Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.04.2012, 17:23   #1
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hallo Trojaner Board,
ich habe eben mir eben einen Bundspolizei-Trojaner eingefangen.

AntiVir hat leider nichts entdeckt.

Ich nutze Windows7 64Bit ultimate.

Im abgesicherten Modus konnte der PC noch gestartet werden.

Habe dann mit der Kaspersky-CD den Rechner gestartet und mit dem windows-Unlock tool den Rechner wieder frei bekommen.

Nach einem Neustart wurde beim ersten Scan mit Malwarebytes die Datei ch8l0.exe gefunden und bereinigt. Beim 2. Scan nach einem Neustart wurde nichts mehr gefunden.

Habe nun aber trotzdem Bedenken, dass etwas auf dem Rechner übrig geblieben ist. Deshlab habe ich eben einen Scan mit OTL durchgeführt und würde Euch darum bitten, diesen Scan einmal durchzusehen, ob da noch etwas kritisches übrig geblieben ist.

Vielen Dank schon mal!

Hier die dds-scan-Daten:

.DDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Test at 17:46:44 on 2012-04-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3047.1400 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\SysWOW64\svchost.exe -k Cognizance
C:\Windows\SysWOW64\svchost.exe -k Bioscrypt
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Intel\AMT\atchksrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Intel\AMT\UNS.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
uRun: [GMX_GMX Upload-Manager] "C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE" /hide
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [GMX SMS-Manager] C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [ApplyEsf-eDocPrintPro] "C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe"
mRun: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
mRun: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
StartupFolder: C:\Users\Test\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BITSBA~1.LNK - C:\Windows\system32\bits_ie.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIET-O~1.LNK - C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Background Download As - C:\BITS_Plugin\bits_ie.htm
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}\2456C6B696E6F574F505C65737F5D494D4F4F5144435C4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}\5416379724F687D2345364636353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7FD21CB7-7BFC-408F-9D5A-450E53F4F3A8} : DhcpNameServer = 62.134.11.4 195.182.110.132
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}\2425F445 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}\24575627F6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}\24F62756E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}\5416379724F687D2345364636353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}\75C414E4D2739323542333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}\84F6C6977427166756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE0B6CA5-A7F9-4BF7-BCE1-7F3EC2807534} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E8AFDEA4-D3DC-4C3B-A73B-E7ED141BA0A3} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll
LSA: Notification Packages = scecli ASCredProv64
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun-x64: [ApplyEsf-eDocPrintPro] "C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe"
mRun-x64: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
mRun-x64: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun-x64: [WatcherHelper] "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
mRun-x64: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\sxu8eipe.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 SbAlg;SbAlg;C:\Windows\system32\drivers\SbAlg.sys --> C:\Windows\system32\drivers\SbAlg.sys [?]
R0 SbFsLock;SbFsLock;C:\Windows\system32\drivers\SbFsLock.sys --> C:\Windows\system32\drivers\SbFsLock.sys [?]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\system32\DRIVERS\tdrpm251.sys --> C:\Windows\system32\DRIVERS\tdrpm251.sys [?]
R1 RsvLock;RsvLock;C:\Windows\system32\drivers\RsvLock.sys --> C:\Windows\system32\drivers\RsvLock.sys [?]
R1 uigxrdr;uigxrdr;C:\Windows\system32\DRIVERS\uigxrdr.sys --> C:\Windows\system32\DRIVERS\uigxrdr.sys [?]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1980-6-19 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1980-6-19 269480]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe -k Cognizance [2009-7-14 20992]
R2 ASChannel;Lokaler Verbindungskanal;C:\Windows\System32\svchost.exe -k Bioscrypt [2009-7-14 20992]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-7-29 1841912]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-17 92216]
R2 HpFkCryptService;Drive Encryption Service;C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-7-29 256544]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-12-2 192368]
R2 SWIHPWMI;SWIHPWMI;C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files (x86)\Intel\AMT\UNS.exe [2012-3-16 1464856]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-8-7 45056]
R3 netw5v64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 64-Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCir64.sys --> C:\Windows\system32\DRIVERS\SMSCir64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 GTIPCI21;GTIPCI21;C:\Windows\system32\DRIVERS\gtipci21.sys --> C:\Windows\system32\DRIVERS\gtipci21.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
S3 InforVisualDrillback;InforVisualDrillback;C:\Infor\VISUAL Enterprise654\VISUAL Manufacturing\HTTP2VM.EXE [2012-3-16 6972572]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\nmwcdx64.sys --> C:\Windows\system32\drivers\nmwcdx64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
S3 SWNC8U02;HP hs2300 MUX NDIS Driver (#02);C:\Windows\system32\DRIVERS\SWNC8U02.sys --> C:\Windows\system32\DRIVERS\SWNC8U02.sys [?]
S3 SWUMX02;HP hs2300 USB MUX Driver (#02);C:\Windows\system32\DRIVERS\swumx02.sys --> C:\Windows\system32\DRIVERS\swumx02.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-01 15:45:56	6358	----a-w-	C:\Windows\System32\PerfStringBackup.TMP
2012-04-01 15:40:06	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-03-31 03:56:33	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{070C8171-906C-4F75-A01F-5A57B33EEE76}\offreg.dll
2012-03-30 19:33:56	8669240	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{070C8171-906C-4F75-A01F-5A57B33EEE76}\mpengine.dll
2012-03-20 09:59:14	592824	----a-w-	C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 09:59:13	44472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 20:44:26	45056	----a-r-	C:\Users\Test\AppData\Roaming\Microsoft\Installer\{D11F12BE-A881-4157-B2D2-A676CD7FB1F0}\ARPPRODUCTICON.exe
2012-03-18 20:26:45	--------	d-----w-	C:\Atlanta
2012-03-18 20:10:02	--------	d-----w-	C:\ProgramData\Unify
2012-03-16 16:36:23	1002008	----a-w-	C:\Windows\SysWow64\mesoludlg.exe
2012-03-16 16:36:23	--------	d-----w-	C:\Program Files (x86)\Common Files\postureAgent
2012-03-16 16:36:21	--------	d-----w-	C:\Program Files (x86)\Common Files\Intel
2012-03-16 16:36:08	989720	----a-w-	C:\Windows\SysWow64\heciudlg.exe
2012-03-16 13:44:47	--------	d-----w-	C:\Auslagerung von E
2012-03-16 11:54:23	--------	d-----w-	C:\Program Files (x86)\Seagate
2012-03-16 11:50:36	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-16 11:21:38	--------	d-----w-	C:\Program Files (x86)\Common Files\Business Objects
2012-03-16 11:21:38	--------	d-----w-	C:\Program Files (x86)\Business Objects
2012-03-16 11:18:10	--------	d-----w-	C:\Program Files (x86)\Infor Global Solutions
2012-03-16 11:17:18	40960	----a-r-	C:\Users\Test\AppData\Roaming\Microsoft\Installer\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}\ARPPRODUCTICON.exe
2012-03-16 11:17:15	--------	d-----w-	C:\Infor
2012-03-15 08:10:45	--------	d-----w-	C:\Users\Test\4.0
2012-03-15 08:10:44	--------	d-----w-	C:\Users\Test\.tfo4
2012-03-15 06:53:21	5559152	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-15 06:53:20	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 06:53:20	3913584	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 06:36:51	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-03-15 06:36:48	1544192	----a-w-	C:\Windows\System32\DWrite.dll
2012-03-15 06:36:48	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-03-15 06:35:46	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-03-15 06:35:46	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-03-15 06:35:46	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-03-15 06:35:45	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-03-15 06:35:45	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-03-15 06:35:45	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-03-15 06:35:45	1112064	----a-w-	C:\Windows\System32\rdpcorets.dll
2012-03-15 06:35:45	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-03-09 13:27:53	--------	d-----w-	C:\Program Files (x86)\CrystalDiskInfo
2012-03-06 18:56:42	53248	----a-w-	C:\Windows\SysWow64\CSVer.dll
2012-03-06 18:56:16	--------	d-----w-	C:\Intel
2012-03-04 10:10:59	6656	----a-w-	C:\Windows\SysWow64\stdftde.dll
2012-03-04 10:10:59	22528	----a-w-	C:\Windows\SysWow64\Tabctde.dll
2012-03-04 10:10:59	209192	----a-w-	C:\Windows\SysWow64\Tabctl32.ocx
2012-03-04 10:10:59	16896	----a-w-	C:\Windows\SysWow64\winskde.dll
2012-03-04 10:10:59	15873	----a-w-	C:\Windows\SysWow64\Inetde.dll
2012-03-04 10:10:59	158208	----a-w-	C:\Windows\SysWow64\Mscmcde.dll
2012-03-04 10:10:59	125712	----a-w-	C:\Windows\SysWow64\vb6de.dll
2012-03-04 10:10:59	115920	----a-w-	C:\Windows\SysWow64\msinet.ocx
2012-03-04 10:10:59	109248	----a-w-	C:\Windows\SysWow64\Mswinsck.ocx
2012-03-04 10:10:56	--------	d-----w-	C:\Users\Test\AppData\Roaming\BOM
2012-03-04 10:10:56	--------	d-----w-	C:\Program Files (x86)\Biet-O-Matic
.
==================== Find3M  ====================
.
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-17 06:57:00	545	----a-w-	C:\Windows\UC.PIF
2012-02-17 06:57:00	545	----a-w-	C:\Windows\RAR.PIF
2012-02-17 06:57:00	545	----a-w-	C:\Windows\PKZIP.PIF
2012-02-17 06:57:00	545	----a-w-	C:\Windows\PKUNZIP.PIF
2012-02-17 06:57:00	545	----a-w-	C:\Windows\NOCLOSE.PIF
2012-02-17 06:57:00	545	----a-w-	C:\Windows\LHA.PIF
2012-02-17 06:57:00	545	----a-w-	C:\Windows\ARJ.PIF
2012-01-04 10:44:20	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 17:48:10,81 ===============
         
