Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.10.2012, 08:45   #1
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Hallo zusammen,

ich habe mir eben beim Surfen mit FireFox einen Virus auf den PC geholt. Ich vermute, dass es sich um eine neue variante des BKA handelt.

Folgendes Verhalten: Der PC bootet ganz normal. Nach anmeldung erscheint kurz der Desktop, anschließend werden alle Programme beendet und ein Full-Screen window mit im Betreff genannter Meldung (IE-Style) erscheint.

Der Taskmanager lässt sich einmal öffnen, wobei dieser nach wenigen sekunden (wenn überhaupt so lange) geschlossen wird. Ein zweites mal öffnen resultiert in einem Black-Screen (Strg+Alt+Entf funktioniert zwar noch, aber ein aufruf vom Taskmanager resultiert erneut in direkt in dem Black-Screen).

Mein Problem dabei ist, dass ich nicht von einem Boot-Medium starten oder im Abgesicherten Modus starten kann, da die Festplatte mit Bitlocker verschlüsselt ist und ich den Key nicht habe.

Ich habe einen 2. PC von dem aus ich auf den anderen zugreifen könnte. Könnte so also z. b. Dateien löschen.

Beim letzten mal, als ich den BKA drauf hatte, hat es gereicht, das WLAN auszuschalten (so dass keine Internetverbindung mehr besteht) und der Virus ist nicht gestartet, so dass ich eine Systemwiederherstellung fahren konnte, welches das Problem behoben hat. Anschließendes Java-Update mit Cache-Bereinigung und entfernen der alten 6.X Version habe ich auch durchgeführt.

Was kann ich nun also zun, um den Quälgeist zu beseitigen?

Vielen Dank im Voraus!

Hier noch ein paar Daten zum System:
Windows 7 Enterprise x64
Microsoft Forefront Security
Mein Konto hat lokale Admin-Rechte

Alt 25.10.2012, 13:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Zitat:
Windows 7 Enterprise x64
Microsoft Forefront Security
Mein Konto hat lokale Admin-Rechte
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 25.10.2012, 16:55   #3
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Auch, wenn ich nicht weiß, wie die Frage bei der Problemlösung behilflich sein soll, beantworte ich diese hiermit gerne: Ja, es handelt sich um ein Firmen-Notebook. Dieses befindet sich jedoch nur seltenst im Firmen-Netz und ich komme in naher Zukunft auch nicht ins Büro (250km entfernt), um das Notebook einem Techniker anzuvertrauen.

Ich bin selber auch im IT Bereich Tätig, so dass mir die Risiken einer "Nicht-Neu-Installation" bewusst sind. Ich werde das Notebook bei meinem nächsten Besuch im Büro neu aufsetzen lassen. Dies hilft mir jedoch aktuell nicht weiter :-(

Was kann ich nun also tun, um das Notebook temporär wieder funktionsfähig zu bekommen?

Danke nochmals im Voraus!
__________________

Alt 25.10.2012, 20:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Zitat:
Was kann ich nun also tun, um das Notebook temporär wieder funktionsfähig zu bekommen?
Ich fürchte garnichts. Rescue-System (Live-CD oder Stick) scheidet "dank" der Plattenverschlüsselung aus. => BitLocker
Abgesicherter Modus wird bei dir ja auch schön blockiert. Du stehst vor verrammelten Türen und der Notausgang wurde zugemauert (verschlüsselt)

Ich würde dir echt empfehlen deine Administratorkollegen zu kontaktieren. Wenn du den Key bekommst kannste evtl die Verschlüsselung aufheben aber ob der Aufwand sich lohnt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2012, 21:19   #5
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Gibt es nicht die Möglichkeit, über einen 2. PC die Dateien zu identifizieren und zu löschen, welch vom Trojaner benötigt werden oder remote "den" Prozess des Trojaners zu killen? - Mir würde es ja ausreichen, die Systemwiederherstellung verwenden zu können - Gibt es dazu eine Möglichkeit, dies Remote von einem 2. PC aus zu tätigen?


Alt 26.10.2012, 11:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Zitat:
Gibt es nicht die Möglichkeit, über einen 2. PC die Dateien zu identifizieren und zu löschen,
Wie denn wenn die Platte vollverschlüsselt ist?
Was siehst du denn auf den Windowspartitionen wenn du zB von einem BartPE/OTLPE oder Live-Linux startest?
__________________
--> Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?

Alt 26.10.2012, 11:35   #7
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Ich konnte das Problem nun selbst beheben. Hier meine Vorgehensweise:
  1. PsExec und PsKill auf einem 2. PC herunterladen
  2. Den infizierten PC und den 2. PC ins gleiche Netz bringen (ich habe dabei die Internet-Verbindung am Rooter gekappt)
  3. Den infizierten PC anschalten und sich anmelden, so dass der Rechner durch den Trojaner gesperrt wird
  4. Am 2. PC mit PsExec eine Auflistung der Prozesse generieren (s. u.)
  5. In dem Ergebnis einen Prozess mit zufällig generiertem Namen suchen (z. b. irguhterhg.exe") und die Prozess-Nummer merken
  6. Am 2. PC mit PsKill den gefundenen Prozess Killen (s. u.)
  7. Nun ist der leere Desktop ohne Taskbar und ohne Icons auf dem Desktop sichtbar
  8. Am 2. PC mit PsExec die sessions auslesen (s. u.)
  9. Am 2. PC mit PsExec eine Instanz vom Taskmanager in der User-Session erzeugen (s. u.)
  10. Am infizierten PC mit dem Taskmanager eine Explorer-Instanz erzeugen oder Direkt die Systemwiederherstellung aufrufen
  11. Am infizierten PC die Systemwiederherstellung nutzen, um einen alten Stand zu recovern
  12. Anschließend läuft der Rechner wieder wie zuvor - Schädliche Dateien auf dem PC sollten nun ensprechend gescannt und bereinigt werden.

zu 4.:
Code:
ATTFilter
PsExec.exe \\<infizierterComputer> -u <Domain>\<user> tasklist
         
Anschließend das Passwort eingeben

zu 6.:
Code:
ATTFilter
PsKill.exe \\<infizierterComputer> -u <Domain>\<user> <ProcessNummer>
         
Anschließend das Passwort eingeben

zu 8.:
Code:
ATTFilter
PsExec.exe \\<infizierterComputer> -u <Domain>\<user> query session
         
Anschließend das Passwort eingeben
Die Session sollte die mit Console sein (in der Regel ID 1)

zu 9.:
Code:
ATTFilter
PsExec.exe \\<infizierterComputer> -u <Domain>\<user> taskmgr
         
Anschließend das Passwort eingeben

Alt 26.10.2012, 13:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



hehe, sowas könnte ich schlecht übers Board ausprobieren

Zitat:
Anschließend läuft der Rechner wieder wie zuvor - Schädliche Dateien auf dem PC sollten nun ensprechend gescannt und bereinigt werden.
Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2012, 14:42   #9
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Hier das Log:

