vom 22.02.2013 kurz vor und nach 16:00 uhr beachten.

außerdem verhielt sich pc nach erstellung und anzeige der logfile von combofix seltsam:
als ich usb stick anschließen wollte sofort blackscreen, nach mehreren minuten keine reaktion(war dies normal?) deshalb 2 ten scan und file erstellt.

Code:
# AdwCleaner v2.113 - Datei am 24/02/2013 um 20:32:50 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : OLIVENOEL - OLIVENOEL-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Program Files (x86)\1ClickDownload
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\NCH_EN
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\NCH_EN
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\OLIVENOEL\Funmoods
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_EN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\a538dddb06aba48
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Schlüssel Gelöscht : HKLM\Software\NCH_EN
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a538dddb06aba48
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{544F518B-727B-45DA-AA64-C64FB2631BA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E83544B-A4F2-4027-975A-4C3B808A2FED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.39] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec[...]
Gelöscht [l.44] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&[...]
Gelöscht [l.1947] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44f[...]
Gelöscht [l.2408] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&bab[...]

-\\ Opera v12.14.1738.0

Datei : C:\Users\OLIVENOEL\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27124 octets] - [24/02/2013 20:32:50]

########## EOF - C:\AdwCleaner[S1].txt - [27185 octets] ##########
logcombo1
Code:
ComboFix 13-02-24.01 - OLIVENOEL 25.02.2013  16:32:08.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8154.7236 [GMT 1:00]
ausgeführt von:: c:\users\OLIVENOEL\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\ntuser.dat
c:\users\OLIVENOEL\AppData\Roaming\skype.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-25 bis 2013-02-25  ))))))))))))))))))))))))))))))
.
.
2013-02-25 15:36 . 2013-02-25 15:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-23 18:33 . 2013-02-23 18:33        --------        d-----w-        c:\program files\CCleaner
2013-02-23 18:28 . 2011-02-22 12:57        74824        ----a-w-        c:\windows\system32\drivers\TfSysMon.sys
2013-02-23 18:28 . 2011-02-22 12:57        41888        ----a-w-        c:\windows\system32\drivers\TfNetMon.sys
2013-02-23 18:28 . 2011-02-22 12:57        65072        ----a-w-        c:\windows\system32\drivers\TfFsMon.sys
2013-02-23 18:28 . 2013-02-23 18:28        --------        d-----w-        c:\program files (x86)\ThreatFire
2013-02-23 18:28 . 2013-02-23 18:28        --------        d-----w-        c:\programdata\PC Tools
2013-02-23 18:18 . 2013-02-23 18:18        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\SUPERAntiSpyware.com
2013-02-23 18:18 . 2013-02-23 18:18        --------        d-----w-        c:\program files\SUPERAntiSpyware
2013-02-23 18:18 . 2013-02-23 18:18        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2013-02-22 16:23 . 2013-02-22 16:23        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\Malwarebytes
2013-02-22 16:23 . 2013-02-22 16:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-22 16:23 . 2013-02-22 16:23        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-22 16:23 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-22 16:22 . 2013-02-22 16:22        --------        d-----w-        c:\users\OLIVENOEL\AppData\Local\Programs
2013-02-22 13:54 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F926A912-2C22-440D-A74B-E15D1A13138E}\mpengine.dll
2013-02-17 13:40 . 2013-02-17 13:40        --------        d-----w-        c:\program files (x86)\GUMA61E.tmp
2013-02-13 19:48 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:48 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 13:56 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-02-13 13:56 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 13:56 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 13:56 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-13 13:56 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-02-13 13:56 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-02-13 13:56 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-02-13 13:56 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-02-13 13:56 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-02-13 13:56 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-02-13 13:56 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:56 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-29 17:56 . 2013-01-29 17:56        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\TuneUp Software
2013-01-29 17:55 . 2013-01-29 17:56        --------        d-----w-        c:\programdata\TuneUp Software
2013-01-29 17:55 . 2013-01-29 17:55        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-29 17:55 . 2013-01-29 17:55        --------        d--h--w-        c:\programdata\Common Files
2013-01-29 16:52 . 2013-01-29 16:52        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\Ignite
2013-01-29 16:51 . 2013-01-30 13:58        --------        d-----w-        c:\users\OLIVENOEL\AppData\Local\Ignite
2013-01-29 16:50 . 2013-01-29 16:50        --------        d-----w-        c:\windows\Sun
2013-01-29 16:49 . 2013-02-01 12:59        --------        d-----w-        c:\users\OLIVENOEL\AppData\Local\Pokki
2013-01-29 16:49 . 2013-01-29 16:49        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-29 16:49 . 2013-01-29 16:49        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
2013-01-29 16:49 . 2013-01-29 16:49        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 13:53 . 2012-05-30 09:32        71024        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-22 13:53 . 2012-05-30 09:32        691568        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28 . 2010-11-21 03:27        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 13:56        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 16:16        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 16:16        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:16        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:16        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 19:31        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 19:31        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 19:31        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 19:31        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 19:31        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 19:31        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 19:31        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 19:31        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 19:31        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 19:31        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 19:31        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 19:31        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 19:31        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 19:31        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 19:31        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 19:31        