--- --- ---

Und dann noch die Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 28.02.1980 19:30:58
System Uptime: 01.04.2012 17:40:27 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30BE
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | U10 | 2475/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 77,806 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 303 GiB total, 42,168 GiB free.
F: is FIXED (NTFS) - 92 GiB total, 66,748 GiB free.
G: is FIXED (NTFS) - 19 GiB total, 3,656 GiB free.
S: is FIXED (NTFS) - 14 GiB total, 9,891 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP94: 01.04.2012 16:36:07 - wiederherstellungspnkt nach 1.04.2012 BKA Trojaner
.
==== Installed Programs ======================
.
Acronis*True*Image*Home
ActiveCheck component for HP Active Support Library
Adobe Acrobat 5.0
Adobe AIR
Adobe Connect Add-in
Adobe Reader X (10.1.0) - Deutsch
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Any DVD Shrink 1.3.1
Audacity 1.2.6
Avidemux 2.5
Avira AntiVir Personal - Free Antivirus
Biet-O-Matic v2.14.8
Canon MP Navigator 2.2
CanoScan Toolbox Ver4.1
Compatibility Pack für 2007 Office System
Credential Manager for HP ProtectTools
CrystalDiskInfo 4.3.0
eDocPrintPro v3.15.2
ElsterFormular
Free Studio version 5.3.2
FreePDF (Remove only)
GMX ProfiFax
GMX SMS-Manager
GMX Upload-Manager
Google Earth
Google Update Helper
gs_x86
Gupta Runtime 4.0
HP Battery Check
HP Broadband Wireless Modules
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP JavaCard for HP ProtectTools
HP Product Detection
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP SoftPaq Download Manager
HP System Default Settings
HP Wireless Assistant
HPAsset component for HP Active Support Library
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Mega Codec Pack 6.8.0
KML Generator 2.05
Malwarebytes Anti-Malware Version 1.60.1.1000
McAfee Security Scan Plus
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 de)
Mozilla Thunderbird 11.0.1 (x86 de)
Mp3tag v2.49a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Blender
PL-2303 USB-to-Serial
Report Builder 6.1
RICOH Media Driver
ScanSoft OmniPage SE 4.0
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sierra Wireless AirCard Watcher
Skype™ 5.8
TeamViewer 6
TeamViewer 7
Tera Term 4.66
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
tools-windows
Total Commander (Remove or Repair)
Unify Runtime 5.2 MSI
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VISUAL Enterprise 6.5.4 SP3
VMware Player
VueScan
Windows Media Player Firefox Plugin
Winmail Opener 1.4
.
==== End Of File ===========================


Logs vom OTL-scan folgen sofort.

Hier die Logs vom Scan:

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.04.2012 17:07:37 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = E:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,54% Memory free
5,95 Gb Paging File | 5,10 Gb Available in Paging File | 85,66% Paging File free
Paging file location(s): s:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,86 Gb Total Space | 77,93 Gb Free Space | 52,35% Space Free | Partition Type: NTFS
Drive E: | 303,04 Gb Total Space | 42,17 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive S: | 13,67 Gb Total Space | 9,89 Gb Free Space | 72,38% Space Free | Partition Type: NTFS
 