Code:
ATTFilter
OTL Extras logfile created on: 26.10.2012 15:26:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<USER_A>\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 70,60% Memory free
15,91 Gb Paging File | 13,31 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,46 Gb Total Space | 246,67 Gb Free Space | 52,99% Space Free | Partition Type: NTFS
Drive E: | 1,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: <Computername> | User Name: <USER_A> | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"{AD3042C2-C666-47F6-9075-116B3C295031}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|LPort=2701|LPort=2702|Name=Windows Management Instrumentation (RPC, SMS Remotecontrol (control, data)|Desc=Für die Remotetools vom Configuration Manager.|
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"{AD3042C2-C666-47F6-9075-116B3C295031}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|LPort=2701|LPort=2702|Name=Windows Management Instrumentation (RPC, SMS Remotecontrol (control, data)|Desc=Für die Remotetools vom Configuration Manager.|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B4D413C-9E19-4087-AA21-D7BD1A9B3075}" = SQL Server 2008 R2 Common Files
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB 
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{24BB9353-944E-46BC-BBA8-B8F83E8DBB51}" = Microsoft SQL Server 2008 R2-Setup (Deutsch)
"{24C3AEE0-4BCE-3190-8EE0-BBA0BF72CAC1}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{29749AC9-FE93-4615-A619-7BAC77C256ED}" = Fujitsu Fingerprint Authentication Library
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{314FAD12-F785-4471-BCE8-AB506642B9A1}" = OmniPass
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{38B1233D-8170-407A-ACE0-C68892D9ACB5}" = Microsoft SQL Server 2008 Management Studio
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{40FE9766-42D5-4A50-8018-7E5C10709D73}" = Microsoft SQL Server 2008 Setup Support Files 
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = SQL Server 2008 R2 Database Engine Services
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{45D7270A-B929-4D67-B176-ABC81161B8ED}" = SQL Server 2008 R2 Database Engine Shared
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client 
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E3AB08B-4203-4CDD-9F15-C016F1BC6453}" = Inst5672
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5343BE4E-B247-41D0-B81D-4E7C55460910}" = Microsoft Forefront Client Security State Assessment Service
"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6AAF4427-3039-4C8A-BE53-D6F01C21AD46}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities 
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}" = Microsoft Forefront Client Security Antimalware Service
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A5CAC599-B3B7-41B4-AE55-A57FFC56F12F}" = Microsoft SQL Server "Denali" CTP3 Setup (English)
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.68
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B95CFA6A-E0E0-4437-A2F0-BE0948B68946}" = Intel(R) PROSet/Wireless WiFi-Software
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9AEABC2-1DD6-3280-9A1A-11E1E8D34AAD}" = Windows Phone Emulator x64 - ENU
"{CB95CD7D-FDCC-449A-86AE-67C257745A0B}" = Microsoft SQL Server 2008 R2 Native Client
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
"{DF3850BD-290D-4BC8-9A35-90FB41C5E4F5}" = Microsoft VSS Writer for SQL Server "Denali" CTP3
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-Bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{05CDC06E-4C55-4EAE-9401-8EF62F60CB69}" = Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
"{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0DD2DCC6-21AE-4678-8629-1084B17BE077}" = Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B8E200-99CC-4203-A8D1-4145FC4D0192}" = Microsoft Expression Blend SDK for Windows Phone OS 7.1
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1a3f91f0-9e94-45f2-923c-794cc156a027}" = Check Point Deployment Shell
"{1B6B2817-89AF-4947-A768-0766D7906BCB}" = AnkhSVN 2.4.11610.27
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2B8D2B28-5F76-4455-B97C-2BD82C2C2B9C}" = Visual Studio Extensions for Windows Library for JavaScript
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{364D5A42-EF92-4612-9B75-B1A2EFF6B660}" = Microsoft Ribbon for WPF Source and Samples (V. 4.0.0.11019)
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin für gehostete Anwendungen
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{45286B12-5838-4A0C-93E7-82605C57C2A5}" = Microsoft Ribbon for WPF October 2010 (Version 4.0.0.11019)
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D05CEB3-647F-4408-BC8C-B1247B107E61}" = Microsoft Silverlight 5 Beta SDK
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{656458ED-DA77-4C82-AF2F-1640C191A2A7}" = Microsoft Advertising SDK for Windows Phone - ENU
"{695E67B6-8B95-4160-9650-92974980CDC1}" = Microsoft SQL Server 2008 Policies
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A7387C0-B74F-47D0-A217-B384E55FE0C9}" = Microsoft XNA Game Studio 4.0 Refresh (Redists)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{6F33C2E2-5E02-4344-90BC-ED55C48341D2}" = WCF Data Services SDK for Windows Phone
"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{786D445C-F3D7-35D2-81AA-60DB61F9F552}" = Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{7de84939-616c-4ce3-ab2a-d704b8d2dd20}" = Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20512
"{7E601C05-4193-4386-85C4-9EAC34B873DD}" = WebEx-Support-Manager für Internet Explorer
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{89690B51-2E21-4E93-914E-F9CAC5B24A84}" = Microsoft XNA Game Studio Platform Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B6ACD2C-68D4-4CBD-86C3-6D5F595CD4FA}" = Microsoft ADO.NET Entity Framework 4.1 - Update 1
"{8DD113A8-811A-404E-A4D7-443D014946AC}" = Microsoft SQL Server Browser
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT 
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}" = Windows Phone SDK 7.1 Assemblies
"{A240191E-4302-435E-86FC-A5717EF0CF38}" = Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{A4CC18F6-DB05-4B03-B724-4128322FA85F}" = Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0
"{A721BC43-E63E-3531-B1BF-6A405F9530BD}" = Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU
"{A7C6BEBC-334D-4D88-AA0F-2192C8C174E8}" = AvalonDock 1.3 (Build 3571)
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B3533B84-A8DF-4A7A-8E95-B15F08B26E96}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{b382eaa8-435e-4ce0-920f-0947d3f64e4c}" = Check Point SSL Network Extender
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BB3A1518-D930-46AD-9306-CFBB1BAC03B7}" = Visual Studio Extensions for Windows Library for JavaScript
"{bd2dc9de-a525-48b8-8b62-f96efd6d81eb}" = Check Point SSL Network Extender Service
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1363D80-05CF-454F-A5A1-E37AE7BD9621}" = Microsoft Visual Studio 2012 Preparation
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6C5A4CA-1EE8-4C73-9679-0BC2946D1353}" = Battery Utility
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects 
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{ddf0bb95-e254-447e-8472-3470057d9c7e}" = Microsoft Visual Studio Premium 2012
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E3EB518B-A8D0-4C86-847C-A86AF0FC8D11}" = Expresso
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE3A5B79-C147-4BD9-952A-E894298C2ACA}" = Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
"{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F692770D-0E27-4D3F-8386-F04C6F434040}" = Microsoft Operations Manager 2005 Agent
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitMeterOS" = BitMeter OS
"Blend_4.0.30816.0" = Microsoft Expression Blend 4
"CamStudio" = CamStudio
"DAEMON Tools Lite" = DAEMON Tools Lite
"Debut" = Debut Video Capture Software
"DeskUpdate_is1" = DeskUpdate 4.12
"Diablo III" = Diablo III
"Drakensang Online" = Drakensang Online
"ElsterFormular 10.3.3.990" = ElsterFormular
"ElsterFormular für Privatanwender und Unternehmer 11.5.2.5481" = ElsterFormular-Update
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = OmniPass
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU" = Windows Phone SDK 7.1 - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pdfsam" = pdfsam
"ProInst" = Intel PROSet Wireless
"SWIQMIDrvInstaller" = Sierra Wireless QMI Driver Package
"TeamViewer 7" = TeamViewer 7
"TuxGuitar_0" = TuxGuitar 1.2
"Visual CertExam Manager_is1" = Visual CertExam Manager 1.9
"VLC media player" = VLC media player 2.0.2
"VMware_Player" = VMware Player
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 Refresh
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2012 03:39:56 | Computer Name = <Computername>.<Domain>.int | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1a10    Startzeit: 01cda84b9c34d03f    Endzeit: 182    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 14.10.2012 06:28:30 | Computer Name = <Computername>.<Domain>.int | Source = Windows Backup | ID = 4103
Description = 
 
Error - 21.10.2012 06:24:45 | Computer Name = <Computername>.<Domain>.int | Source = Windows Backup | ID = 4103
Description = 
 
Error - 23.10.2012 06:29:55 | Computer Name = <Computername>.<Domain>.int | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: D3D10Warp.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b7af  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002b38f  ID des fehlerhaften
 Prozesses: 0x2038  Startzeit der fehlerhaften Anwendung: 0x01cda07c69115319  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\D3D10Warp.dll  Berichtskennung: 95fb7212-1cfc-11e2-ac68-85615af7a370
 
Error - 25.10.2012 03:12:18 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft Operations Manager | ID = 26008
Description = The agent could not resolve the IP of the MOM Server AAFCS01.  The
 error reported is 'Der angegebene Host ist unbekannt.'.
 
Error - 25.10.2012 03:16:43 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft Operations Manager | ID = 26008
Description = The agent could not resolve the IP of the MOM Server AAFCS01.  The
 error reported is 'Der angeforderte Name ist gültig, es wurden jedoch keine Daten
 des angeforderten Typs gefunden.'.
 
Error - 25.10.2012 03:21:06 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft Operations Manager | ID = 26008
Description = The agent could not resolve the IP of the MOM Server AAFCS01.  The
 error reported is 'Der angegebene Host ist unbekannt.'.
 
Error - 26.10.2012 02:10:58 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft Operations Manager | ID = 26008
Description = The agent could not resolve the IP of the MOM Server AAFCS01.  The
 error reported is 'Der angeforderte Name ist gültig, es wurden jedoch keine Daten
 des angeforderten Typs gefunden.'.
 
Error - 26.10.2012 02:39:38 | Computer Name = <Computername>.<Domain>.int | Source = VSS | ID = 8194
Description = 
 
Error - 26.10.2012 03:43:42 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft Operations Manager | ID = 26008
Description = The agent could not resolve the IP of the MOM Server AAFCS01.  The
 error reported is 'Der angeforderte Name ist gültig, es wurden jedoch keine Daten
 des angeforderten Typs gefunden.'.
 
[ OSession Events ]
Error - 17.07.2012 07:21:47 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 98441
 seconds with 8760 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.10.2012 03:43:06 | Computer Name = <Computername>.<Domain>.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne <Domain> aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 26.10.2012 03:43:09 | Computer Name = <Computername>.<Domain>.int | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 26.10.2012 03:43:11 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 26.10.2012 03:43:12 | Computer Name = <Computername>.<Domain>.int | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 26.10.2012 03:43:12 | Computer Name = <Computername>.<Domain>.int | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 26.10.2012 03:44:23 | Computer Name = <Computername>.<Domain>.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 26.10.2012 03:44:35 | Computer Name = <Computername>.<Domain>.int | Source = DCOM | ID = 10016
Description = 
 
Error - 26.10.2012 03:49:27 | Computer Name = <Computername>.<Domain>.int | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 26.10.2012 03:49:27 | Computer Name = <Computername>.<Domain>.int | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 26.10.2012 07:46:11 | Computer Name = <Computername>.<Domain>.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne <Domain> aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
 
< End of report >
         
Ich habe dabei die Domäne, den Computernamen und den User anonymisiert.

