Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner e621ca05

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.11.2012, 22:26   #1
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Hallo zusammen,

ich habe auf allen meinen externen Festplatten nur noch Verknüpfungen zu den Ordnern. Malwarebytes hat mir einen Trojaner gemeldet den ich dann gelöscht habe. Fortan waren die Verknüpfungen nicht mehr zu öffnen (da die Verknüpfung auf den Trjojaner verweist der im Ordner RECYCLER abgelegt war)
Dann habe ich die Ordner über die Ordneroptionen wieder sichtbar gemacht.
(Eigentlich so wie hier beschrieben: http://www.trojaner-board.de/59624-a...-sichtbar.html)
Die Ordner sind jetzt also wieder sichtbar, die Dateien kann ich auch öffnen.
Jetzt zu meinem eigentlichen Problem. Ich weiß nicht wie ich aus den Ordnern wieder normale Ordner mache.
Ich habe vor kurzem aus versehen etwas von der Festplatte gelöscht, das wollte ich jetzt wiederherstellen. Aber Recuva sowie PC Inspector stellt mir nur die alten Verknüpfungen (auf den Trojaner) wieder her. Daher bin ich mir auch nicht sicher ob mein PC nun Trojanerfrei ist oder nicht (Scan von Alvira und Malwarebytes sagt ja)

Wäre sehr nett wenn sich jemand meinem Problem annehmen könnte

OTL Logfile:


Code:
ATTFilter
OTL logfile created on: 12.11.2012 22:35:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johanna\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 52,05% Memory free
7,60 Gb Paging File | 5,41 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 2,21 Gb Free Space | 4,54% Space Free | Partition Type: NTFS
Drive D: | 6,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 416,93 Gb Total Space | 204,06 Gb Free Space | 48,94% Space Free | Partition Type: NTFS
Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive H: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 3,72 Gb Total Space | 2,50 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 448,97 Gb Free Space | 96,40% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 521,12 Gb Free Space | 55,94% Space Free | Partition Type: NTFS
 