Computer Name: NC6400 | User Name: USERNAME | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\USERNAME\AppData\Local\Temp\SFXE2.tmp\SwiApiMux.exe" = C:\Users\USERNAME\AppData\Local\Temp\SFXE2.tmp\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Users\USERNAME\AppData\Local\Temp\SFXB07.tmp\SwiApiMux.exe" = C:\Users\USERNAME\AppData\Local\Temp\SFXB07.tmp\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Users\USERNAME\AppData\Local\Temp\SFXE2.tmp\SwiApiMux.exe" = C:\Users\USERNAME\AppData\Local\Temp\SFXE2.tmp\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Users\USERNAME\AppData\Local\Temp\SFXB07.tmp\SwiApiMux.exe" = C:\Users\USERNAME\AppData\Local\Temp\SFXB07.tmp\SwiApiMux.exe:*:Enabled:SwiApiMux
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{28AE0433-AE75-4F52-BE31-596A1855B84B}" = eDocPrintPro v3.16.1
"{2E415339-7210-4A3B-84EA-E50FE7565F0D}" = gs_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FCE3895-45F7-4C42-9AB2-4A6D6ED6324F}" = DisplayLink Core Software
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}" = HP 3D DriveGuard
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{AD73C813-335F-45E7-9772-A4583FDFD177}" = HP USB Docking Video
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C0F8FC99-54C8-4532-A5F0-827589F59D10}" = Drive Encryption for HP ProtectTools
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VueScan" = VueScan
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03669661-BD0E-43D2-AA4B-05AE00E9E06B}" = Report Builder 6.1
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24843DF0-CDC7-4BDF-B68E-F529DFC00D3E}" = HP ProtectTools Security Manager
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{3F654DC2-E9E9-4D23-824A-622BF224E807}" = VISUAL Enterprise 6.5.4 SP3
"{45B8441A-0346-4D6C-88A8-01821DA28D04}" = eDocPrintPro v3.15.2
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}" = gs_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}" = HP Broadband Wireless Modules
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}" = Gupta Runtime 4.0
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEBED0B3-2405-485C-A2FE-CD0EA0E39DB8}_is1" = KML Generator 2.05
"{B570A046-A176-4BBA-8C33-E8844E1C6F98}" = HP SoftPaq Download Manager
"{B9293A66-5F9A-4442-B690-922EF5A501DB}" = HP System Default Settings
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BEF99123-C1DC-479B-9445-DE3E026F320E}" = HP JavaCard for HP ProtectTools
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE619CFC-F5C0-43CC-AA66-BEDDA623CCA1}" = Sierra Wireless AirCard Watcher
"{D11F12BE-A881-4157-B2D2-A676CD7FB1F0}" = Unify Runtime 5.2 MSI
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis*True*Image*Home
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FBB496BD-3196-45BE-BE6C-6594467CDA43}" = VISUAL Enterprise 6.5.4 SP3
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Any DVD Shrink_is1" = Any DVD Shrink 1.3.1
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.3.0
"ElsterFormular 12.4.0.7094u" = ElsterFormular
"ElsterFormular 13.0.0.8086k" = ElsterFormular
"Free Studio_is1" = Free Studio version 5.3.2
"FreePDF_XP" = FreePDF (Remove only)
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"GMX Upload-Manager" = GMX Upload-Manager
"HP Battery Check" = HP Battery Check
"InstallShield_{03669661-BD0E-43D2-AA4B-05AE00E9E06B}" = Report Builder 6.1
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Mp3tag" = Mp3tag v2.49a
"PDF Blender" = PDF Blender
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Tera Term_is1" = Tera Term 4.66
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VMware_Player" = VMware Player
"VueScan" = VueScan
"Winmail Opener" = Winmail Opener 1.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Und dann noch OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.04.2012 17:07:37 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = E:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,54% Memory free
5,95 Gb Paging File | 5,10 Gb Available in Paging File | 85,66% Paging File free
Paging file location(s): s:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,86 Gb Total Space | 77,93 Gb Free Space | 52,35% Space Free | Partition Type: NTFS
Drive E: | 303,04 Gb Total Space | 42,17 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive S: | 13,67 Gb Total Space | 9,89 Gb Free Space | 72,38% Space Free | Partition Type: NTFS
 
Computer Name: NC6400 | User Name: USERNAME | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll (Bioscrypt Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (Sierra Wireless, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (InforVisualDrillback) -- C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (SWIHPWMI) -- C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (uigxrdr) -- C:\Windows\SysNative\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys (SafeBoot International)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (RICOH SmartCard Reader) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tifm21) -- C:\Windows\SysNative\drivers\tifm21.sys (Texas Instruments)
DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (GTIPCI21) -- C:\Windows\SysNative\drivers\gtipci21.sys (Texas Instruments)
DRV:64bit: - (SMSCIRDA) -- C:\Windows\SysNative\drivers\smscir64.sys (SMSC)
DRV:64bit: - (SWUMX02) HP hs2300 USB MUX Driver (#02) -- C:\Windows\SysNative\drivers\swumx02.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC8U02) HP hs2300 MUX NDIS Driver (#02) -- C:\Windows\SysNative\drivers\SWNC8U02.sys (Sierra Wireless Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 4C 45 FF 6B E7 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {3D29B508-385B-4AA2-90A3-B5E89FD6786A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D29B508-385B-4AA2-90A3-B5E89FD6786A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 10:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 11:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.13 11:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.22 23:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.16 22:42:43 | 000,000,000 | ---D | M]
 