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 19:31        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 19:31        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 19:31        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 19:31        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 19:31        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 19:31        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 19:31        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 19:31        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 19:31        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 19:31        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 19:30        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 19:30        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 19:30        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 19:30        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 19:30        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 19:30        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 19:30        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 19:30        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 19:30        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 03:23 . 2013-01-09 19:30        338432        ----a-w-        c:\windows\system32\conhost.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48        281760        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-28 16:14        222712        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-28 16:14        222712        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-28 16:14        222712        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-05 49152]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-21 14448]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-30 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2007-08-21 1041920]
R4 AntUpdaterService;Ant Toolbar updater service;c:\program files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
R4 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe [2011-03-31 454208]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-18 283200]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 11:40        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2012-02-27 03:12        1409        ----a-r-        c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 13:53]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 23:13]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 23:13]
.
2013-02-22 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2010-05-20 13:26]
.
2013-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 06613d53-b2bb-4c8f-a607-153398a1209e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ac099a8a-f17a-4117-9d90-ce4413a142d2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48        342176        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-28 16:14        261624        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-28 16:14        261624        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-28 16:14        261624        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        133400        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE:       
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Link an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Text an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item1]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item2]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item3]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Toolbar]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr_Toolbar]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\SecuROM\License information*]
"datasecu"=hex:89,38,ab,58,42,53,13,f1,e5,44,70,7b,3c,ce,ea,33,91,79,50,dc,48,
  a6,a4,2c,00,70,04,05,0a,93,1d,d0,3a,bb,01,74,d1,b8,c0,c2,b0,1a,99,a5,77,10,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-25  16:37:37
ComboFix-quarantined-files.txt  2013-02-25 15:37
.
Vor Suchlauf: 9 Verzeichnis(se), 992.871.182.336 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 992.607.477.760 Bytes frei
.
- - End Of File - - 41A7F7B209232C6C55C7BB7FA68C236C
logcombo2
Code:
ComboFix 13-02-24.01 - OLIVENOEL 25.02.2013  17:05:23.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8154.7260 [GMT 1:00]
ausgeführt von:: c:\users\OLIVENOEL\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-25 bis 2013-02-25  ))))))))))))))))))))))))))))))
.
.
2013-02-25 16:09 . 2013-02-25 16:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-02-25 16:09 . 2013-02-25 16:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-23 18:33 . 2013-02-23 18:33        --------        d-----w-        c:\program files\CCleaner
2013-02-23 18:28 . 2011-02-22 12:57        74824        ----a-w-        c:\windows\system32\drivers\TfSysMon.sys
2013-02-23 18:28 . 2011-02-22 12:57        41888        ----a-w-        c:\windows\system32\drivers\TfNetMon.sys
2013-02-23 18:28 . 2011-02-22 12:57        65072        ----a-w-        c:\windows\system32\drivers\TfFsMon.sys
2013-02-23 18:28 . 2013-02-23 18:28        --------        d-----w-        c:\program files (x86)\ThreatFire
2013-02-23 18:28 . 2013-02-23 18:28        --------        d-----w-        c:\programdata\PC Tools
2013-02-23 18:18 . 2013-02-23 18:18        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\SUPERAntiSpyware.com
2013-02-23 18:18 . 2013-02-23 18:18        --------        d-----w-        c:\program files\SUPERAntiSpyware
2013-02-23 18:18 . 2013-02-23 18:18        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2013-02-22 16:23 . 2013-02-22 16:23        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\Malwarebytes
2013-02-22 16:23 . 2013-02-22 16:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-22 16:23 . 2013-02-22 16:23        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-22 16:23 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-22 16:22 . 2013-02-22 16:22        --------        d-----w-        c:\users\OLIVENOEL\AppData\Local\Programs
2013-02-22 13:54 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F926A912-2C22-440D-A74B-E15D1A13138E}\mpengine.dll
2013-02-17 13:40 . 2013-02-17 13:40        --------        d-----w-        c:\program files (x86)\GUMA61E.tmp
2013-02-13 19:48 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:48 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 13:56 . 2013-01-05 05:53        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-02-13 13:56 . 2013-01-05 05:00        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 13:56 . 2013-01-05 05:00        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 13:56 . 2013-01-04 03:26        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-13 13:56 . 2013-01-04 05:46        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-02-13 13:56 . 2013-01-04 04:51        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-02-13 13:56 . 2013-01-04 02:47        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-02-13 13:56 . 2013-01-04 02:47        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-02-13 13:56 . 2013-01-04 02:47        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-02-13 13:56 . 2013-01-04 02:47        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-02-13 13:56 . 2013-01-03 06:00        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:56 . 2013-01-03 06:00        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-29 17:56 . 2013-01-29 17:56        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\TuneUp Software