Alt 26.10.2012, 14:54   #10
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Und hier das 2. Log:

Code:
ATTFilter
OTL logfile created on: 26.10.2012 15:26:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<USER_A>\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 70,60% Memory free
15,91 Gb Paging File | 13,31 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,46 Gb Total Space | 246,67 Gb Free Space | 52,99% Space Free | Partition Type: NTFS
Drive E: | 1,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: <Computername> | User Name: <USER_A> | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.26 15:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<USER_A>\Downloads\OTL.exe
PRC - [2012.10.09 15:18:57 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.19 09:27:06 | 000,085,435 | ---- | M] () -- C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe
PRC - [2011.11.19 09:27:04 | 000,141,466 | ---- | M] () -- C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe
PRC - [2011.11.10 13:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2011.02.27 14:42:12 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.02.16 23:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.07 19:51:36 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\Hook\OpHook32BitProcess.exe
PRC - [2010.11.01 18:48:26 | 000,116,536 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2010.09.29 18:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.11.02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2009.08.13 06:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2008.08.16 17:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2005.07.21 11:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 11:33:13 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\2bcb87cc75e7c82c51b104018f1c7cad\log4net.ni.dll
MOD - [2012.04.03 08:52:40 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\f03577e2c8ebddbe7b8f8cb71f4dc9fb\DeskUpdateNotifier.ni.exe
MOD - [2012.02.18 12:53:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.18 12:53:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.18 12:52:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.18 12:52:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.18 12:52:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.11.23 19:33:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.07 19:51:36 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\Hook\OpHook32BitProcess.exe
MOD - [2010.11.07 18:35:44 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\Hook\scuredll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.11 14:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.09 16:18:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.27 08:35:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.19 09:27:06 | 000,085,435 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe -- (BitMeterCaptureService)
SRV - [2011.11.19 09:27:04 | 000,141,466 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe -- (BitMeterWebService)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.03.30 07:56:20 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.03.30 07:43:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.03.30 07:40:30 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.02.27 14:42:12 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.16 23:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe -- (Sierra Wireless QDL Service)
SRV - [2010.11.07 20:01:42 | 000,042,496 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2010.11.01 18:48:26 | 000,116,536 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2010.10.07 15:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV - [2010.08.31 15:14:30 | 000,073,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2010.07.20 14:21:42 | 000,016,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010.06.17 15:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2010.06.02 18:05:42 | 002,734,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2010.04.03 20:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2010.04.03 20:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2010.04.03 20:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.11.02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2009.09.18 13:00:00 | 000,611,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ccmsetup\ccmsetup.exe -- (ccmsetup)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.07.21 11:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.25 09:47:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 15:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.08.15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 15:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.08.01 17:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.07.06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2011.07.19 22:14:36 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011.05.11 10:00:14 | 000,085,736 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\oz776x64.sys -- (guardian2)
DRV:64bit: - [2011.05.11 08:35:39 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.05.11 08:17:24 | 000,325,632 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3knet00.sys -- (swg3knet00)
DRV:64bit: - [2011.05.11 08:14:53 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.05.11 08:14:53 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.05.10 15:03:21 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2011.05.10 15:02:55 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV:64bit: - [2011.05.04 17:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.03.16 16:15:58 | 008,590,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 12:02:22 | 000,172,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.02.04 01:58:00 | 000,424,448 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kmbb00.sys -- (swg3kmbb00)
DRV:64bit: - [2011.02.04 01:57:20 | 000,073,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibusflt00.sys -- (swibusflt00)
DRV:64bit: - [2011.02.04 01:57:20 | 000,073,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibus00.sys -- (swibus00)
DRV:64bit: - [2011.02.04 01:57:06 | 000,034,304 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kflt00.sys -- (swg3kflt00)
DRV:64bit: - [2011.02.04 01:56:58 | 000,256,384 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kser00.sys -- (swg3kser00)
DRV:64bit: - [2011.02.04 01:56:58 | 000,256,384 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3knmea00.sys -- (swg3knmea00)
DRV:64bit: - [2010.12.08 05:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.09 05:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.09.28 03:30:22 | 000,015,208 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FJGSDisk.sys -- (FJGSDisk)
DRV:64bit: - [2010.06.02 18:27:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.19 13:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.24 06:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.02 15:03:40 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012.07.13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..\SearchScopes,DefaultScope = {FEB8CA60-30DD-45DD-BA16-50E4B02E5418}
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..\SearchScopes\{042333F4-1887-416C-8253-AAD57473D7BA}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..\SearchScopes\{2B92F660-BF46-422F-90DD-FDAC7147F839}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..\SearchScopes\{FEB8CA60-30DD-45DD-BA16-50E4B02E5418}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = de-pro-201.celeent.int:8080
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 09:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 09:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.02 19:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<USER_A>\AppData\Roaming\mozilla\Extensions
[2012.05.07 10:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<USER_A>\AppData\Roaming\mozilla\Firefox\Profiles\zco6hcyv.default\extensions
[2012.10.24 17:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.27 08:35:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.06 03:04:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.27 08:35:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.06 03:04:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.06 03:04:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.06 03:04:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.06 03:04:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [FJBATAID2] C:\Programme\Fujitsu\BatteryAid2\BatteryDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe (Softex Inc.)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4:64bit: - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398..\Run: [DisableScreensaver] C:\Users\<USER_A>\Documents\Visual Studio 2012\Projects\DisableScreensaver\DisableScreensaver\bin\Debug\DisableScreensaver.exe (Lars Hove Christiansen)
O4 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" File not found
O4 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: <Domain>.de ([]* in Trusted sites)
O15:64bit: - ..Trusted Domains: <Domain>.int ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: <Domain>.net ([extranet] * in Local intranet)
O15:64bit: - ..Trusted Domains: stihl-portal.com ([sslvpnde01] https in Trusted sites)
O15 - HKLM\..Trusted Domains: <Domain>.de ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: <Domain>.int ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: <Domain>.net ([extranet] * in Local intranet)
O15 - HKLM\..Trusted Domains: stihl-portal.com ([sslvpnde01] https in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..Trusted Domains: <Domain>.de ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..Trusted Domains: <Domain>.int ([]* in Local intranet)
O15 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..Trusted Domains: <Domain>.net ([extranet] * in Local intranet)
O15 - HKU\S-1-5-21-1708537768-1958367476-725345543-24398\..Trusted Domains: stihl-portal.com ([sslvpnde01] https in Trusted sites)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://sslvpnde01.stihl-portal.com//SNX/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.119.50.2 217.119.49.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = <Domain>.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{560E15A0-C0CA-4C42-81D9-208A83F9B839}: DhcpNameServer = 217.119.50.2 217.119.49.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F006A2C-5510-4ACD-B0C7-4DBC0E4F5168}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.26 20:31:18 | 000,000,056 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8d3e09c1-f049-11e1-823e-fce026346357}\Shell - "" = AutoRun
O33 - MountPoints2\{8d3e09c1-f049-11e1-823e-fce026346357}\Shell\AutoRun\command - "" = E:\vs_premium.exe -- [2012.07.27 16:20:05 | 000,977,520 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c70eb7f6-5163-11e1-b7f9-e4f7902b4f46}\Shell - "" = AutoRun
O33 - MountPoints2\{c70eb7f6-5163-11e1-b7f9-e4f7902b4f46}\Shell\AutoRun\command - "" = E:\Password.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: FCSAM - c:\Programme\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: atashost - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: FCSAM - c:\Programme\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C3E0F57-547A-3AF4-B6DB-2CA5969518D1} - .NET Framework
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1B328B5B-0773-4EF7-A2DE-280570E5F286} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C3E0F57-547A-3AF4-B6DB-2CA5969518D1} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.26 10:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.26 10:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.10.11 14:08:23 | 000,000,000 | ---D | C] -- C:\SymCache
[2012.10.11 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\<USER_A>\Documents\WPA Files
[2012.10.01 19:57:03 | 000,000,000 | ---D | C] -- C:\Users\<USER_A>\Documents\O2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.26 15:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.26 10:20:15 | 001,848,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.26 10:20:15 | 000,784,288 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.26 10:20:15 | 000,739,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.26 10:20:15 | 000,177,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.26 10:20:15 | 000,151,494 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.26 10:15:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.26 09:50:40 | 000,017,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 09:50:39 | 000,017,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 09:42:47 | 2110,554,111 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.25 09:08:50 | 000,076,362 | ---- | M] () -- C:\ProgramData\hgqumcljywhvcko
[2012.10.24 13:05:10 | 000,001,832 | ---- | M] () -- C:\Users\<USER_A>\AppData\Local\SLC_<USER_A>.prx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.25 09:08:25 | 000,076,362 | ---- | C] () -- C:\ProgramData\hgqumcljywhvcko
[2012.07.31 10:15:34 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2011.12.19 15:57:56 | 000,001,832 | ---- | C] () -- C:\Users\<USER_A>\AppData\Local\SLC_<USER_A>.prx
[2011.12.05 13:48:51 | 000,000,421 | ---- | C] () -- C:\Users\<USER_A>\AppData\Roaming\list.xml
[2011.11.20 22:59:43 | 000,272,876 | ---- | C] () -- C:\Users\<USER_A>\AppData\Local\debuggee.mdmp
[2011.11.03 17:18:34 | 000,000,061 | ---- | C] () -- C:\Users\<USER_A>\MapU.bat
[2011.11.02 14:39:43 | 000,004,630 | RHS- | C] () -- C:\Users\<USER_A>\ntuser.pol
[2011.11.01 14:32:46 | 000,573,100 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2011.09.21 13:31:17 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.09.21 13:31:16 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.09.21 13:31:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.09.21 11:43:30 | 001,826,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.21 10:40:28 | 000,023,675 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.09.21 10:38:26 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\<USER_A>\AppData\Local\{ba2fbc1b-a279-7cd5-37d2-1bcf4d164830}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\<USER_A>\AppData\Local\{ba2fbc1b-a279-7cd5-37d2-1bcf4d164830}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\<USER_A>\AppData\Local\{ba2fbc1b-a279-7cd5-37d2-1bcf4d164830}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\<USER_A>\AppData\Local\{ba2fbc1b-a279-7cd5-37d2-1bcf4d164830}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.09.21 13:29:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sierra Wireless
[2011.12.01 22:30:02 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\<Domain> AG
[2011.12.11 01:34:49 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\cPOSdotNet
[2012.09.25 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\DAEMON Tools Lite
[2012.07.07 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Dropbox
[2012.02.02 21:03:25 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\e-academy Inc
[2012.03.09 23:35:30 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\elsterformular
[2012.04.03 09:11:27 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Fujitsu
[2011.12.05 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\NetMeter
[2011.11.20 22:21:07 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Notepad++
[2012.06.05 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Subversion
[2012.01.22 21:28:35 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\TeamViewer
[2011.12.06 11:31:34 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\TrafficMonitor
[2012.06.01 01:15:05 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\TS3Client
[2012.05.18 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\ts3overlay
[2012.01.20 15:16:17 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\WMICodeCreator
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.23 10:37:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.21 10:39:07 | 000,000,000 | ---D | M] -- C:\01c4f6abd7c231c8f6eb
[2011.11.21 01:31:26 | 000,000,000 | ---D | M] -- C:\Backup Files
[2011.11.21 01:28:34 | 000,000,000 | ---D | M] -- C:\Code Snippets
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.21 09:39:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.21 11:49:58 | 000,000,000 | ---D | M] -- C:\Intel
[2011.09.21 13:20:49 | 000,000,000 | ---D | M] -- C:\MININT
[2011.09.21 11:27:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.25 11:07:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.26 10:22:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.26 12:24:11 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.21 09:39:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.21 09:39:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.21 01:46:20 | 000,000,000 | ---D | M] -- C:\Settings
[2012.10.11 14:08:23 | 000,000,000 | ---D | M] -- C:\SymCache
[2012.10.26 15:27:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.27 21:30:22 | 000,000,000 | ---D | M] -- C:\temp
[2011.11.02 14:39:35 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.26 09:42:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Adobe
[2011.12.01 22:30:02 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\<Domain> AG
[2011.12.11 01:34:49 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\cPOSdotNet
[2012.09.25 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\DAEMON Tools Lite
[2012.08.27 11:05:24 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Download Manager
[2012.07.07 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Dropbox
[2012.04.06 20:33:56 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\dvdcss
[2012.02.02 21:03:25 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\e-academy Inc
[2012.03.09 23:35:30 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\elsterformular
[2012.04.03 09:11:27 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Fujitsu
[2011.11.02 14:40:05 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Identities
[2011.11.02 14:39:54 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Intel
[2011.11.02 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Macromedia
[2009.07.14 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Media Center Programs
[2012.07.23 16:12:28 | 000,000,000 | --SD | M] -- C:\Users\<USER_A>\AppData\Roaming\Microsoft
[2012.01.09 20:43:28 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Microsoft Corporation
[2011.11.02 19:35:57 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Mozilla
[2012.02.03 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\NCH Software
[2011.12.05 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\NetMeter
[2011.11.20 22:21:07 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Notepad++
[2012.10.26 09:41:30 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Skype
[2012.06.05 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\Subversion
[2012.01.22 21:28:35 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\TeamViewer
[2011.12.06 11:31:34 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\TrafficMonitor
[2012.06.01 01:15:05 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\TS3Client
[2012.05.18 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\ts3overlay
[2012.10.26 09:41:43 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\vlc
[2012.08.27 15:38:59 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\VMware
[2012.03.25 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\WinRAR
[2012.01.20 15:16:17 | 000,000,000 | ---D | M] -- C:\Users\<USER_A>\AppData\Roaming\WMICodeCreator
 