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Extensions
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions
[2011.02.07 12:57:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.22 10:28:57 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player@2020Technologies.com
[2011.07.15 19:21:39 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\DeviceDetection@logitech.com
[2012.01.14 20:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.20 11:59:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.14 20:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.14 20:33:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.14 20:33:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.14 20:33:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.14 20:33:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.14 20:33:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [atchk] C:\Program Files (x86)\Intel\AMT\atchk.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKCU..\Run: [GMX SMS-Manager] C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKCU..\Run: [GMX_GMX Upload-Manager] C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - Startup: C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITS Background Download {6B6FD2A2-C085-4392-AE69-60F770122BBF}.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD21CB7-7BFC-408F-9D5A-450E53F4F3A8}: DhcpNameServer = 62.134.11.4 195.182.110.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0B6CA5-A7F9-4BF7-BCE1-7F3EC2807534}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AFDEA4-D3DC-4C3B-A73B-E7ED141BA0A3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell - "" = AutoRun
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.01 17:40:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.01 17:03:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\USERNAME\Desktop\OTL.exe
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.27 10:01:17 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX
[2012.03.18 22:26:45 | 000,000,000 | ---D | C] -- C:\Atlanta
[2012.03.18 22:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Unify
[2012.03.18 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unify
[2012.03.16 18:36:23 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\mesoludlg.exe
[2012.03.16 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.03.16 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.03.16 18:36:08 | 000,989,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\heciudlg.exe
[2012.03.16 15:44:47 | 000,000,000 | ---D | C] -- C:\Auslagerung von E
[2012.03.16 13:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012.03.16 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012.03.16 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012.03.16 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infor Global Solutions
[2012.03.16 13:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infor Global Solutions
[2012.03.16 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gupta
[2012.03.16 13:17:15 | 000,000,000 | ---D | C] -- C:\Infor
[2012.03.15 10:10:45 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\4.0
[2012.03.15 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\.tfo4
[2012.03.15 08:53:21 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.15 08:53:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.15 08:53:20 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.15 08:36:48 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.15 08:35:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.15 08:35:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.15 08:35:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.15 08:35:45 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.03.15 08:35:45 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.15 08:35:45 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.09 20:44:39 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Images
[2012.03.09 20:44:04 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Videos
[2012.03.09 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.03.09 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2012.03.06 20:56:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.03.06 20:56:16 | 000,000,000 | ---D | C] -- C:\Intel
[2012.03.04 12:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic
[2012.03.04 12:10:59 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Tabctl32.ocx
[2012.03.04 12:10:59 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscmcde.dll
[2012.03.04 12:10:59 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb6de.dll
[2012.03.04 12:10:59 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2012.03.04 12:10:59 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mswinsck.ocx
[2012.03.04 12:10:59 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Tabctde.dll
[2012.03.04 12:10:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winskde.dll
[2012.03.04 12:10:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stdftde.dll
[2012.03.04 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\BOM
[2012.03.04 12:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biet-O-Matic
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.01 17:06:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 17:06:03 | 3195,330,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 17:03:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\USERNAME\Desktop\OTL.exe
[2012.04.01 16:58:23 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 16:58:23 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 16:58:12 | 001,621,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.01 16:58:12 | 000,701,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.01 16:58:12 | 000,655,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.01 16:58:12 | 000,150,226 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.01 16:58:12 | 000,123,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.01 16:51:25 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.01 16:38:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 16:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 10:01:17 | 000,001,097 | ---- | M] () -- C:\Users\USERNAME\Desktop\GMX SMS-Manager.lnk
[2012.03.23 19:46:36 | 000,000,818 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.03.22 12:46:58 | 000,002,865 | ---- | M] () -- C:\Users\USERNAME\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | M] () -- C:\Users\USERNAME\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 09:55:39 | 000,288,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.19 02:33:49 | 000,049,936 | ---- | M] () -- C:\Users\USERNAME\Desktop\winmail.dat
[2012.03.17 00:17:12 | 001,603,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.16 13:54:26 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.16 02:32:27 | 000,007,600 | ---- | M] () -- C:\Users\USERNAME\AppData\Local\Resmon.ResmonCfg
[2012.03.15 19:03:36 | 000,000,429 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.03.09 16:19:53 | 003,005,648 | ---- | M] () -- C:\Users\USERNAME\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | M] () -- C:\Users\USERNAME\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:32 | 000,051,418 | ---- | M] () -- C:\Users\USERNAME\Desktop\ss4.jpg
[2012.03.06 21:47:25 | 000,021,614 | ---- | M] () -- C:\Users\USERNAME\Desktop\nidec Daten Atlanta.csv
[2012.03.04 21:43:42 | 021,145,048 | ---- | M] () -- C:\Users\USERNAME\Desktop\global6.the
[2012.03.04 12:11:19 | 000,001,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
[2012.03.04 12:11:19 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2012.03.03 08:43:10 | 209,391,104 | ---- | M] () -- C:\Users\USERNAME\Desktop\SSQL_fresh.bkp
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.01 16:38:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | C] () -- C:\Users\USERNAME\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | C] () -- C:\Users\USERNAME\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | C] () -- C:\Users\USERNAME\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 02:33:48 | 000,049,936 | ---- | C] () -- C:\Users\USERNAME\Desktop\winmail.dat
[2012.03.16 13:54:26 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.09 16:19:53 | 003,005,648 | ---- | C] () -- C:\Users\USERNAME\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | C] () -- C:\Users\USERNAME\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:11 | 000,051,418 | ---- | C] () -- C:\Users\USERNAME\Desktop\ss4.jpg
[2012.03.07 16:41:51 | 007,772,957 | ---- | C] () -- C:\Users\USERNAME\Desktop\VM.chm
[2012.03.06 21:47:25 | 000,021,614 | ---- | C] () -- C:\Users\USERNAME\Desktop\nidec Daten Atlanta.csv
[2012.03.05 10:32:46 | 016,215,552 | ---- | C] () -- C:\Users\USERNAME\Desktop\V7ALLES2.bak
[2012.03.05 09:34:02 | 021,145,048 | ---- | C] () -- C:\Users\USERNAME\Desktop\global6.the
[2012.03.04 12:11:19 | 000,001,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
[2012.03.04 12:11:19 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2012.03.04 12:10:59 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.03.03 08:46:15 | 209,391,104 | ---- | C] () -- C:\Users\USERNAME\Desktop\SSQL_fresh.bkp
[2012.02.26 21:26:25 | 000,007,600 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\Resmon.ResmonCfg
[2012.01.27 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\{FB3C2F14-696D-4AD0-81A8-317EE23E6195}
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.11 16:05:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.11 16:05:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.03.23 12:41:41 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.31 15:25:28 | 001,603,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.23 19:01:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.23 19:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.23 19:01:28 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.23 19:01:28 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.23 19:01:28 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.07 23:04:11 | 000,010,752 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 19:21:02 | 000,000,818 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.05 19:21:02 | 000,000,429 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.05 18:11:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Acronis
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Any DVD Shrink
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\avidemux
[2012.04.01 16:52:31 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\BOM
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\GMX
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\IrfanView
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Mp3tag
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Sierra Wireless
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Thunderbird
[2012.02.17 11:38:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4

< End of report >
         
--- --- ---

Geändert von tolpi (01.04.2012 um 17:50 Uhr)

Alt 02.04.2012, 15:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Zitat:
Nach einem Neustart wurde beim ersten Scan mit Malwarebytes die Datei ch8l0.exe gefunden und bereinigt. Beim 2. Scan nach einem Neustart wurde nichts mehr gefunden.
Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 02.04.2012, 18:17   #3
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



ok - sorry, wusste nicht, dass diese Logs auch wichtig sind.

Finde ich irgendwo ein Log von Kaspersky? Ich hatte ja als erstes die Kaspersky-Notfall-CD verwendet um das unlock-Tool zu entfernen. Da da ja alles von der CD gestartet wurde, gibts vielleicht kein Log?!?

Hier das Log von Malwarebytes, das die im Titel genannt exe gefunden und gelöscht hat:

Code:
ATTFilter
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Test :: NC6400 [Administrator]

01.04.2012 16:39:11
mbam-log-2012-04-01 (16-39-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198822
Laufzeit: 7 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Test\AppData\Local\Temp\ch8l0.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
NAch diesem ersten Scan liefen alle Quickscans ohne Fund durch. Ein Scan des kompletten Systems ergab den Fund eines files, was mit RiskWare.Tool.CK indentifiziert wurde:

Code:
ATTFilter
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Test :: NC6400 [Administrator]

01.04.2012 18:01:33
mbam-log-2012-04-01 (18-01-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416041
Laufzeit: 1 Stunde(n), 21 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Setup\Scripts\install.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
danach liefen ein weiterer Quickscan und ein kompletter Scan ohne Fund durch.

Danke für Deine Unterstützung!
__________________

Alt 02.04.2012, 21:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.04.2012, 21:19   #5
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Ich habe Malwarebytes gestern erst installiert. Alle logs habe ich mal zusammengepackt. siehe unten. Es gibt ein Log mit dem Datum 12.01.2012 - ich kann mich aber nicht daran erinnern das Tools schon mal genutzt zu haben....

Da gibt es auch ein Quarantäne-Verzeichnis in dem einige Dateien drin stehen. Macht es Sinn das anzuschauen? Habs mal hier hin kopiert:

hxxp://troebs.de/BKA/Malwarebytes_Anti-Malware.rar

Das Verzeichnis sieht so aus:


alle Logs von MWB als zip hier:
hxxp://troebs.de/BKA/logs.rar

Ich hoffe das mit den Links funktioniert....


Alt 03.04.2012, 09:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Ja hat geklappt mit den Logs

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe

Alt 03.04.2012, 16:18   #7
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hallo Arne,
und wieder was gefunden....

hier der Log von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=702a4e0f650a2e4d91c2ed852c20f480
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-03 01:55:45
# local_time=2012-04-03 03:55:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 59316 1003168418 52083 0
# compatibility_mode=5893 16776573 100 94 140896 85079632 0 0
# compatibility_mode=8192 67108863 100 0 242 242 0 0
# scanned=232662
# found=1
# cleaned=1
# scan_time=11562
C:\Users\Test\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\659f0946-6b24fb1d	Java/Exploit.CVE-2012-0507.E trojan (deleted - quarantined)	00000000000000000000000000000000	C
         
Habe eben noch einen anderen Rechner hier bei mir im Netz durchsuchen lassen - er scheint sauber (mit Malwarebytes und ESET gescannt)...