2013-01-29 17:55 . 2013-01-29 17:56        --------        d-----w-        c:\programdata\TuneUp Software
2013-01-29 17:55 . 2013-01-29 17:55        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-29 17:55 . 2013-01-29 17:55        --------        d--h--w-        c:\programdata\Common Files
2013-01-29 16:52 . 2013-01-29 16:52        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\Ignite
2013-01-29 16:51 . 2013-01-30 13:58        --------        d-----w-        c:\users\OLIVENOEL\AppData\Local\Ignite
2013-01-29 16:50 . 2013-01-29 16:50        --------        d-----w-        c:\windows\Sun
2013-01-29 16:49 . 2013-02-01 12:59        --------        d-----w-        c:\users\OLIVENOEL\AppData\Local\Pokki
2013-01-29 16:49 . 2013-01-29 16:49        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-29 16:49 . 2013-01-29 16:49        --------        d-----w-        c:\users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
2013-01-29 16:49 . 2013-01-29 16:49        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 13:53 . 2012-05-30 09:32        71024        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-22 13:53 . 2012-05-30 09:32        691568        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28 . 2010-11-21 03:27        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 13:56        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 16:16        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 16:16        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:16        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:16        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 19:31        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 19:31        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 19:31        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 19:31        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 19:31        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 19:31        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 19:31        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 19:31        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 19:31        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 19:31        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 19:31        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 19:31        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 19:31        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 19:31        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 19:31        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 19:31        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 19:31        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 19:31        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 19:31        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 19:31        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 19:31        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 19:31        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 19:31        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 19:31        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 19:31        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 19:31        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 19:31        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 19:30        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 19:30        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 19:30        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 19:30        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 19:30        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 19:30        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 19:30        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 19:30        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 19:30        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 19:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 03:23 . 2013-01-09 19:30        338432        ----a-w-        c:\windows\system32\conhost.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48        281760        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-28 16:14        222712        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-28 16:14        222712        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-28 16:14        222712        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-05 49152]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-21 14448]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-30 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2007-08-21 1041920]
R4 AntUpdaterService;Ant Toolbar updater service;c:\program files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
R4 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe [2011-03-31 454208]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S1 aswKbd;aswKbd; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-18 283200]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 11:40        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2012-02-27 03:12        1409        ----a-r-        c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 13:53]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 23:13]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 23:13]
.
2013-02-22 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2010-05-20 13:26]
.
2013-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 06613d53-b2bb-4c8f-a607-153398a1209e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ac099a8a-f17a-4117-9d90-ce4413a142d2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:48        342176        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-28 16:14        261624        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-28 16:14        261624        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-28 16:14        261624        ----a-w-        c:\users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        133400        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE:       
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Link an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Text an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item1]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item2]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\List\Item3]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr\Toolbar]
@Denied: (2) (LocalSystem)
"Flag"=dword:00000000
.
[HKEY_USERS\.Default\Software\DataMngr_Toolbar]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\SecuROM\License information*]
"datasecu"=hex:89,38,ab,58,42,53,13,f1,e5,44,70,7b,3c,ce,ea,33,91,79,50,dc,48,
  a6,a4,2c,00,70,04,05,0a,93,1d,d0,3a,bb,01,74,d1,b8,c0,c2,b0,1a,99,a5,77,10,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-25  17:10:52
ComboFix-quarantined-files.txt  2013-02-25 16:10
ComboFix2.txt  2013-02-25 15:37
.
Vor Suchlauf: 12 Verzeichnis(se), 992.798.457.856 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 992.707.571.712 Bytes frei
.
- - End Of File - - D1DE19BB7EEF38D23E8611003558A909