< %APPDATA%\*.exe /s >
[2012.03.09 23:37:07 | 004,639,264 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8086_8479.exe
[2012.03.09 23:37:26 | 004,640,224 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8086_8479.exe
[2012.03.09 23:37:47 | 004,669,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8086_8479.exe
[2012.03.09 23:38:12 | 005,457,544 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_8086_8479.exe
[2012.03.09 23:38:35 | 005,646,912 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8086_8479.exe
[2012.03.09 23:39:02 | 006,912,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8086_8479.exe
[2012.03.09 23:39:23 | 004,683,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8086_8479.exe
[2012.03.09 23:39:44 | 004,697,056 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8086_8479.exe
[2012.03.09 23:40:45 | 004,628,120 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8086_8479.exe
[2012.03.09 23:41:05 | 004,634,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8086_8479.exe
[2012.03.09 23:40:06 | 004,630,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8086_8479.exe
[2012.03.09 23:40:25 | 004,631,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8086_8479.exe
[2012.03.09 23:41:24 | 004,642,400 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8086_8479.exe
[2012.03.09 23:41:43 | 004,642,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8086_8479.exe
[2012.03.09 23:42:05 | 004,694,488 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8086_8479.exe
[2012.03.09 23:42:23 | 004,707,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8086_8479.exe
[2012.03.09 23:42:43 | 004,698,048 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8086_8479.exe
[2012.03.09 23:43:04 | 004,711,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8086_8479.exe
[2012.03.09 23:43:23 | 004,761,304 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8086_8479.exe
[2012.03.09 23:43:42 | 004,764,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8086_8479.exe
[2012.03.09 23:44:03 | 004,804,976 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8086_8479.exe
[2012.03.09 23:36:33 | 007,446,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8479.exe
[2012.03.09 23:45:22 | 004,668,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8086_8479.exe
[2012.03.09 23:45:42 | 004,653,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8086_8479.exe
[2012.03.09 23:46:03 | 004,713,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8086_8479.exe
[2012.03.09 23:44:22 | 004,641,784 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8086_8479.exe
[2012.03.09 23:44:43 | 004,645,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8086_8479.exe
[2012.03.09 23:45:02 | 004,725,792 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\<USER_A>\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8086_8479.exe
[2011.12.19 15:48:43 | 000,004,710 | R--- | M] () -- C:\Users\<USER_A>\AppData\Roaming\Microsoft\Installer\{1a3f91f0-9e94-45f2-923c-794cc156a027}\ARPPRODUCTICON.exe
[2012.02.02 21:03:25 | 000,009,662 | R--- | M] () -- C:\Users\<USER_A>\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_112D608FD02CD87FDC7735.exe
[2012.02.02 21:03:25 | 000,009,662 | R--- | M] () -- C:\Users\<USER_A>\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_2194D4E881A0FE23DAD30A.exe
[2012.02.02 21:03:25 | 000,009,662 | R--- | M] () -- C:\Users\<USER_A>\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_853F67D554F05449430E7E.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 26.10.2012, 15:08   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Code:
ATTFilter
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\<USER_A>\AppData\Local\{ba2fbc1b-a279-7cd5-37d2-1bcf4d164830}\n.
         