Und nun?

Alt 03.04.2012, 19:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2012, 21:11   #9
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hallo Arne,
ich hab eben mal alles im Startmenü durchgesehen und mit dem Rechner normal gearbeitet. Es scheint alles zu gehen (was ich heute genutzt habe) und im Startmenü fehlt eigentlich nix....

Gruß und schönen Abend Dir!
Heiko

Alt 03.04.2012, 21:13   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2012, 22:29   #11
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hier das Log vom OTL-Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2012 21:18:11 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Test\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,14% Memory free
5,95 Gb Paging File | 3,85 Gb Available in Paging File | 64,72% Paging File free
Paging file location(s): s:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,86 Gb Total Space | 76,80 Gb Free Space | 51,59% Space Free | Partition Type: NTFS
Drive E: | 303,04 Gb Total Space | 42,61 Gb Free Space | 14,06% Space Free | Partition Type: NTFS
Drive S: | 13,67 Gb Total Space | 9,83 Gb Free Space | 71,95% Space Free | Partition Type: NTFS
 
Computer Name: NC6400 | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe (Bioscrypt Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll (Bioscrypt Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (Sierra Wireless, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (InforVisualDrillback) -- C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (SWIHPWMI) -- C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (uigxrdr) -- C:\Windows\SysNative\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (RICOH SmartCard Reader) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tifm21) -- C:\Windows\SysNative\drivers\tifm21.sys (Texas Instruments)
DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (GTIPCI21) -- C:\Windows\SysNative\drivers\gtipci21.sys (Texas Instruments)
DRV:64bit: - (SMSCIRDA) -- C:\Windows\SysNative\drivers\smscir64.sys (SMSC)
DRV:64bit: - (SWUMX02) HP hs2300 USB MUX Driver (#02) -- C:\Windows\SysNative\drivers\swumx02.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC8U02) HP hs2300 MUX NDIS Driver (#02) -- C:\Windows\SysNative\drivers\SWNC8U02.sys (Sierra Wireless Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 4C 45 FF 6B E7 CC 01  [binary data]
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes,DefaultScope = {3D29B508-385B-4AA2-90A3-B5E89FD6786A}
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes\{3D29B508-385B-4AA2-90A3-B5E89FD6786A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 10:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 11:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.13 11:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.22 23:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.16 22:42:43 | 000,000,000 | ---D | M]
 