OLI VAN DEN 25.02.2013 17:46
oldtimer
Code:
OTL logfile created on: 25.02.2013 17:15:32 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\OLIVENOEL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 87,94% Memory free
15,92 Gb Paging File | 15,12 Gb Available in Paging File | 94,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,04 Gb Total Space | 924,62 Gb Free Space | 66,18% Space Free | Partition Type: NTFS
Drive F: | 14,81 Gb Total Space | 14,53 Gb Free Space | 98,10% Space Free | Partition Type: FAT32
 
Computer Name: OLIVENOEL-PC | User Name: OLIVENOEL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLIVENOEL\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011.05.24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.02.22 14:53:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 18:11:17 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Disabled | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2011.03.31 04:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.31 04:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.21 20:01:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:01:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.08.18 11:03:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.28 07:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.05.20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.09.19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.21 09:00:22 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2012.05.30 13:22:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.05.30 13:21:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1A 43 A6 E9 3D CD 01  [binary data]
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{04AACE3D-6BEC-44EF-9545-1F5ACDB8D9E2}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{1D2A669D-1647-4114-957F-197E22191314}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de171efa-a06d-44fa-9227-742195c7860d&apn_sauid=225CE576-68D0-4AF8-9DD4-95DF0951DDD3
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{C6F4A357-FDC3-4227-B4FD-6AF9CDD21F24}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.01 18:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.18 11:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
 