Computer Name: EMIL | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
PRC - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 09:12:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.22 08:39:20 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.21 18:55:04 | 010,855,544 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.09.05 18:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.08.20 18:05:44 | 000,048,618 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.09 21:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.10.08 20:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.13 17:16:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.13 17:15:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 17:15:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 17:15:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 17:15:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.10 14:20:04 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011.11.10 14:20:03 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011.11.10 14:20:03 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011.11.10 14:20:03 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011.11.10 14:20:03 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011.11.10 14:20:03 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011.11.10 14:20:03 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011.11.10 14:20:03 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011.11.10 14:20:03 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011.09.05 18:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.08.20 18:05:44 | 000,325,180 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2011.08.20 18:05:44 | 000,288,309 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2011.08.20 18:05:44 | 000,251,285 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2011.08.20 18:05:44 | 000,190,214 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2011.08.20 18:05:44 | 000,180,516 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2011.08.20 18:05:44 | 000,147,158 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2011.08.20 18:05:44 | 000,119,368 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2011.08.20 18:05:44 | 000,093,250 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2011.08.20 18:05:44 | 000,087,918 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2011.08.20 18:05:44 | 000,086,376 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2011.08.20 18:05:44 | 000,075,085 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2011.08.20 18:05:44 | 000,070,345 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2011.08.20 18:05:44 | 000,061,569 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2011.08.20 18:05:44 | 000,043,176 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2011.08.20 18:05:44 | 000,038,873 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2011.08.20 18:05:44 | 000,033,896 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2011.08.20 18:05:44 | 000,029,185 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2011.08.20 18:05:44 | 000,023,339 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2011.08.20 18:05:44 | 000,022,446 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2011.08.20 18:05:44 | 000,022,242 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2011.08.20 18:05:44 | 000,021,753 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2011.08.20 18:05:44 | 000,021,709 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2011.08.20 18:05:44 | 000,021,699 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2011.08.20 18:05:44 | 000,018,706 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2011.08.20 18:05:44 | 000,017,910 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2011.08.20 18:05:44 | 000,016,371 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2011.08.20 18:05:44 | 000,016,330 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2011.08.20 18:05:44 | 000,016,291 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2011.08.20 18:05:44 | 000,014,269 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2011.08.20 18:05:44 | 000,013,426 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2011.08.20 18:05:44 | 000,013,291 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2011.08.20 18:05:44 | 000,012,953 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2011.08.20 18:05:44 | 000,012,380 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2011.08.20 18:05:44 | 000,011,517 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2011.08.20 18:05:44 | 000,011,029 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2011.08.20 18:05:44 | 000,010,521 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2011.08.20 18:05:44 | 000,010,015 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2011.08.20 18:05:44 | 000,009,712 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2011.08.20 18:05:44 | 000,009,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2011.08.20 18:05:44 | 000,009,084 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2011.08.20 18:05:44 | 000,009,055 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2011.08.20 18:05:44 | 000,008,927 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2011.08.20 18:05:44 | 000,008,878 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2011.08.20 18:05:44 | 000,007,645 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2011.08.20 18:05:44 | 000,006,954 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2011.08.20 18:05:44 | 000,006,875 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2011.08.20 18:05:44 | 000,006,751 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2011.08.20 18:05:44 | 000,006,526 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2011.08.20 18:05:42 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2011.08.20 18:05:42 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2011.08.20 18:05:42 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2011.08.20 18:05:42 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2011.08.20 18:05:42 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2011.08.20 18:05:42 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2011.08.20 18:05:40 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2011.05.12 13:06:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.05.12 13:06:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.05.12 13:06:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.05.12 13:06:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.05.12 13:06:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2009.09.08 05:38:00 | 000,278,906 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.29 17:34:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 20:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.01.16 09:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.06.23 17:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 09:12:35 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.09 19:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 14:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.19 12:02:05 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.04.22 13:12:38 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.11.01 17:04:44 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.09 19:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006.11.01 19:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006.11.01 19:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.01.18 23:16:38 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0F67909D-4634-4BFB-A465-9CA9BEE6B796}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2
FF - prefs.js..extensions.enabledAddons: next@scribefire.com:4.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {F807FACD-E46A-4793-B345-D58CB177673C}:4.0.0.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.12.24 09:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.22 08:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.12 00:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions
[2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.11.12 21:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions
[2012.10.05 13:17:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.10.19 13:38:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.07 16:37:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.05 13:17:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\de_DE@dicts.j3e.de
[2012.10.05 13:17:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.10.14 23:01:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung
[2012.10.05 13:17:06 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\amznUWL2@amazon.com.xpi
[2012.10.03 15:20:56 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\extension@ciuvo.com.xpi
[2012.10.18 11:02:41 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\fbdislike@doweb.fr.xpi
[2012.10.05 13:17:29 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\next@scribefire.com.xpi
[2011.11.10 14:52:57 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\personas@christopher.beard.xpi
[2012.10.25 21:44:20 | 000,431,213 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\shoppingassist@ookong.com.xpi
[2012.10.17 11:02:40 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\SkipScreen@SkipScreen.xpi
[2012.03.16 19:03:45 | 000,023,334 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\trustmyweb.addons.firefox@hotmail.com.xpi
[2011.12.07 16:32:53 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.03.16 18:58:25 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
[2011.11.10 14:50:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2011.11.12 12:14:35 | 000,162,610 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}.xpi
[2012.10.30 23:37:05 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2012.10.03 15:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.05 13:17:34 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.19 13:38:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.05 13:17:41 | 000,529,750 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi
[2012.11.12 21:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 17:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.03 10:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.22 08:39:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.29 17:34:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.18 09:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.09 18:01:50 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