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions
[2011.02.07 12:57:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.22 10:28:57 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player@2020Technologies.com
[2011.07.15 19:21:39 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\DeviceDetection@logitech.com
[2012.01.14 20:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.20 11:59:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.14 20:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.14 20:33:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.14 20:33:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.14 20:33:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.14 20:33:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.14 20:33:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [atchk] C:\Program Files (x86)\Intel\AMT\atchk.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [GMX SMS-Manager] C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [GMX_GMX Upload-Manager] C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITS Background Download {6B6FD2A2-C085-4392-AE69-60F770122BBF}.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD21CB7-7BFC-408F-9D5A-450E53F4F3A8}: DhcpNameServer = 62.134.11.4 195.182.110.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0B6CA5-A7F9-4BF7-BCE1-7F3EC2807534}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AFDEA4-D3DC-4C3B-A73B-E7ED141BA0A3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell - "" = AutoRun
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 12:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.01 17:45:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Test\Desktop\dds.com
[2012.04.01 17:40:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.01 17:03:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.27 10:01:17 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX
[2012.03.18 22:26:45 | 000,000,000 | ---D | C] -- C:\Atlanta
[2012.03.18 22:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Unify
[2012.03.18 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unify
[2012.03.16 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.03.16 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.03.16 15:44:47 | 000,000,000 | ---D | C] -- C:\Auslagerung von E
[2012.03.16 13:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012.03.16 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012.03.16 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012.03.16 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infor Global Solutions
[2012.03.16 13:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infor Global Solutions
[2012.03.16 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gupta
[2012.03.16 13:17:15 | 000,000,000 | ---D | C] -- C:\Infor
[2012.03.15 10:10:45 | 000,000,000 | ---D | C] -- C:\Users\Test\4.0
[2012.03.15 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\Test\.tfo4
[2012.03.09 20:44:39 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Images
[2012.03.09 20:44:04 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Videos
[2012.03.09 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.03.09 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2012.03.06 20:56:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.03.06 20:56:16 | 000,000,000 | ---D | C] -- C:\Intel
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 21:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 21:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 16:21:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 14:08:41 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 14:08:41 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 14:04:19 | 000,000,818 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.04.03 13:13:50 | 001,654,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.03 13:13:50 | 000,718,362 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.03 13:13:50 | 000,660,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.03 13:13:50 | 000,155,616 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.03 13:13:50 | 000,127,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.02 21:14:39 | 000,301,175 | ---- | M] () -- C:\Users\Test\Desktop\mlwarebytes_quarantine.gif
[2012.04.01 20:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 20:13:44 | 3195,330,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 17:45:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Test\Desktop\dds.com
[2012.04.01 17:44:25 | 000,000,000 | ---- | M] () -- C:\Users\Test\defogger_reenable
[2012.04.01 17:03:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.04.01 16:38:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | M] () -- C:\Users\Test\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | M] () -- C:\Users\Test\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | M] () -- C:\Users\Test\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 09:55:39 | 000,288,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.19 02:33:49 | 000,049,936 | ---- | M] () -- C:\Users\Test\Desktop\winmail.dat
[2012.03.17 00:17:12 | 001,603,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.16 13:54:26 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.16 02:32:27 | 000,007,600 | ---- | M] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2012.03.15 19:03:36 | 000,000,429 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.03.09 16:19:53 | 003,005,648 | ---- | M] () -- C:\Users\Test\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | M] () -- C:\Users\Test\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:32 | 000,051,418 | ---- | M] () -- C:\Users\Test\Desktop\ss4.jpg
[2012.03.06 21:47:25 | 000,021,614 | ---- | M] () -- C:\Users\Test\Desktop\nidec Daten Atlanta.csv
[2012.03.04 21:43:42 | 021,145,048 | ---- | M] () -- C:\Users\Test\Desktop\global6.the
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.02 21:14:37 | 000,301,175 | ---- | C] () -- C:\Users\Test\Desktop\mlwarebytes_quarantine.gif
[2012.04.02 01:58:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.01 17:44:25 | 000,000,000 | ---- | C] () -- C:\Users\Test\defogger_reenable
[2012.04.01 16:38:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | C] () -- C:\Users\Test\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | C] () -- C:\Users\Test\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | C] () -- C:\Users\Test\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 02:33:48 | 000,049,936 | ---- | C] () -- C:\Users\Test\Desktop\winmail.dat
[2012.03.16 13:54:26 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.09 16:19:53 | 003,005,648 | ---- | C] () -- C:\Users\Test\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | C] () -- C:\Users\Test\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:11 | 000,051,418 | ---- | C] () -- C:\Users\Test\Desktop\ss4.jpg
[2012.03.07 16:41:51 | 007,772,957 | ---- | C] () -- C:\Users\Test\Desktop\VM.chm
[2012.03.06 21:47:25 | 000,021,614 | ---- | C] () -- C:\Users\Test\Desktop\nidec Daten Atlanta.csv
[2012.03.05 10:32:46 | 016,215,552 | ---- | C] () -- C:\Users\Test\Desktop\V7ALLES2.bak
[2012.03.05 09:34:02 | 021,145,048 | ---- | C] () -- C:\Users\Test\Desktop\global6.the
[2012.03.04 12:10:59 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.02.26 21:26:25 | 000,007,600 | ---- | C] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2012.01.27 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Test\AppData\Local\{FB3C2F14-696D-4AD0-81A8-317EE23E6195}
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.11 16:05:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.11 16:05:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.03.23 12:41:41 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.31 15:25:28 | 001,603,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.23 19:01:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.23 19:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.23 19:01:28 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.23 19:01:28 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.23 19:01:28 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.07 23:04:11 | 000,010,752 | ---- | C] () -- C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 19:21:02 | 000,000,818 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.05 19:21:02 | 000,000,429 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.05 18:11:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Acronis
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Any DVD Shrink
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\avidemux
[2012.04.01 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BOM
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GMX
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\IrfanView
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mp3tag
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Sierra Wireless
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Thunderbird
[2012.02.17 11:38:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Acronis
[2011.12.23 01:08:04 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Adobe
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Any DVD Shrink
[2010.10.05 18:12:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ATI
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\avidemux
[2010.11.09 19:53:56 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Avira
[2012.04.01 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BOM
[2011.07.25 11:56:59 | 000,000,000 | R--D | M] -- C:\Users\Test\AppData\Roaming\Brother
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.19 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DivX
[2011.04.11 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Download Manager
[2011.12.22 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\dvdcss
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GMX
[2012.03.16 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Hewlett-Packard
[2011.12.18 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\hpqLog
[1980.02.28 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Identities
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\IrfanView
[2010.11.09 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Macromedia
[2012.04.02 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Media Center Programs
[2011.02.11 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Media Player Classic
[2012.02.21 18:57:28 | 000,000,000 | --SD | M] -- C:\Users\Test\AppData\Roaming\Microsoft
[2012.01.11 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mozilla
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mp3tag
[2012.01.12 14:31:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\NCH Software
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Sierra Wireless
[2012.04.03 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Skype
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Thunderbird
[2012.03.30 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\VMware
[2011.01.13 00:44:45 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.10 17:27:46 | 004,912,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv10.exe
[2012.02.10 17:30:46 | 004,913,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv11.exe
[2012.02.10 17:33:19 | 004,891,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.02.10 17:31:13 | 008,843,080 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.02.10 17:34:38 | 005,205,288 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur09.exe
[2012.02.10 17:28:08 | 005,198,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur10.exe
[2012.02.10 17:35:19 | 005,030,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst09.exe
[2012.02.10 17:28:46 | 005,030,504 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst10.exe
[2012.02.10 17:34:58 | 004,995,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz09.exe
[2012.02.10 17:28:27 | 004,996,720 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz10.exe
[2012.02.10 17:29:06 | 004,967,408 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta10.exe
[2012.02.10 17:31:34 | 004,972,776 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta11.exe
[2012.02.10 17:33:38 | 004,944,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.02.10 17:29:25 | 005,131,216 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb10.exe
[2012.02.10 17:31:54 | 005,127,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb11.exe
[2012.02.10 17:33:58 | 005,149,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.02.10 17:35:39 | 005,557,960 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a09.exe
[2012.02.10 17:29:45 | 005,567,360 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a10.exe
[2012.02.10 17:32:15 | 005,545,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.02.10 17:35:59 | 005,084,608 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust09.exe
[2012.02.10 17:30:27 | 005,088,992 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust10.exe
[2012.02.10 17:33:00 | 005,026,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.02.10 17:30:04 | 004,984,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva10.exe
[2012.02.10 17:32:35 | 005,004,024 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva11.exe
[2012.02.10 17:34:17 | 004,939,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.02.10 17:21:24 | 007,810,912 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8086.exe
[2012.02.10 17:21:52 | 007,089,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8086.exe
[2012.02.10 17:25:45 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe
[2011.12.23 01:07:57 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.23 01:07:53 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.01.23 16:51:28 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
[2011.06.07 15:23:19 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2012.03.16 13:17:18 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}\ARPPRODUCTICON.exe
[2010.10.05 17:58:48 | 000,010,134 | R--- | M] () -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2012.03.18 22:44:26 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{D11F12BE-A881-4157-B2D2-A676CD7FB1F0}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.12.18 21:08:44 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.05.14 22:45:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.14 22:45:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4

< End of report >
         
--- --- ---

Alt 03.04.2012, 22:31   #12
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hier das Log vom OTL-Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2012 21:18:11 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Test\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,14% Memory free
5,95 Gb Paging File | 3,85 Gb Available in Paging File | 64,72% Paging File free
Paging file location(s): s:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,86 Gb Total Space | 76,80 Gb Free Space | 51,59% Space Free | Partition Type: NTFS
Drive E: | 303,04 Gb Total Space | 42,61 Gb Free Space | 14,06% Space Free | Partition Type: NTFS
Drive S: | 13,67 Gb Total Space | 9,83 Gb Free Space | 71,95% Space Free | Partition Type: NTFS
 
Computer Name: NC6400 | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Test\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe (Bioscrypt Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll (Bioscrypt Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (Sierra Wireless, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (InforVisualDrillback) -- C:/Infor/VISUAL Enterprise654/VISUAL Manufacturing/http2vm.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (SWIHPWMI) -- C:\Program Files (x86)\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (uigxrdr) -- C:\Windows\SysNative\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (RICOH SmartCard Reader) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tifm21) -- C:\Windows\SysNative\drivers\tifm21.sys (Texas Instruments)
DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (GTIPCI21) -- C:\Windows\SysNative\drivers\gtipci21.sys (Texas Instruments)
DRV:64bit: - (SMSCIRDA) -- C:\Windows\SysNative\drivers\smscir64.sys (SMSC)
DRV:64bit: - (SWUMX02) HP hs2300 USB MUX Driver (#02) -- C:\Windows\SysNative\drivers\swumx02.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC8U02) HP hs2300 MUX NDIS Driver (#02) -- C:\Windows\SysNative\drivers\SWNC8U02.sys (Sierra Wireless Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 4C 45 FF 6B E7 CC 01  [binary data]
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes,DefaultScope = {3D29B508-385B-4AA2-90A3-B5E89FD6786A}
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\..\SearchScopes\{3D29B508-385B-4AA2-90A3-B5E89FD6786A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 10:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 11:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.13 11:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.22 23:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.16 22:42:43 | 000,000,000 | ---D | M]
 