[2012.09.01 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.09.06 17:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.26 15:55:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.09.01 11:11:44 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
[2012.06.14 16:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: dict.cc (Enabled)
CHR - default_search_provider: search_url = hxxp://www.dict.cc/?s={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Wajam (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.02.25 16:36:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DEE3FE-D533-437F-9D9D-D99B7E44B1CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AC0FAC-92C8-4CE8-904B-85A9E43C48F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD499B7-FCFA-4572-88A7-65C20A02DA6D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.25 17:14:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OLIVENOEL\Desktop\OTL.exe
[2013.02.25 17:10:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.24 20:53:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.24 20:53:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.24 20:53:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.24 20:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.24 20:47:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.24 20:30:52 | 005,034,894 | R--- | C] (Swearware) -- C:\Users\OLIVENOEL\Desktop\ComboFix.exe
[2013.02.23 19:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.23 19:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2013.02.23 19:28:04 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2013.02.23 19:28:04 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2013.02.23 19:28:04 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2013.02.23 19:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2013.02.23 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013.02.23 19:18:19 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\SUPERAntiSpyware.com
[2013.02.23 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.02.23 19:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.02.23 19:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.02.23 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\maleware
[2013.02.22 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Malwarebytes
[2013.02.22 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Programs
[2013.02.22 17:21:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Gorillas im Nebel (1988)
[2013.01.29 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine Other Profiles
[2013.01.29 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine
[2013.01.29 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2013.01.29 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.29 18:55:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.29 18:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Ignite
[2013.01.29 17:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.29 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Pokki
[2013.01.29 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.25 16:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.25 16:42:48 | 2117,795,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.25 16:36:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.25 16:23:32 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.24 19:57:40 | 005,034,894 | R--- | M] (Swearware) -- C:\Users\OLIVENOEL\Desktop\ComboFix.exe
[2013.02.24 19:57:12 | 000,594,019 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
[2013.02.24 16:34:09 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.23 23:45:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.23 23:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.23 22:26:53 | 000,293,665 | ---- | M] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-02-23 22_26_53.326177.dmp
[2013.02.23 21:55:54 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:55:54 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:19:15 | 169,958,188 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\8_861_Asus_Vista_Win7_WHQL.zip
[2013.02.23 19:33:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.23 19:30:04 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 19:30:04 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 19:30:04 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 19:30:04 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 19:30:04 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 19:28:06 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2013.02.23 19:25:13 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ac099a8a-f17a-4117-9d90-ce4413a142d2.job
[2013.02.23 19:25:13 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 06613d53-b2bb-4c8f-a607-153398a1209e.job
[2013.02.23 19:18:16 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.02.23 15:28:39 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.23 15:23:10 | 000,376,832 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\gmer_2.1.19081.exe
[2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLIVENOEL\Desktop\OTL.exe
[2013.02.22 17:23:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 17:18:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.22 16:16:35 | 000,000,178 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:41:51 | 011,165,867 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.16 18:03:02 | 000,001,603 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.14 13:54:45 | 000,420,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:08:49 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 12:21:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.24 20:53:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.24 20:53:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.24 20:53:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.24 20:53:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.24 20:53:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.24 20:30:52 | 000,594,019 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
[2013.02.23 22:26:53 | 000,293,665 | ---- | C] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-02-23 22_26_53.326177.dmp
[2013.02.23 21:18:35 | 169,958,188 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\8_861_Asus_Vista_Win7_WHQL.zip
[2013.02.23 19:33:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.23 19:28:06 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2013.02.23 19:18:37 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 06613d53-b2bb-4c8f-a607-153398a1209e.job
[2013.02.23 19:18:36 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ac099a8a-f17a-4117-9d90-ce4413a142d2.job
[2013.02.23 19:18:16 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.02.23 16:37:34 | 000,376,832 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\gmer_2.1.19081.exe
[2013.02.23 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.22 17:23:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 16:16:35 | 000,000,178 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:40:58 | 011,165,867 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.13 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 19:35:40 | 000,001,603 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2012.08.18 11:15:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 11:15:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 12:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.10 12:44:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.12 20:36:43 | 000,004,608 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 12:43:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\RemoveWlan.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.31 20:26:09 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:12:12 | 000,176,389 | ---- | C] () -- C:\Windows\hphins27.dat
[2012.05.31 15:12:12 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2012.05.30 13:22:07 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.30 12:17:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.05 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Amazon
[2012.05.30 21:31:17 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\ArmA II Launcher
[2012.08.20 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Audacity
[2012.07.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BANDISOFT
[2013.02.23 20:13:01 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BitTorrent
[2012.07.11 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013.02.23 20:13:01 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DAEMON Tools Lite
[2012.11.05 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DarknessII
[2013.01.29 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2012.09.28 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\GoPro
[2013.01.29 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2012.05.30 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Opera
[2012.07.11 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PlayClaw3
[2012.08.18 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PunkBuster
[2012.08.15 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-updater
[2012.05.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-zsync
[2012.10.09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Sony
[2012.12.21 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Splashtop
[2012.08.30 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TeamViewer
[2012.07.12 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TechSmith
[2013.02.23 23:59:55 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TS3Client
[2013.01.29 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2012.08.20 11:34:40 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >
fragen zu programmaktivitäten deren signatur fremd erscheint?
vielleicht kann ich bei "trial and error" weiterhelfen.

aharonov 25.02.2013 18:40
Hallo,

kannst du mir bitte den Inhalt der Datei C:\QooBox\Add-Remove Programs.txt hier einfügen?