Sieh an, ZeroAccess haste auch

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.10.2012, 18:39   #12
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Hier das Log vom ComboFix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-26.05 - <USER_A> 27.10.2012  16:34:56.1.8 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8145.5949 [GMT 2:00]
ausgeführt von:: c:\users\<USER_A>\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\Roaming
c:\users\<USER_A>\AppData\Local\assembly\tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\151C.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\151D.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\151E.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\1C8E.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\1C8F.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\1C90.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\22D6.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\22D7.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\22D8.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\2368.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\2389.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\238A.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\27B4.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\27B5.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\27B6.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\2964.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\2965.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\2966.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\32AC.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\32AD.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\32AE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\33C1.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\33C2.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\33C3.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3595.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3596.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3597.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3BA9.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3BAA.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3BAB.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3EBE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3EBF.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3EC0.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3EE3.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3EE4.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\3EE5.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\402F.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\4030.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\4031.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\45D2.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\45D3.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\45D4.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\4E26.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\4E27.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\4E28.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\542.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\543.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\544.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\552.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\553.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\554.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\59C3.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\59C4.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\59C5.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5D00.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5D01.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5D02.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5D03.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5D04.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5D05.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5EA7.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5EA8.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\5EA9.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\66F5.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\66F6.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\66F7.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\6829.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\682A.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\682B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\68B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\68C.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\68D.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\69E0.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\69E1.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\69E2.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\6AD.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\6AE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\6AF.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7353.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7354.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7355.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7E65.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7E66.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7E77.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7FF3.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7FF4.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\7FF5.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\852.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\853.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\854.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\85DE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\85DF.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\85E0.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\8F7B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\8F7C.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\8F7D.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\914.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\915.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\926.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\92C4.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\92C5.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\92C6.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\972.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\973.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\97E7.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\97F7.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\97F8.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\984.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9BDE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9BDF.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9BE0.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9C2A.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9C2B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9C2C.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9CC.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9DD.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\9DE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A171.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A172.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A173.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A6BE.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A6BF.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A6C0.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A752.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A753.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A754.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A77F.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A780.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\A781.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\AC03.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\AC04.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\AC14.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\B009.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\B00A.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\B00B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BBF8.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BBF9.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BC09.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BF16.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BF17.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BF18.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BF54.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BF55.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\BF56.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\C526.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\C527.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\C528.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\D409.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\D40A.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\D40B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\D7E9.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\D7EA.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\D7EB.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\DC19.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\DC1A.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\DC1B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\EA6D.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\EA6E.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\EA7F.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\EDB1.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\EDB2.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\EDB3.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\F40B.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\F40C.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\F40D.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\FF3F.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\FF40.tmp
c:\users\<USER_A>\AppData\Local\Microsoft\Windows\Temporary Internet Files\FF41.tmp
c:\windows\SysWow64\d2d1debug1.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-27 bis 2012-10-27  ))))))))))))))))))))))))))))))
.
.
2012-10-27 13:35 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{679968D1-0D36-406F-B3BE-7289E6B14598}\mpengine.dll
2012-10-26 08:22 . 2012-10-26 08:22	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-10-26 08:22 . 2012-10-26 08:22	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-26 08:22 . 2012-10-26 08:22	--------	d-----w-	c:\program files (x86)\Java
2012-10-11 12:08 . 2012-10-11 12:08	--------	d-----w-	C:\SymCache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 08:22 . 2012-07-07 20:24	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-10-26 08:22 . 2011-09-21 09:42	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-12 07:19 . 2011-09-21 09:53	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 14:18 . 2012-04-03 07:12	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 14:18 . 2011-11-02 17:44	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-05 12:59 . 2012-02-20 13:32	3812896	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-09-25 07:47 . 2012-09-25 07:47	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-15 13:18 . 2012-08-27 13:21	933528	----a-w-	c:\windows\system32\vnetlib64.dll
2012-08-15 13:18 . 2012-08-27 13:22	357016	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2012-08-15 13:18 . 2012-08-27 13:22	67224	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-08-15 13:18 . 2012-08-27 13:22	30360	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-08-15 13:18 . 2012-08-27 13:22	31384	----a-w-	c:\windows\system32\drivers\VMparport.sys
2012-08-15 13:17 . 2012-08-27 13:22	435864	----a-w-	c:\windows\SysWow64\vmnat.exe
2012-08-15 13:16 . 2012-08-15 13:16	62104	----a-w-	c:\windows\system32\vmnetbridge.dll
2012-08-15 13:16 . 2012-08-15 13:16	48792	----a-w-	c:\windows\system32\vnetinst.dll
2012-08-15 13:16 . 2012-08-15 13:16	45720	----a-w-	c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 13:16 . 2012-08-15 13:16	24216	----a-w-	c:\windows\system32\drivers\vmnet.sys
2012-08-15 13:16 . 2012-08-15 13:16	20120	----a-w-	c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 13:16 . 2012-08-27 13:22	32920	----a-w-	c:\windows\system32\drivers\VMkbd.sys
2012-08-15 11:33 . 2012-08-15 11:33	353280	----a-w-	c:\windows\SysWow64\vmnc.dll
2012-08-01 15:10 . 2012-08-27 13:21	52376	----a-w-	c:\windows\system32\drivers\hcmon.sys
2012-08-01 15:10 . 2012-08-01 15:10	37680	----a-w-	c:\windows\system32\drivers\vmusb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-25 239488]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-25 239488]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"DisableScreensaver"="c:\users\<USER_A>\Documents\Visual Studio 2012\Projects\DisableScreensaver\DisableScreensaver\bin\Debug\DisableScreensaver.exe" [2012-10-10 28160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-29 48752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\<USER_A>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1708537768-1958367476-725345543-24398\Scripts\Logon\0\0]
"Script"=Computername.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1708537768-1958367476-725345543-24398\Scripts\Logon\1\0]
"Script"=CreateSignature.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
R2 ccmsetup;ccmsetup;c:\windows\ccmsetup\ccmsetup.exe [2009-09-18 611168]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 MWconn_Internet_0;MWconn_Internet;c:\program files (x86)\MWconn\UMTSGPRS.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-27 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-03-30 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 swg3knet00;Sierra Wireless WMI USB-NDIS miniport;c:\windows\system32\DRIVERS\swg3knet00.sys [2011-05-11 325632]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2010-09-28 15208]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-25 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2010-11-01 116536]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-06-02 2734400]
S2 BitMeterCaptureService;BitMeter Capture Service;c:\program files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe [2011-11-19 85435]
S2 BitMeterWebService;BitMeter Web Service;c:\program files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe [2011-11-19 141466]
S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-02 353672]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-07-20 16384]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2010-08-31 73624]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-04-11 171176]
S2 MOM;MOM;c:\program files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [2005-07-21 134656]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 Sierra Wireless QDL Service;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-02-16 308592]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-27 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-02 770152]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-05-04 340656]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2011-05-10 7296]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-05-11 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-03-16 8590336]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-05-11 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-05-11 180736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-03 172648]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
S3 swg3kflt00;Sierra Wireless USB Composite Device Filter Driver 00;c:\windows\system32\DRIVERS\swg3kflt00.sys [2011-02-03 34304]
S3 swg3kmbb00;Sierra Wireless QMI USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\swg3kmbb00.sys [2011-02-03 424448]
S3 swg3knmea00;Sierra Wireless QMI NMEA Serial Communication;c:\windows\system32\DRIVERS\swg3knmea00.sys [2011-02-03 256384]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [2011-02-03 256384]
S3 swibus00;Sierra Wireless Bus Enumerator 00;c:\windows\system32\DRIVERS\swibus00.sys [2011-02-03 73216]
S3 swibusflt00;Sierra Wireless Bus Enumerator Filter 00;c:\windows\system32\DRIVERS\swibusflt00.sys [2011-02-03 73216]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2009-04-02 161256]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NAL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-11 11663464]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2010-11-07 4205056]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-07-20 1636736]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-03-30 1935120]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-11 1875048]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-25 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2011-01-11 200552]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2010-10-29 124776]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2010-08-16 273256]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = de-pro-201.celeent.int:8080
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: <Domain>.de
Trusted Zone: stihl-portal.com\sslvpnde01
Trusted Zone: <Domain>.de
Trusted Zone: stihl-portal.com\sslvpnde01
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{5F006A2C-5510-4ACD-B0C7-4DBC0E4F5168}: NameServer = 139.7.30.126 139.7.30.125
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sslvpnde01.stihl-portal.com//SNX/CSHELL/extender.cab
FF - ProfilePath - c:\users\<USER_A>\AppData\Roaming\Mozilla\Firefox\Profiles\zco6hcyv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ccmsetup]
"ImagePath"="\"c:\windows\ccmsetup\ccmsetup.exe\" /runservice /config:MobileClient.tcf"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-27  16:51:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-27 14:51
.
Vor Suchlauf: 14 Verzeichnis(se), 266.486.624.256 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 266.809.225.216 Bytes frei
.
- - End Of File - - AC28CE59C865205807457FBEA95D9428
         
--- --- ---


Ich konnte den AV (Microsoft ForeFront Security) leider nicht deaktivieren, allerdings habe ich die Änderungen von ComboFix jeweils erlaubt und es ist ohne Fehler durchgelaufen.

Alt 27.10.2012, 20:13   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.10.2012, 09:00   #14
eight_ball
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Hier die Log-Files:

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 09:14:11
-----------------------------
09:14:11.469    OS Version: Windows x64 6.1.7601 Service Pack 1
09:14:11.469    Number of processors: 8 586 0x2A07
09:14:11.469    ComputerName: <Computername>  UserName: <USER_A>
09:14:12.795    Initialize success
09:16:02.606    AVAST engine defs: 12102800
09:16:11.560    The log file has been saved successfully to "C:\Users\<USER_A>\Desktop\aswMBR.txt"
09:16:40.767    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:16:40.767    Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
09:16:40.767    Disk 0 MBR read successfully
09:16:40.767    Disk 0 MBR scan
09:16:40.767    Disk 0 Windows 7 default MBR code
09:16:40.782    Disk 0 Partition 1 00     07    HPFS/NTFS            476627 MB offset 2048
09:16:40.814    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 976134144
09:16:40.860    Disk 0 scanning C:\Windows\system32\drivers
09:16:40.876    Service scanning
09:17:25.367    Modules scanning
09:17:25.367    Disk 0 trace - called modules:
09:17:25.383    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
09:17:25.399    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d45790]
09:17:25.414    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8007863e40]
09:17:25.414    5 ACPI.sys[fffff88000efc7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078e9050]
09:17:26.553    AVAST engine scan C:\Windows
09:17:26.584    AVAST engine scan C:\Windows\system32
09:17:26.600    AVAST engine scan C:\Windows\system32\drivers
09:17:26.615    AVAST engine scan C:\Users\<USER_A>
09:17:26.631    AVAST engine scan C:\ProgramData
09:17:26.631    Scan finished successfully
09:17:32.294    Disk 0 MBR has been saved successfully to "C:\Users\<USER_A>\Desktop\MBR.dat"
09:17:32.294    The log file has been saved successfully to "C:\Users\<USER_A>\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
09:54:51.0450 7160  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:54:53.0493 7160  ============================================================
09:54:53.0493 7160  Current date / time: 2012/10/28 09:54:53.0493
09:54:53.0493 7160  SystemInfo:
09:54:53.0493 7160  
09:54:53.0493 7160  OS Version: 6.1.7601 ServicePack: 1.0
09:54:53.0493 7160  Product type: Workstation
09:54:53.0493 7160  ComputerName: <Computername>
09:54:53.0493 7160  UserName: <USER_A>
09:54:53.0493 7160  Windows directory: C:\Windows
09:54:53.0493 7160  System windows directory: C:\Windows
09:54:53.0493 7160  Running under WOW64
09:54:53.0493 7160  Processor architecture: Intel x64
09:54:53.0493 7160  Number of processors: 8
09:54:53.0493 7160  Page size: 0x1000
09:54:53.0493 7160  Boot type: Normal boot
09:54:53.0493 7160  ============================================================
09:54:54.0226 7160  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:54:54.0273 7160  ============================================================
09:54:54.0273 7160  \Device\Harddisk0\DR0:
09:54:54.0273 7160  MBR partitions:
09:54:54.0273 7160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A2E9800
09:54:54.0273 7160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A2EA000, BlocksNum 0x96000
09:54:54.0273 7160  ============================================================
09:54:54.0273 7160  C: <-> \Device\Harddisk0\DR0\Partition1
09:54:54.0273 7160  ============================================================
09:54:54.0273 7160  Initialize success
09:54:54.0273 7160  ============================================================
09:56:09.0481 3396  ============================================================
09:56:09.0481 3396  Scan started
09:56:09.0481 3396  Mode: Manual; SigCheck; TDLFS; 
09:56:09.0481 3396  ============================================================
09:56:09.0746 3396  ================ Scan system memory ========================
09:56:09.0746 3396  System memory - ok
09:56:09.0746 3396  ================ Scan services =============================
09:56:09.0824 3396  1394ohci - ok
09:56:09.0855 3396  ACPI - ok
09:56:09.0855 3396  AcpiPmi - ok
09:56:09.0886 3396  AdobeFlashPlayerUpdateSvc - ok
09:56:09.0917 3396  adp94xx - ok
09:56:09.0917 3396  adpahci - ok
09:56:09.0917 3396  adpu320 - ok
09:56:09.0933 3396  AeLookupSvc - ok
09:56:09.0949 3396  AFD - ok
09:56:09.0964 3396  agp440 - ok
09:56:09.0964 3396  ALG - ok
09:56:09.0980 3396  aliide - ok
09:56:09.0980 3396  amdide - ok
09:56:09.0995 3396  AmdK8 - ok
09:56:09.0995 3396  AmdPPM - ok
09:56:09.0995 3396  amdsata - ok
09:56:10.0011 3396  amdsbs - ok
09:56:10.0027 3396  amdxata - ok
09:56:10.0027 3396  AppID - ok
09:56:10.0027 3396  AppIDSvc - ok
09:56:10.0027 3396  Appinfo - ok
09:56:10.0027 3396  AppMgmt - ok
09:56:10.0042 3396  arc - ok
09:56:10.0042 3396  arcsas - ok
09:56:10.0042 3396  aspnet_state - ok
09:56:10.0058 3396  AsyncMac - ok
09:56:10.0073 3396  atapi - ok
09:56:10.0105 3396  atashost - ok
09:56:10.0105 3396  ATService - ok
09:56:10.0120 3396  ATSwpWDF - ok
09:56:10.0120 3396  AudioEndpointBuilder - ok
09:56:10.0136 3396  AudioSrv - ok
09:56:10.0136 3396  AxInstSV - ok
09:56:10.0136 3396  b06bdrv - ok
09:56:10.0151 3396  b57nd60a - ok
09:56:10.0151 3396  BDESVC - ok
09:56:10.0151 3396  Beep - ok
09:56:10.0183 3396  BFE - ok
09:56:10.0183 3396  BitMeterCaptureService - ok
09:56:10.0198 3396  BitMeterWebService - ok
09:56:10.0214 3396  BITS - ok
09:56:10.0214 3396  blbdrive - ok
09:56:10.0214 3396  bowser - ok
09:56:10.0214 3396  BrFiltLo - ok
09:56:10.0229 3396  BrFiltUp - ok
09:56:10.0245 3396  BridgeMP - ok
09:56:10.0261 3396  Browser - ok
09:56:10.0261 3396  Brserid - ok
09:56:10.0276 3396  BrSerWdm - ok
09:56:10.0292 3396  BrUsbMdm - ok
09:56:10.0292 3396  BrUsbSer - ok
09:56:10.0323 3396  BthEnum - ok
09:56:10.0323 3396  BTHMODEM - ok
09:56:10.0339 3396  BthPan - ok
09:56:10.0354 3396  BTHPORT - ok
09:56:10.0354 3396  bthserv - ok
09:56:10.0370 3396  BTHUSB - ok
09:56:10.0370 3396  catchme - ok
09:56:10.0401 3396  ccmsetup - ok
09:56:10.0401 3396  cdfs - ok
09:56:10.0401 3396  cdrom - ok
09:56:10.0401 3396  CertPropSvc - ok
09:56:10.0417 3396  circlass - ok
09:56:10.0417 3396  CLFS - ok
09:56:10.0448 3396  clr_optimization_v2.0.50727_32 - ok
09:56:10.0448 3396  clr_optimization_v2.0.50727_64 - ok
09:56:10.0448 3396  clr_optimization_v4.0.30319_32 - ok
09:56:10.0463 3396  clr_optimization_v4.0.30319_64 - ok
09:56:10.0463 3396  CmBatt - ok
09:56:10.0463 3396  cmdide - ok
09:56:10.0495 3396  CNG - ok
09:56:10.0510 3396  Compbatt - ok
09:56:10.0526 3396  CompositeBus - ok
09:56:10.0526 3396  COMSysApp - ok
09:56:10.0526 3396  cpextender - ok
09:56:10.0526 3396  crcdisk - ok
09:56:10.0557 3396  CryptSvc - ok
09:56:10.0557 3396  CSC - ok
09:56:10.0557 3396  CscService - ok
09:56:10.0588 3396  CVirtA - ok
09:56:10.0588 3396  CVPND - ok
09:56:10.0604 3396  CVPNDRVA - ok
09:56:10.0604 3396  DcomLaunch - ok
09:56:10.0604 3396  defragsvc - ok
09:56:10.0619 3396  DfsC - ok
09:56:10.0619 3396  Dhcp - ok
09:56:10.0619 3396  discache - ok
09:56:10.0651 3396  Disk - ok
09:56:10.0697 3396  DNE - ok
09:56:10.0713 3396  Dnscache - ok
09:56:10.0713 3396  dot3svc - ok
09:56:10.0729 3396  DPS - ok
09:56:10.0744 3396  drmkaud - ok
09:56:10.0744 3396  dtsoftbus01 - ok
09:56:10.0760 3396  DXGKrnl - ok
09:56:10.0760 3396  e1cexpress - ok
09:56:10.0760 3396  EapHost - ok
09:56:10.0760 3396  ebdrv - ok
09:56:10.0775 3396  EFS - ok
09:56:10.0775 3396  ehRecvr - ok
09:56:10.0775 3396  ehSched - ok
09:56:10.0791 3396  elxstor - ok
09:56:10.0791 3396  ErrDev - ok
09:56:10.0791 3396  EventSystem - ok
09:56:10.0807 3396  EvtEng - ok
09:56:10.0807 3396  exfat - ok
09:56:10.0807 3396  fastfat - ok
09:56:10.0807 3396  Fax - ok
09:56:10.0807 3396  FBIOSDRV - ok
09:56:10.0807 3396  FCSAM - ok
09:56:10.0807 3396  FcsSas - ok
09:56:10.0822 3396  fdc - ok
09:56:10.0822 3396  fdPHost - ok
09:56:10.0822 3396  FDResPub - ok
09:56:10.0822 3396  FileInfo - ok
09:56:10.0822 3396  Filetrace - ok
09:56:10.0838 3396  FJGSDisk - ok
09:56:10.0838 3396  flpydisk - ok
09:56:10.0838 3396  FltMgr - ok
09:56:10.0838 3396  FontCache - ok
09:56:10.0838 3396  FontCache3.0.0.0 - ok
09:56:10.0838 3396  FsDepends - ok
09:56:10.0853 3396  Fs_Rec - ok
09:56:10.0853 3396  FUJ02B1 - ok
09:56:10.0853 3396  FUJ02E3 - ok
09:56:10.0853 3396  fussvc - ok
09:56:10.0853 3396  fvevol - ok
09:56:10.0869 3396  gagp30kx - ok
09:56:10.0869 3396  gpsvc - ok
09:56:10.0885 3396  guardian2 - ok
09:56:10.0885 3396  hcmon - ok
09:56:10.0900 3396  hcw85cir - ok
09:56:10.0900 3396  HDAudBus - ok
09:56:10.0900 3396  HidBatt - ok
09:56:10.0900 3396  HidBth - ok
09:56:10.0916 3396  HidIr - ok
09:56:10.0916 3396  hidserv - ok
09:56:10.0931 3396  HidUsb - ok
09:56:10.0931 3396  hkmsvc - ok
09:56:10.0931 3396  HomeGroupListener - ok
09:56:10.0931 3396  HomeGroupProvider - ok
09:56:10.0931 3396  HpSAMD - ok
09:56:10.0931 3396  HTTP - ok
09:56:10.0931 3396  hwpolicy - ok
09:56:10.0947 3396  i8042prt - ok
09:56:10.0947 3396  iaStor - ok
09:56:10.0947 3396  iaStorV - ok
09:56:10.0947 3396  IDriverT - ok
09:56:10.0963 3396  idsvc - ok
09:56:10.0963 3396  iirsp - ok
09:56:10.0978 3396  IKEEXT - ok
09:56:10.0994 3396  IntcAzAudAddService - ok
09:56:10.0994 3396  Intel(R) PROSet Monitoring Service - ok
09:56:10.0994 3396  intelide - ok
09:56:10.0994 3396  intelppm - ok
09:56:11.0009 3396  IPBusEnum - ok
09:56:11.0009 3396  IpFilterDriver - ok
09:56:11.0009 3396  iphlpsvc - ok
09:56:11.0009 3396  IPMIDRV - ok
09:56:11.0009 3396  IPNAT - ok
09:56:11.0009 3396  IRENUM - ok
09:56:11.0025 3396  isapnp - ok
09:56:11.0025 3396  iScsiPrt - ok
09:56:11.0025 3396  kbdclass - ok
09:56:11.0025 3396  kbdhid - ok
09:56:11.0025 3396  KeyIso - ok
09:56:11.0025 3396  KSecDD - ok
09:56:11.0025 3396  KSecPkg - ok
09:56:11.0041 3396  ksthunk - ok
09:56:11.0041 3396  KtmRm - ok
09:56:11.0041 3396  LanmanServer - ok
09:56:11.0041 3396  LanmanWorkstation - ok
09:56:11.0056 3396  lltdio - ok
09:56:11.0056 3396  lltdsvc - ok
09:56:11.0056 3396  lmhosts - ok
09:56:11.0072 3396  LSI_FC - ok
09:56:11.0072 3396  LSI_SAS - ok
09:56:11.0072 3396  LSI_SAS2 - ok
09:56:11.0072 3396  LSI_SCSI - ok
09:56:11.0072 3396  luafv - ok
09:56:11.0072 3396  Mcx2Svc - ok
09:56:11.0072 3396  megasas - ok
09:56:11.0087 3396  MegaSR - ok
09:56:11.0087 3396  MEIx64 - ok
09:56:11.0087 3396  Microsoft Office Groove Audit Service - ok
09:56:11.0087 3396  MMCSS - ok
09:56:11.0087 3396  Modem - ok
09:56:11.0103 3396  MOM - ok
09:56:11.0103 3396  monitor - ok
09:56:11.0119 3396  mouclass - ok
09:56:11.0119 3396  mouhid - ok
09:56:11.0119 3396  mountmgr - ok
09:56:11.0119 3396  MozillaMaintenance - ok
09:56:11.0134 3396  MpFilter - ok
09:56:11.0134 3396  mpio - ok
09:56:11.0134 3396  mpsdrv - ok
09:56:11.0134 3396  MpsSvc - ok
09:56:11.0134 3396  MRxDAV - ok
09:56:11.0134 3396  mrxsmb - ok
09:56:11.0150 3396  mrxsmb10 - ok
09:56:11.0150 3396  mrxsmb20 - ok