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions
[2011.02.07 12:57:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.22 10:28:57 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player@2020Technologies.com
[2011.07.15 19:21:39 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.08.09 02:40:47 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Test\AppData\Roaming\mozilla\Firefox\Profiles\sxu8eipe.default\extensions\DeviceDetection@logitech.com
[2012.01.14 20:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.20 11:59:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.14 20:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.14 20:33:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.14 20:33:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.14 20:33:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.14 20:33:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.14 20:33:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [atchk] C:\Program Files (x86)\Intel\AMT\atchk.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [GMX SMS-Manager] C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [GMX_GMX Upload-Manager] C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1939634070-2386480162-4126797108-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITS Background Download {6B6FD2A2-C085-4392-AE69-60F770122BBF}.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Background Download As - C:\BITS_Plugin\bits_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36213130-700D-429B-A81C-6ECFB691C31E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD21CB7-7BFC-408F-9D5A-450E53F4F3A8}: DhcpNameServer = 62.134.11.4 195.182.110.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B8F75F-E739-4CC7-92A8-F1CB1EC02F7B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0B6CA5-A7F9-4BF7-BCE1-7F3EC2807534}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AFDEA4-D3DC-4C3B-A73B-E7ED141BA0A3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell - "" = AutoRun
O33 - MountPoints2\{d44e78f6-d5df-11df-b9fd-001641c6cce5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 12:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.01 17:45:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Test\Desktop\dds.com
[2012.04.01 17:40:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.01 17:03:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.01 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.27 10:01:17 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX
[2012.03.18 22:26:45 | 000,000,000 | ---D | C] -- C:\Atlanta
[2012.03.18 22:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Unify
[2012.03.18 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unify
[2012.03.16 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.03.16 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.03.16 15:44:47 | 000,000,000 | ---D | C] -- C:\Auslagerung von E
[2012.03.16 13:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012.03.16 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012.03.16 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2012.03.16 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012.03.16 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infor Global Solutions
[2012.03.16 13:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infor Global Solutions
[2012.03.16 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gupta
[2012.03.16 13:17:15 | 000,000,000 | ---D | C] -- C:\Infor
[2012.03.15 10:10:45 | 000,000,000 | ---D | C] -- C:\Users\Test\4.0
[2012.03.15 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\Test\.tfo4
[2012.03.09 20:44:39 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Images
[2012.03.09 20:44:04 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Videos
[2012.03.09 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.03.09 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2012.03.06 20:56:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.03.06 20:56:16 | 000,000,000 | ---D | C] -- C:\Intel
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 21:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 21:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 16:21:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 14:08:41 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 14:08:41 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 14:04:19 | 000,000,818 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.04.03 13:13:50 | 001,654,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.03 13:13:50 | 000,718,362 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.03 13:13:50 | 000,660,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.03 13:13:50 | 000,155,616 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.03 13:13:50 | 000,127,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.02 21:14:39 | 000,301,175 | ---- | M] () -- C:\Users\Test\Desktop\mlwarebytes_quarantine.gif
[2012.04.01 20:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 20:13:44 | 3195,330,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 17:45:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Test\Desktop\dds.com
[2012.04.01 17:44:25 | 000,000,000 | ---- | M] () -- C:\Users\Test\defogger_reenable
[2012.04.01 17:03:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.04.01 16:38:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | M] () -- C:\Users\Test\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | M] () -- C:\Users\Test\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | M] () -- C:\Users\Test\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 09:55:39 | 000,288,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.19 02:33:49 | 000,049,936 | ---- | M] () -- C:\Users\Test\Desktop\winmail.dat
[2012.03.17 00:17:12 | 001,603,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.16 13:54:26 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.16 02:32:27 | 000,007,600 | ---- | M] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2012.03.15 19:03:36 | 000,000,429 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.03.09 16:19:53 | 003,005,648 | ---- | M] () -- C:\Users\Test\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | M] () -- C:\Users\Test\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:32 | 000,051,418 | ---- | M] () -- C:\Users\Test\Desktop\ss4.jpg
[2012.03.06 21:47:25 | 000,021,614 | ---- | M] () -- C:\Users\Test\Desktop\nidec Daten Atlanta.csv
[2012.03.04 21:43:42 | 021,145,048 | ---- | M] () -- C:\Users\Test\Desktop\global6.the
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.02 21:14:37 | 000,301,175 | ---- | C] () -- C:\Users\Test\Desktop\mlwarebytes_quarantine.gif
[2012.04.02 01:58:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.01 17:44:25 | 000,000,000 | ---- | C] () -- C:\Users\Test\defogger_reenable
[2012.04.01 16:38:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 10:01:17 | 000,001,097 | ---- | C] () -- C:\Users\Test\Desktop\GMX SMS-Manager.lnk
[2012.03.22 12:46:58 | 000,002,865 | ---- | C] () -- C:\Users\Test\Desktop\PROPlantronics - Verknüpfung.lnk
[2012.03.19 15:57:52 | 000,002,857 | ---- | C] () -- C:\Users\Test\Desktop\Calisto PLT - Verknüpfung.lnk
[2012.03.19 02:33:48 | 000,049,936 | ---- | C] () -- C:\Users\Test\Desktop\winmail.dat
[2012.03.16 13:54:26 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012.03.16 13:18:42 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Enterprise 6.5.4.lnk
[2012.03.16 13:18:14 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\VISUAL Financials 6.5.4.lnk
[2012.03.09 16:19:53 | 003,005,648 | ---- | C] () -- C:\Users\Test\Desktop\Junkers Cerastar zwr 24-5 Serviceheft-5_7_181_465_676.pdf
[2012.03.09 15:27:56 | 000,001,984 | ---- | C] () -- C:\Users\Test\Desktop\CrystalDiskInfo.lnk
[2012.03.09 13:47:11 | 000,051,418 | ---- | C] () -- C:\Users\Test\Desktop\ss4.jpg
[2012.03.07 16:41:51 | 007,772,957 | ---- | C] () -- C:\Users\Test\Desktop\VM.chm
[2012.03.06 21:47:25 | 000,021,614 | ---- | C] () -- C:\Users\Test\Desktop\nidec Daten Atlanta.csv
[2012.03.05 10:32:46 | 016,215,552 | ---- | C] () -- C:\Users\Test\Desktop\V7ALLES2.bak
[2012.03.05 09:34:02 | 021,145,048 | ---- | C] () -- C:\Users\Test\Desktop\global6.the
[2012.03.04 12:10:59 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.02.26 21:26:25 | 000,007,600 | ---- | C] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2012.01.27 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Test\AppData\Local\{FB3C2F14-696D-4AD0-81A8-317EE23E6195}
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011.12.18 19:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.11 16:05:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.11 16:05:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.03.23 12:41:41 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.31 15:25:28 | 001,603,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.23 19:01:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.23 19:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.23 19:01:28 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.23 19:01:28 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.23 19:01:28 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.07 23:04:11 | 000,010,752 | ---- | C] () -- C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 19:21:02 | 000,000,818 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.05 19:21:02 | 000,000,429 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.05 18:11:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Acronis
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Any DVD Shrink
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\avidemux
[2012.04.01 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BOM
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GMX
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\IrfanView
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mp3tag
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Sierra Wireless
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Thunderbird
[2012.02.17 11:38:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Acronis
[2011.12.23 01:08:04 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Adobe
[2011.09.14 15:00:25 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Any DVD Shrink
[2010.10.05 18:12:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ATI
[2011.08.27 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\avidemux
[2010.11.09 19:53:56 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Avira
[2012.04.01 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BOM
[2011.07.25 11:56:59 | 000,000,000 | R--D | M] -- C:\Users\Test\AppData\Roaming\Brother
[2011.02.17 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canneverbe Limited
[2012.03.15 15:33:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Canon
[2011.12.23 01:08:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.12.19 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DivX
[2011.04.11 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Download Manager
[2011.12.22 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\dvdcss
[2011.12.22 20:21:14 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoft
[2011.02.07 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\elsterformular
[2011.01.06 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GetRightToGo
[2012.02.21 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011.01.31 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GMX
[2012.03.16 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Hewlett-Packard
[2011.12.18 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\hpqLog
[1980.02.28 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Identities
[2010.10.05 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\InterTrust
[2011.06.21 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\IrfanView
[2010.11.09 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Macromedia
[2012.04.02 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Media Center Programs
[2011.02.11 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Media Player Classic
[2012.02.21 18:57:28 | 000,000,000 | --SD | M] -- C:\Users\Test\AppData\Roaming\Microsoft
[2012.01.11 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mozilla
[2011.12.23 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Mp3tag
[2012.01.12 14:31:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\NCH Software
[2011.03.23 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ScanSoft
[2011.02.06 23:57:50 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Sierra Wireless
[2012.04.03 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Skype
[2012.03.19 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2011.01.06 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Thunderbird
[2012.03.30 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\VMware
[2011.01.13 00:44:45 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.10 17:27:46 | 004,912,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv10.exe
[2012.02.10 17:30:46 | 004,913,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv11.exe
[2012.02.10 17:33:19 | 004,891,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.02.10 17:31:13 | 008,843,080 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.02.10 17:34:38 | 005,205,288 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur09.exe
[2012.02.10 17:28:08 | 005,198,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur10.exe
[2012.02.10 17:35:19 | 005,030,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst09.exe
[2012.02.10 17:28:46 | 005,030,504 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst10.exe
[2012.02.10 17:34:58 | 004,995,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz09.exe
[2012.02.10 17:28:27 | 004,996,720 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz10.exe
[2012.02.10 17:29:06 | 004,967,408 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta10.exe
[2012.02.10 17:31:34 | 004,972,776 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta11.exe
[2012.02.10 17:33:38 | 004,944,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.02.10 17:29:25 | 005,131,216 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb10.exe
[2012.02.10 17:31:54 | 005,127,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb11.exe
[2012.02.10 17:33:58 | 005,149,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.02.10 17:35:39 | 005,557,960 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a09.exe
[2012.02.10 17:29:45 | 005,567,360 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a10.exe
[2012.02.10 17:32:15 | 005,545,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.02.10 17:35:59 | 005,084,608 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust09.exe
[2012.02.10 17:30:27 | 005,088,992 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust10.exe
[2012.02.10 17:33:00 | 005,026,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.02.10 17:30:04 | 004,984,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva10.exe
[2012.02.10 17:32:35 | 005,004,024 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva11.exe
[2012.02.10 17:34:17 | 004,939,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.02.10 17:21:24 | 007,810,912 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8086.exe
[2012.02.10 17:21:52 | 007,089,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8086.exe
[2012.02.10 17:25:45 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Test\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe
[2011.12.23 01:07:57 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.23 01:07:53 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.01.23 16:51:28 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
[2011.06.07 15:23:19 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2012.03.16 13:17:18 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}\ARPPRODUCTICON.exe
[2010.10.05 17:58:48 | 000,010,134 | R--- | M] () -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2012.03.18 22:44:26 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Test\AppData\Roaming\Microsoft\Installer\{D11F12BE-A881-4157-B2D2-A676CD7FB1F0}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.12.18 21:08:44 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.12.18 21:08:45 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.05.14 22:45:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.14 22:45:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4