OLI VAN DEN 25.02.2013 19:30
Code:
@BIOS
4Videosoft AMV Media Converter 5.0.8
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) - Deutsch
Amazon MP3-Downloader 1.0.17
Ant.com IE add-on
ARMA 2 Operation Arrowhead Uninstall
ArmA2 Uninstall
Assassin's Creed Revelations 1.03
ASUS USB-N53 Utility
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 2.0
AutoGreen B12.0206.1
avast! Free Antivirus
Bandicam
Bandisoft MPEG-1 Decoder
BattlEye for OA Uninstall
BattlEye Uninstall
Bilder-CD für Fachkunde Elektrotechnik, 25. Auflage - Einzelliz
Bilder-CD für Fachkunde Metall, 55. Auflage - Einzellizenz
BitTorrent
BufferChm
CamStudio OSS Desktop Recorder
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CPUCooL (remove only)
D3DX10
D4300
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DivX-Setup
DJ_SF_03_D4300_Software_Min
Druckstudio Einladungen Glueckwuensche
Easy Tune 6 B12.0210.2
Etron USB3.0 Host Controller
Express Burn
Fotogalerie
Free YouTube Download version 3.2.0.128
Game Cam 2.6.1.0
Google Chrome
Google Update Helper
GoPro CineForm Studio 1.3.1
GPBaseService2
Grand Theft Auto IV
Halo Complete Collection
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HydraVision
Ignite
Intel(R) Management Engine Components
Intel(R) USB 3.0 eXtensible Host Controller Driver
Java 7 Update 9
Java Auto Updater
Malwarebytes Anti-Malware Version 1.70.0.1100
MarketResearch
Max Payne 3
Media Go
Media Go Video Playback Engine 1.92.163.06140
Microsoft Corporation
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft PowerPoint Viewer
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word 2000
Mindjet MindManager 2012
MixPad
Movie Maker
MSVCRT
MSVCRT110
ON_OFF Charge B11.1102.1
Opera 12.14
Photo Common
Photo Gallery
PhotoStage Slideshow Producer
Platform
Prism Video File Converter
Prototype 2
PunkBuster Services
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Six Updater
Skype™ 6.1
SmartWebPrinting
SolutionCenter
Sony DVD Architect 2.0
Sony Ericsson Update Engine
Sony PC Companion 2.10.115
Status
TeamSpeak 3 Client
TeamViewer 7
The Darkness II
ThreatFire
Tom Clancy's Ghost Recon Future Soldier
Toolbox
TrayApp
Ubisoft Game Launcher
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VIA Plattform-Geräte-Manager
VideoPad Video Editor
VLC media player 2.0.5
WavePad Sound Editor
WebReg
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar

aharonov 25.02.2013 19:59
Hi,
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • ThreatFire
    • SUPERAntiSpyware
    • CCleaner
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Danach versuche wieder in den normalen Modus zu booten.
Bestehen jetzt dort immer noch Probleme?

OLI VAN DEN 25.02.2013 20:09
durchgeführt.
zugriff auf desktop im normalmodus möglich.

gehe ich richtig in der annahme, dass die sich in quarantäne befundenen daten nun von festplatte gelöscht wurden und programme bzw. die bedrohungen zugriff nicht weiter blockieren?!

weiteres vorgehen?

aharonov 25.02.2013 20:44
Hi,

Zitat:
zugriff auf desktop im normalmodus möglich.
Also du kannst wieder normal arbeiten im normalen Modus?

Zitat:
gehe ich richtig in der annahme, dass die sich in quarantäne befundenen daten nun von festplatte gelöscht wurden
Die gefundenen Bedrohungen sind vollständig inaktiv, ob gelöscht oder in Quarantäne spielt überhaupt keine Rolle.

Zitat:
weiteres vorgehen?
Folgendes bitte wieder im normalen Modus ausführen:


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
IE - HKLM\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de171efa-a06d-44fa-9227-742195c7860d&apn_sauid=225CE576-68D0-4AF8-9DD4-95DF0951DDD3
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
[2012.06.14 16:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.01 11:11:44 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Schritt 5

Downloade dir bitte SecurityCheck (Link 1, Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von OTL
  • Log von SecurityCheck

OLI VAN DEN 26.02.2013 18:42
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Microsoft\Internet Explorer\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}\ not found.
Registry key HKEY_USERS\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}\ not found.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi moved successfully.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: OLIVENOEL
->Temp folder emptied: 108765 bytes
->Temporary Internet Files folder emptied: 35218 bytes
->Java cache emptied: 35016693 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 51618410 bytes
->Flash cache emptied: 15261367 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3392 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045936 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 133,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02252013_205924

Files\Folders moved on Reboot...
C:\Users\OLIVENOEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OLIVENOEL :: OLIVENOEL-PC [Administrator]

Schutz: Deaktiviert

25.02.2013 21:06:11
mbam-log-2013-02-25 (21-06-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232118
Laufzeit: 2 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
eset: keine funde

Code:
OTL logfile created on: 26.02.2013 18:35:51 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\OLIVENOEL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,72% Memory free
15,92 Gb Paging File | 13,75 Gb Available in Paging File | 86,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,04 Gb Total Space | 926,69 Gb Free Space | 66,33% Space Free | Partition Type: NTFS
Drive F: | 14,81 Gb Total Space | 14,42 Gb Free Space | 97,36% Space Free | Partition Type: FAT32
 