09:56:11.0150 3396  msahci - ok
09:56:11.0150 3396  msdsm - ok
09:56:11.0150 3396  MSDTC - ok
09:56:11.0150 3396  Msfs - ok
09:56:11.0150 3396  mshidkmdf - ok
09:56:11.0165 3396  msisadrv - ok
09:56:11.0165 3396  MSiSCSI - ok
09:56:11.0165 3396  msiserver - ok
09:56:11.0165 3396  MSKSSRV - ok
09:56:11.0165 3396  MSPCLOCK - ok
09:56:11.0165 3396  MSPQM - ok
09:56:11.0165 3396  MsRPC - ok
09:56:11.0181 3396  mssmbios - ok
09:56:11.0181 3396  MSSQL$SQLEXPRESS - ok
09:56:11.0181 3396  MSSQLServerADHelper100 - ok
09:56:11.0181 3396  MSTEE - ok
09:56:11.0197 3396  MTConfig - ok
09:56:11.0197 3396  Mup - ok
09:56:11.0197 3396  MWconn_Internet_0 - ok
09:56:11.0197 3396  MyWiFiDHCPDNS - ok
09:56:11.0197 3396  napagent - ok
09:56:11.0212 3396  NativeWifiP - ok
09:56:11.0228 3396  NDIS - ok
09:56:11.0228 3396  NdisCap - ok
09:56:11.0243 3396  NdisTapi - ok
09:56:11.0243 3396  Ndisuio - ok
09:56:11.0243 3396  NdisWan - ok
09:56:11.0243 3396  NDProxy - ok
09:56:11.0243 3396  NetBIOS - ok
09:56:11.0243 3396  NetBT - ok
09:56:11.0243 3396  Netlogon - ok
09:56:11.0259 3396  Netman - ok
09:56:11.0259 3396  NetMsmqActivator - ok
09:56:11.0259 3396  NetPipeActivator - ok
09:56:11.0259 3396  netprofm - ok
09:56:11.0259 3396  NetTcpActivator - ok
09:56:11.0275 3396  NetTcpPortSharing - ok
09:56:11.0275 3396  NETwNs64 - ok
09:56:11.0275 3396  nfrd960 - ok
09:56:11.0275 3396  NlaSvc - ok
09:56:11.0275 3396  Npfs - ok
09:56:11.0290 3396  nsi - ok
09:56:11.0290 3396  nsiproxy - ok
09:56:11.0290 3396  Ntfs - ok
09:56:11.0290 3396  Null - ok
09:56:11.0290 3396  nusb3hub - ok
09:56:11.0306 3396  nusb3xhc - ok
09:56:11.0306 3396  NVHDA - ok
09:56:11.0321 3396  nvlddmkm - ok
09:56:11.0321 3396  nvraid - ok
09:56:11.0321 3396  nvstor - ok
09:56:11.0337 3396  nv_agp - ok
09:56:11.0353 3396  odserv - ok
09:56:11.0353 3396  ohci1394 - ok
09:56:11.0353 3396  omniserv - ok
09:56:11.0353 3396  ose - ok
09:56:11.0353 3396  p2pimsvc - ok
09:56:11.0368 3396  p2psvc - ok
09:56:11.0368 3396  Parport - ok
09:56:11.0368 3396  partmgr - ok
09:56:11.0368 3396  PcaSvc - ok
09:56:11.0368 3396  pci - ok
09:56:11.0384 3396  pciide - ok
09:56:11.0384 3396  pcmcia - ok
09:56:11.0384 3396  pcw - ok
09:56:11.0384 3396  PEAUTH - ok
09:56:11.0384 3396  PeerDistSvc - ok
09:56:11.0384 3396  PerfHost - ok
09:56:11.0399 3396  PFNService - ok
09:56:11.0399 3396  pla - ok
09:56:11.0415 3396  PlugPlay - ok
09:56:11.0415 3396  PNRPAutoReg - ok
09:56:11.0415 3396  PNRPsvc - ok
09:56:11.0431 3396  PolicyAgent - ok
09:56:11.0431 3396  Power - ok
09:56:11.0446 3396  PowerSavingUtilityService - ok
09:56:11.0446 3396  PptpMiniport - ok
09:56:11.0446 3396  Processor - ok
09:56:11.0446 3396  ProfSvc - ok
09:56:11.0446 3396  ProtectedStorage - ok
09:56:11.0446 3396  Psched - ok
09:56:11.0462 3396  ql2300 - ok
09:56:11.0462 3396  ql40xx - ok
09:56:11.0462 3396  QWAVE - ok
09:56:11.0462 3396  QWAVEdrv - ok
09:56:11.0477 3396  RapiMgr - ok
09:56:11.0477 3396  RasAcd - ok
09:56:11.0493 3396  RasAgileVpn - ok
09:56:11.0493 3396  RasAuto - ok
09:56:11.0493 3396  Rasl2tp - ok
09:56:11.0509 3396  RasMan - ok
09:56:11.0509 3396  RasPppoe - ok
09:56:11.0509 3396  RasSstp - ok
09:56:11.0509 3396  rdbss - ok
09:56:11.0509 3396  rdpbus - ok
09:56:11.0524 3396  RDPCDD - ok
09:56:11.0524 3396  RDPDR - ok
09:56:11.0524 3396  RDPENCDD - ok
09:56:11.0524 3396  RDPREFMP - ok
09:56:11.0540 3396  RdpVideoMiniport - ok
09:56:11.0540 3396  RDPWD - ok
09:56:11.0540 3396  rdyboost - ok
09:56:11.0555 3396  RegSrvc - ok
09:56:11.0555 3396  RemoteAccess - ok
09:56:11.0555 3396  RemoteRegistry - ok
09:56:11.0555 3396  RFCOMM - ok
09:56:11.0571 3396  RpcEptMapper - ok
09:56:11.0571 3396  RpcLocator - ok
09:56:11.0571 3396  RpcSs - ok
09:56:11.0571 3396  RsFx0150 - ok
09:56:11.0587 3396  RSPCIESTOR - ok
09:56:11.0587 3396  rspndr - ok
09:56:11.0587 3396  s3cap - ok
09:56:11.0587 3396  SamSs - ok
09:56:11.0587 3396  sbp2port - ok
09:56:11.0587 3396  SCardSvr - ok
09:56:11.0587 3396  scfilter - ok
09:56:11.0602 3396  Schedule - ok
09:56:11.0602 3396  SCPolicySvc - ok
09:56:11.0618 3396  sdbus - ok
09:56:11.0618 3396  SDRSVC - ok
09:56:11.0618 3396  secdrv - ok
09:56:11.0633 3396  seclogon - ok
09:56:11.0633 3396  SENS - ok
09:56:11.0633 3396  SensrSvc - ok
09:56:11.0649 3396  Serenum - ok
09:56:11.0649 3396  Serial - ok
09:56:11.0665 3396  sermouse - ok
09:56:11.0665 3396  SessionEnv - ok
09:56:11.0665 3396  sffdisk - ok
09:56:11.0665 3396  sffp_mmc - ok
09:56:11.0665 3396  sffp_sd - ok
09:56:11.0665 3396  sfloppy - ok
09:56:11.0696 3396  SharedAccess - ok
09:56:11.0696 3396  ShellHWDetection - ok
09:56:11.0696 3396  Sierra Wireless QDL Service - ok
09:56:11.0711 3396  SiSRaid2 - ok
09:56:11.0711 3396  SiSRaid4 - ok
09:56:11.0711 3396  Smb - ok
09:56:11.0727 3396  SNMPTRAP - ok
09:56:11.0727 3396  SNP2UVC - ok
09:56:11.0727 3396  spldr - ok
09:56:11.0727 3396  Spooler - ok
09:56:11.0727 3396  sppsvc - ok
09:56:11.0727 3396  sppuinotify - ok
09:56:11.0727 3396  SQLAgent$SQLEXPRESS - ok
09:56:11.0743 3396  SQLBrowser - ok
09:56:11.0758 3396  SQLWriter - ok
09:56:11.0758 3396  srv - ok
09:56:11.0758 3396  srv2 - ok
09:56:11.0758 3396  srvnet - ok
09:56:11.0774 3396  SSDPSRV - ok
09:56:11.0774 3396  SstpSvc - ok
09:56:11.0774 3396  Stereo Service - ok
09:56:11.0774 3396  stexstor - ok
09:56:11.0789 3396  stisvc - ok
09:56:11.0789 3396  storflt - ok
09:56:11.0789 3396  StorSvc - ok
09:56:11.0789 3396  storvsc - ok
09:56:11.0805 3396  swenum - ok
09:56:11.0805 3396  swg3kflt00 - ok
09:56:11.0821 3396  swg3kmbb00 - ok
09:56:11.0821 3396  swg3knet00 - ok
09:56:11.0821 3396  swg3knmea00 - ok
09:56:11.0821 3396  swg3kser00 - ok
09:56:11.0821 3396  swibus00 - ok
09:56:11.0821 3396  swibusflt00 - ok
09:56:11.0821 3396  swprv - ok
09:56:11.0836 3396  Synth3dVsc - ok
09:56:11.0836 3396  SynTP - ok
09:56:11.0836 3396  SysMain - ok
09:56:11.0836 3396  TabletInputService - ok
09:56:11.0836 3396  TapiSrv - ok
09:56:11.0836 3396  TBS - ok
09:56:11.0836 3396  Tcpip - ok
09:56:11.0836 3396  TCPIP6 - ok
09:56:11.0852 3396  tcpipreg - ok
09:56:11.0852 3396  TDPIPE - ok
09:56:11.0852 3396  TDTCP - ok
09:56:11.0852 3396  tdx - ok
09:56:11.0852 3396  Te.Service - ok
09:56:11.0899 3396  TeamViewer7 - ok
09:56:11.0899 3396  TermDD - ok
09:56:11.0899 3396  TermService - ok
09:56:11.0899 3396  Themes - ok
09:56:11.0899 3396  THREADORDER - ok
09:56:11.0899 3396  TPM - ok
09:56:11.0899 3396  TrkWks - ok
09:56:11.0914 3396  TrustedInstaller - ok
09:56:11.0914 3396  tssecsrv - ok
09:56:11.0914 3396  TsUsbFlt - ok
09:56:11.0914 3396  tsusbhub - ok
09:56:11.0945 3396  tunnel - ok
09:56:11.0945 3396  uagp35 - ok
09:56:11.0945 3396  udfs - ok
09:56:11.0945 3396  UI0Detect - ok
09:56:11.0977 3396  uliagpkx - ok
09:56:11.0977 3396  umbus - ok
09:56:12.0008 3396  UmPass - ok
09:56:12.0008 3396  UmRdpService - ok
09:56:12.0023 3396  upnphost - ok
09:56:12.0023 3396  usbccgp - ok
09:56:12.0023 3396  usbcir - ok
09:56:12.0039 3396  usbehci - ok
09:56:12.0039 3396  usbhub - ok
09:56:12.0039 3396  usbohci - ok
09:56:12.0039 3396  usbprint - ok
09:56:12.0039 3396  usbscan - ok
09:56:12.0039 3396  USBSTOR - ok
09:56:12.0039 3396  usbuhci - ok
09:56:12.0070 3396  usbvideo - ok
09:56:12.0070 3396  UxSms - ok
09:56:12.0086 3396  VaultSvc - ok
09:56:12.0086 3396  vdrvroot - ok
09:56:12.0086 3396  vds - ok
09:56:12.0086 3396  vga - ok
09:56:12.0086 3396  VgaSave - ok
09:56:12.0101 3396  VGPU - ok
09:56:12.0101 3396  vhdmp - ok
09:56:12.0101 3396  viaide - ok
09:56:12.0101 3396  VMAuthdService - ok
09:56:12.0101 3396  vmbus - ok
09:56:12.0101 3396  VMBusHID - ok
09:56:12.0117 3396  vmci - ok
09:56:12.0117 3396  vmkbd - ok
09:56:12.0117 3396  vmm - ok
09:56:12.0117 3396  VMnetAdapter - ok
09:56:12.0117 3396  VMnetBridge - ok
09:56:12.0117 3396  VMnetDHCP - ok
09:56:12.0133 3396  VMnetuserif - ok
09:56:12.0133 3396  VMparport - ok
09:56:12.0133 3396  vmusb - ok
09:56:12.0133 3396  VMUSBArbService - ok
09:56:12.0133 3396  VMware NAT Service - ok
09:56:12.0148 3396  vmx86 - ok
09:56:12.0148 3396  VNA - ok
09:56:12.0148 3396  volmgr - ok
09:56:12.0148 3396  volmgrx - ok
09:56:12.0148 3396  volsnap - ok
09:56:12.0164 3396  vsmraid - ok
09:56:12.0179 3396  vsock - ok
09:56:12.0195 3396  VSPerfDrv110 - ok
09:56:12.0195 3396  VSS - ok
09:56:12.0211 3396  vwifibus - ok
09:56:12.0211 3396  vwififlt - ok
09:56:12.0211 3396  vwifimp - ok
09:56:12.0211 3396  W32Time - ok
09:56:12.0226 3396  WacomPen - ok
09:56:12.0226 3396  WANARP - ok
09:56:12.0242 3396  Wanarpv6 - ok
09:56:12.0242 3396  wbengine - ok
09:56:12.0242 3396  WbioSrvc - ok
09:56:12.0242 3396  WcesComm - ok
09:56:12.0242 3396  wcncsvc - ok
09:56:12.0242 3396  WcsPlugInService - ok
09:56:12.0242 3396  Wd - ok
09:56:12.0257 3396  Wdf01000 - ok
09:56:12.0257 3396  WdiServiceHost - ok
09:56:12.0257 3396  WdiSystemHost - ok
09:56:12.0257 3396  WebClient - ok
09:56:12.0257 3396  Wecsvc - ok
09:56:12.0257 3396  wercplsupport - ok
09:56:12.0257 3396  WerSvc - ok
09:56:12.0257 3396  WfpLwf - ok
09:56:12.0273 3396  WIMMount - ok
09:56:12.0273 3396  WinDefend - ok
09:56:12.0273 3396  WinHttpAutoProxySvc - ok
09:56:12.0273 3396  Winmgmt - ok
09:56:12.0273 3396  WinRM - ok
09:56:12.0289 3396  winusb - ok
09:56:12.0289 3396  Wlansvc - ok
09:56:12.0289 3396  WmiAcpi - ok
09:56:12.0289 3396  wmiApSrv - ok
09:56:12.0289 3396  WMPNetworkSvc - ok
09:56:12.0304 3396  WMZuneComm - ok
09:56:12.0304 3396  WPCSvc - ok
09:56:12.0304 3396  WPDBusEnum - ok
09:56:12.0304 3396  ws2ifsl - ok
09:56:12.0320 3396  wscsvc - ok
09:56:12.0335 3396  WSDPrintDevice - ok
09:56:12.0335 3396  WSDScan - ok
09:56:12.0335 3396  WSearch - ok
09:56:12.0335 3396  wuauserv - ok
09:56:12.0335 3396  WudfPf - ok
09:56:12.0351 3396  WUDFRd - ok
09:56:12.0351 3396  wudfsvc - ok
09:56:12.0351 3396  WwanSvc - ok
09:56:12.0351 3396  ZuneNetworkSvc - ok
09:56:12.0351 3396  ZuneWlanCfgSvc - ok
09:56:12.0382 3396  ================ Scan global ===============================
09:56:12.0398 3396  [Global] - ok
09:56:12.0398 3396  ================ Scan MBR ==================================
09:56:12.0413 3396  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:56:13.0193 3396  \Device\Harddisk0\DR0 - ok
09:56:13.0193 3396  ================ Scan VBR ==================================
09:56:13.0225 3396  [ 719CED6D299385035EEAE6CB5EC75F29 ] \Device\Harddisk0\DR0\Partition1
09:56:13.0240 3396  \Device\Harddisk0\DR0\Partition1 - ok
09:56:13.0256 3396  [ 8FA4D3A6173D694D21926219BB109A92 ] \Device\Harddisk0\DR0\Partition2
09:56:13.0256 3396  \Device\Harddisk0\DR0\Partition2 - ok
09:56:13.0256 3396  ============================================================
09:56:13.0256 3396  Scan finished
09:56:13.0256 3396  ============================================================
09:56:13.0271 6780  Detected object count: 0
09:56:13.0271 6780  Actual detected object count: 0
09:56:27.0608 6612  Deinitialize success
         