< End of report >
         
--- --- ---

[/CODE]

Alt 04.04.2012, 12:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Sagmal gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.04.2012, 12:40   #14
tolpi
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Hallo Arne,

dieser player ist doch bei dem DIVX-Pack mit dabei gewesen. HAb vor langer Zeit mal mit Divix ein paar Hochzeits-Videos komprimiert... brauch ich ned mehr! Is der illegal?

Zum Thema Video schauen: da gibts genug für meine geringe Zeit in der Mediathek der öffentlich rechtlichen.... ausserdem ist Babyschauen bei uns noch viel spannender!

Hab grad nochmal geschaut. Das DIVIX plus pack ist wohl noch installiert.... finde es aber nicht zum deinstallieren in der SW-Liste der Systemsteuerung - schon verdächtig!

Dieser BKA-Trojaner erschien bei mir als ich nach Carports für unseren Garten gesucht hab... soweit ich das in Erinnerung hab, gabs da keine Videos rund herum...

Aber seitdem die Browser schon immer vorab-Ansichten laden, wenn man nach was sucht im Netz (v.a. Google), bin ich mir gar nicht mehr sicher, ob man üebrhaupt noch suchen sollte....

wie siehst Du das?

Alt 04.04.2012, 13:46   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Standard

Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe



Zitat:
brauch ich ned mehr! Is der illegal?
Nein das nicht. Aber ich beobachte immer wieder, dass der DivX Web Player genutzt wird, um illegale Streams zu sehen, deswegen kam dieser Hinweis
Schmeiß DivX runter wenn du es nicht mehr brauchst

Zitat:
bin ich mir gar nicht mehr sicher, ob man üebrhaupt noch suchen sollte....
Und was willst du dann machen wenn du was suchst?
Sry versteh nicht wirklich was du meinst
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, abgesicherten, acrobat update, alternate, appdata, board, datei, device driver, durchgeführt, entdeck, folge, folgen, gestartet, google earth, install.exe, konnte, langs, malwarebytes, modus, neustart, nichts, rechner, scan, searchscopes, security scan, sierra, sofort, temp, tool, trojaner, trojaner board, virus, windows, würde, übrig



Ähnliche Themen: Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe


  1. TR/BitCoinMiner.Gen und ander TR Viren in C:/User/Jannis/Appdata/Local/Temp/msupdate
    Log-Analyse und Auswertung - 08.10.2015 (13)
  2. C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem
    Log-Analyse und Auswertung - 07.09.2014 (6)
  3. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  4. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\a.....\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 05.10.2013 (10)
  5. Virus: Win32.Trojan.Agent.KV5KTJ gefunden in Datei: C:\User\xx\AppData\Local\Temp\is1070216317\798896_Setup.EXE
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (11)
  6. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  7. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  8. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  9. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  10. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  11. Fehlermeldung:"Problem beim Starten von C:\Users\user\AppData\Local\Temp\ch810.exe"
    Log-Analyse und Auswertung - 14.05.2012 (27)
  12. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 21.04.2012 (10)
  13. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 11.04.2012 (22)
  14. (2x) Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Mülltonne - 06.04.2012 (0)
  15. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  16. Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (18)
  17. TR/Crypt.XPACK.Gen in C:\User\***\AppData\Local\Temp\...\http.dll
    Log-Analyse und Auswertung - 10.11.2009 (1)

Zum Thema Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe - Hallo Trojaner Board, ich habe eben mir eben einen Bundspolizei-Trojaner eingefangen. AntiVir hat leider nichts entdeckt. Ich nutze Windows7 64Bit ultimate. Im abgesicherten Modus konnte der PC noch gestartet werden. - Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe...
Archiv
Du betrachtest: Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.