Computer Name: OLIVENOEL-PC | User Name: OLIVENOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLIVENOEL\Desktop\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.05 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2011.09.19 08:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011.05.24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.02.22 14:53:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 18:11:17 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Disabled | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2011.03.31 04:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.31 04:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.21 20:01:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:01:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.08.18 11:03:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.28 07:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.05.20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.09.19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.21 09:00:22 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2012.05.30 13:22:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.05.30 13:21:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1A 43 A6 E9 3D CD 01  [binary data]
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{04AACE3D-6BEC-44EF-9545-1F5ACDB8D9E2}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{1D2A669D-1647-4114-957F-197E22191314}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\..\SearchScopes\{C6F4A357-FDC3-4227-B4FD-6AF9CDD21F24}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.01 18:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.18 11:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
 
[2012.09.01 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.25 20:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.26 15:55:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
========== Chrome  ==========
 
CHR - default_search_provider: dict.cc (Enabled)
CHR - default_search_provider: search_url = hxxp://www.dict.cc/?s={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Ignite (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.02.25 16:36:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2525045674-2412715797-1743115317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DEE3FE-D533-437F-9D9D-D99B7E44B1CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AC0FAC-92C8-4CE8-904B-85A9E43C48F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD499B7-FCFA-4572-88A7-65C20A02DA6D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.26 18:28:24 | 000,000,000 | ---D | C] -- C:\b39afb6f1c20f53550f9f0dd
[2013.02.25 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.25 20:59:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.25 18:59:58 | 000,000,000 | R--D | C] -- C:\Users\OLIVENOEL\Documents\Notes
[2013.02.25 18:46:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.25 17:14:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OLIVENOEL\Desktop\OTL.exe
[2013.02.25 17:10:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.24 20:53:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.24 20:53:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.24 20:53:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.24 20:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.24 20:47:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.24 20:30:52 | 005,034,894 | R--- | C] (Swearware) -- C:\Users\OLIVENOEL\Desktop\ComboFix.exe
[2013.02.23 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\maleware
[2013.02.22 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Malwarebytes
[2013.02.22 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Programs
[2013.02.22 17:21:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.13 20:46:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 20:46:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 20:46:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 20:46:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 20:46:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 20:46:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 20:46:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 20:46:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 20:46:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 20:46:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 20:46:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 20:46:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 20:46:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 20:46:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 20:46:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 14:56:32 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 14:56:31 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 14:56:31 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 14:56:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 14:56:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 14:56:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 14:56:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 14:56:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 14:56:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 14:56:18 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.02 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Gorillas im Nebel (1988)
[2013.01.29 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine Other Profiles
[2013.01.29 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine
[2013.01.29 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2013.01.29 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.29 18:55:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.29 18:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Ignite
[2013.01.29 17:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.29 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Pokki
[2013.01.29 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.26 18:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.26 18:27:39 | 000,881,935 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\SecurityCheck.exe
[2013.02.26 18:27:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.26 18:27:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.26 18:24:16 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 18:24:16 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 18:24:16 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 18:24:16 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 18:24:16 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.26 18:21:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.26 18:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.26 18:19:45 | 2117,795,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.25 22:45:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.25 16:36:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.24 19:57:40 | 005,034,894 | R--- | M] (Swearware) -- C:\Users\OLIVENOEL\Desktop\ComboFix.exe
[2013.02.24 19:57:12 | 000,594,019 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
[2013.02.24 16:34:09 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.23 22:26:53 | 000,293,665 | ---- | M] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-02-23 22_26_53.326177.dmp
[2013.02.23 21:19:15 | 169,958,188 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\8_861_Asus_Vista_Win7_WHQL.zip
[2013.02.23 15:28:39 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.23 15:23:10 | 000,376,832 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\gmer_2.1.19081.exe
[2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLIVENOEL\Desktop\OTL.exe
[2013.02.22 17:23:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 17:18:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.22 16:16:35 | 000,000,178 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.22 14:53:07 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.22 14:53:07 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.19 20:41:51 | 011,165,867 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.16 18:03:02 | 000,001,603 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.14 13:54:45 | 000,420,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:08:49 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 12:21:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.26 18:29:02 | 000,881,935 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\SecurityCheck.exe
[2013.02.24 20:53:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.24 20:53:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.24 20:53:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.24 20:53:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.24 20:53:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.24 20:30:52 | 000,594,019 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
[2013.02.23 22:26:53 | 000,293,665 | ---- | C] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-02-23 22_26_53.326177.dmp
[2013.02.23 21:18:35 | 169,958,188 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\8_861_Asus_Vista_Win7_WHQL.zip
[2013.02.23 16:37:34 | 000,376,832 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\gmer_2.1.19081.exe
[2013.02.23 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.22 17:23:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.22 16:16:35 | 000,000,178 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:40:58 | 011,165,867 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.13 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 19:35:40 | 000,001,603 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2012.08.18 11:15:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 11:15:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 12:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.10 12:44:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.12 20:36:43 | 000,004,608 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 12:43:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\RemoveWlan.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.31 20:26:09 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:12:12 | 000,176,389 | ---- | C] () -- C:\Windows\hphins27.dat
[2012.05.31 15:12:12 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2012.05.30 13:22:07 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.30 12:17:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >
Code:
Results of screen317's Security Check version 0.99.59 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.70.0.1100 
 Java 7 Update 9 
 Java version out of Date!
 Adobe Flash Player 11.6.602.168 
 Adobe Reader 10.1.5 Adobe Reader out of Date! 
 Google Chrome 24.0.1312.56 
 Google Chrome 24.0.1312.57 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