Alt 28.10.2012, 11:20   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Standard

Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?



Sieht gut aus

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?
anmeldung, aufruf, beendet, dateien, desktop, entfernen, festplatte, firefox, funktioniert, hallo zusammen, internetverbindung, java-update, meldung, neue, problem, programme, sekunden, starten, strg, surfen, systemwiederherstellung, taskmanager, verbindung, virus, werden", wlan, öffnen



Ähnliche Themen: Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?


  1. Fehleranzeige in Windows 7 : " Diese Seite kann nicht angezeigt werden "
    Log-Analyse und Auswertung - 20.07.2014 (3)
  2. "Webseite kann nicht angezeigt werden" bei Windows 7 Boot
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (2)
  3. "Diese Webseite kann nicht angezeigt werden" - Windows Vista 32 bit
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (4)
  4. Weißer Bildschirm, "Diese Website kann nicht angezeigt werden"
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (21)
  5. Weißer Bildschirm, "Diese Website kann nicht angezeigt werden"
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (35)
  6. Trojaner Ransom-D / Weißer Bildschirm: "Diese Website kann nicht angezeigt werden"
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (39)
  7. "Webseite kann nicht angezeigt werden" bei Windows 7 Boot
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (25)
  8. Trojaner - "Diese Seite kann nicht angezeigt werden"
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (8)
  9. "Webseite kann nicht angezeigt werden"
    Log-Analyse und Auswertung - 20.09.2012 (3)
  10. "Diese Webseite kann nicht angezeigt werden"
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (9)
  11. "Diese Webseite kann nicht angezeigt werden" - Virus
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (9)
  12. fehlermeldung "diese webseite kann nicht angezeigt werden" bildschirm ist blockiert
    Log-Analyse und Auswertung - 14.08.2012 (3)
  13. Auch keinen Zugriff mehr aufden Desktop "Webseite kann nicht angezeigt werden"
    Log-Analyse und Auswertung - 09.08.2012 (1)
  14. Kein Zugriff auf Desktop! "Die Webseite kann nicht angezeigt werden."
    Log-Analyse und Auswertung - 28.04.2012 (27)
  15. "Diese Seite kann nicht angezeigt werden" / Desktop blockiert
    Log-Analyse und Auswertung - 09.04.2012 (5)
  16. Meldung im Vollbild "Webseite kann nicht angezeigt werden" kein Zugriff auf Desktop
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (1)
  17. IE6: "Diese Seite kann nicht angezeigt werden."
    Log-Analyse und Auswertung - 23.12.2006 (2)

Zum Thema Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? - Hallo zusammen, ich habe mir eben beim Surfen mit FireFox einen Virus auf den PC geholt. Ich vermute , dass es sich um eine neue variante des BKA handelt. Folgendes - Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA?...
Archiv
Du betrachtest: Virus auf PC "Diese Webseite kann nicht angezeigt werden" - BKA? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.