aharonov 26.02.2013 19:07
Ok, dann sind wir jetzt durch.
Mach noch die Updates und dann räumen wir auf.


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.



Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 15.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".



Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Schritt 4

Starte defogger und drücke den Button Re-enable.



Schritt 5

Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, kopiere folgenden Text in das Ausführen Fenster
Code:
Combofix /Uninstall
und drücke OK.
Du kannst die eben deaktivierten Programme nun wieder einschalten.



Schritt 6

Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen.
Falls du ESET aber deinstallieren möchtest, dann:

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, kopiere folgenden Text in das Ausführen Fenster
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
und drücke OK.



Schritt 7

Downloade dir bitte delfix auf deinen Desktop.
  • Schliesse alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Start.
  • DelFix entfernt alle von uns verwendeten Programme und löscht sich anschliessend selbst.
    Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

OLI VAN DEN 27.02.2013 16:13
Bei dem Plug-inCheck erscheint folgendes:

Flash 11,5,31,139 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Klickte auf update. Adobewebseite zeigte an:

Ihr Google Chrome Browser beinhaltet bereits Adobe® Flash® Player. Google Chrome wird automatisch Aktualisierungen vornehmen, sobald eine neue Version von Flash Player verfügbar ist.

aharonov 27.02.2013 16:36
Schau doch mal so nach, wie hier beschrieben, ob es Aktualisierungen für deinen Chrome gibt, führe diese durch und mach den Check danach nochmals: Google Chrome aktualisieren - Google Chrome-Hilfe

OLI VAN DEN 27.02.2013 16:48
Vielen Dank für deine gute Unterstützung.

Werde mich bei erneuten Einschränkungen in der Nutzung melden.

aharonov 27.02.2013 16:51
Also ist jetzt alles erledigt und in Ordnung bei dir?


Freut mich, dass wir helfen konnten. :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

OLI VAN DEN 01.03.2013 18:31
So weit so gut.

OLI VAN DEN 03.03.2013 22:02
folgende Effeke beobachtet: -erhöhte aktivität der festplatte (daten lesen/schreiben)
-akustisches signal über audioausgang obwohl kein
pluginfähiges bauteil an oder abgeschlossen wurde

aharonov 04.03.2013 02:18
Zitat:
-erhöhte aktivität der festplatte (daten lesen/schreiben)
Konstant? Jetzt immer noch?

Zitat:
-akustisches signal über audioausgang obwohl kein
pluginfähiges bauteil an oder abgeschlossen wurde
Ich versteh nicht, was du meinst. Kannst du mir bitte nochmals erklären, was du hier genau bemerkst?



Und mach doch ein frisches OTL-Log:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.

aharonov 07.03.2013 18:23
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

aharonov 08.03.2013 19:26
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131