[2012.10.18 09:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.18 09:05:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.18 09:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.18 09:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.18 09:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRBIP] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diplomarbeit - Verknüpfung.lnk = E:\Dokumente\Diplomarbeit [2012.11.12 22:15:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.12 22:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.11.09 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Kontoauszüge
[2012.11.08 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dvdcss
[2012.11.08 13:37:44 | 000,000,000 | R--D | C] -- E:\Dokumente\Scanned Documents
[2012.11.08 13:37:41 | 000,000,000 | ---D | C] -- E:\Dokumente\Fax
[2012.11.06 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.11.06 21:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.11.06 13:08:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.06 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.11.06 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012.11.06 12:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.06 11:11:47 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes
[2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 11:11:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.06 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.06 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012.11.03 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.01 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer
[2012.10.30 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Job hunt
[2012.10.29 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\GHISLER
[2012.10.26 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namexif
[2012.10.25 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\PhotoScape
[2012.10.25 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.10.25 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2012.10.25 22:40:38 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe
[2012.10.25 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\rtw präsi
[2012.10.22 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.10.22 08:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.10.22 08:39:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.22 08:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.10.22 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Real
[2012.10.22 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.10.19 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Avira
[2012.10.19 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.19 13:42:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.19 13:42:44 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.19 13:42:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.17 18:27:29 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.10.17 13:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.10.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.10.14 22:55:12 | 000,000,000 | ---D | C] -- E:\Dokumente\verkleinern
[2012.10.14 22:55:11 | 000,000,000 | ---D | C] -- E:\Dokumente\The Millennium Trilogy - Stieg Larsson
[2012.10.14 22:55:11 | 000,000,000 | ---D | C] -- E:\Dokumente\THAILAND
[2012.10.14 22:55:04 | 000,000,000 | ---D | C] -- E:\Dokumente\new zealand blog
[2012.10.14 22:54:50 | 000,000,000 | ---D | C] -- E:\Dokumente\Mylo Xyloto
[2012.10.14 22:31:30 | 000,000,000 | ---D | C] -- E:\Dokumente\handybilder 30 april 2012
[2012.10.14 14:05:38 | 000,000,000 | ---D | C] -- E:\Dokumente\video
[2012.10.14 14:02:42 | 000,000,000 | ---D | C] -- E:\Dokumente\non rtw
[2012.10.14 12:27:04 | 000,000,000 | ---D | C] -- E:\Dokumente\Pictures
[2012.10.14 12:26:43 | 000,000,000 | ---D | C] -- E:\Dokumente\Musik
[2012.10.14 12:26:43 | 000,000,000 | ---D | C] -- E:\Dokumente\Music
[2012.10.14 12:07:27 | 000,000,000 | ---D | C] -- E:\Dokumente\Downloads
[2012.10.14 11:02:20 | 000,000,000 | ---D | C] -- E:\Dokumente\Documents
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.12 22:41:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.11.12 22:38:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.11.12 22:32:49 | 000,000,168 | ---- | M] () -- C:\Users\Johanna\defogger_reenable
[2012.11.12 22:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Johanna\Desktop\Defogger.exe
[2012.11.12 22:06:59 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 22:06:59 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 22:03:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.12 22:03:52 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.12 22:03:52 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.12 22:03:52 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.12 22:03:52 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.12 21:56:45 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.12 21:56:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.12 21:56:14 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 21:40:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.11.12 19:41:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.11.12 18:40:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.11.06 21:41:53 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.11.06 21:40:42 | 010,797,876 | ---- | M] () -- C:\Users\Johanna\Desktop\m,..drd
[2012.11.06 11:13:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.30 09:12:35 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.26 09:29:10 | 000,000,995 | ---- | M] () -- C:\Users\Johanna\Desktop\Namexif.lnk
[2012.10.25 22:42:05 | 000,001,035 | ---- | M] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk
[2012.10.25 22:41:29 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe
[2012.10.22 08:40:15 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.22 08:39:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.19 15:01:37 | 000,000,162 | -H-- | M] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt
[2012.10.19 14:53:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.10.19 13:42:50 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.19 13:39:43 | 005,193,498 | -H-- | M] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat
[2012.10.17 13:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.17 13:06:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.10.17 13:06:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.11.12 22:34:20 | 000,050,477 | ---- | C] () -- C:\Users\Johanna\Desktop\Defogger.exe
[2012.11.12 22:32:49 | 000,000,168 | ---- | C] () -- C:\Users\Johanna\defogger_reenable
[2012.11.06 21:41:53 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.11.06 21:40:39 | 010,797,876 | ---- | C] () -- C:\Users\Johanna\Desktop\m,..drd
[2012.11.06 11:11:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 09:29:10 | 000,000,995 | ---- | C] () -- C:\Users\Johanna\Desktop\Namexif.lnk
[2012.10.25 22:42:05 | 000,001,035 | ---- | C] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk
[2012.10.22 08:40:15 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.19 15:01:37 | 000,000,162 | -H-- | C] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt
[2012.10.19 15:01:34 | 000,014,122 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz.odt
[2012.10.19 15:01:34 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz2.odt
[2012.10.19 14:53:59 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2012.10.19 14:53:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.10.19 13:42:50 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.17 13:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.17 13:06:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.10.17 13:06:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012.10.17 13:05:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.03.27 16:38:39 | 000,870,683 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe
[2012.03.10 11:31:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.24 22:34:26 | 000,001,514 | ---- | C] () -- C:\Users\Johanna\.recently-used.xbel
[2012.01.18 15:33:29 | 000,011,442 | ---- | C] () -- C:\Users\Johanna\gsview64.ini
[2012.01.16 12:32:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.12.10 21:35:47 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.22 23:50:05 | 000,003,584 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 18:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\chrtmp
[2011.11.19 13:27:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.11.19 13:19:38 | 000,000,008 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\benibelawordCount.usage
[2011.06.24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011.06.24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2005.04.08 03:16:43 | 005,193,498 | -H-- | C] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.12 21:57:28 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\.purple
[2012.03.09 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\adma
[2011.11.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\benibela
[2012.11.01 12:30:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer
[2012.01.16 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CAD-KAS
[2012.04.01 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\calibre
[2011.12.10 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.05 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DAEMON Tools Lite
[2012.01.16 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Downloaded Installations
[2012.11.12 21:57:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox
[2012.01.15 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoft
[2011.12.07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FileZilla
[2011.11.10 12:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Fujitsu
[2012.10.26 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GHISLER
[2012.01.24 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\gtk-2.0
[2011.11.24 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\HTC
[2012.11.06 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\install
[2012.01.02 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MAGIX
[2012.10.26 09:30:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\namexif
[2012.03.09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Nitro PDF
[2011.12.18 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDAppFlex
[2012.03.04 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDF Writer
[2012.01.24 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Philips-Songbird
[2012.10.25 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape
[2012.03.27 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PlagiarismFinder
[2012.03.16 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\QuickScan
[2012.01.06 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Rovio
[2011.11.27 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\SnapTeam
[2011.11.10 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird
[2012.01.17 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TrainIt
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von TschaeiBie (12.11.2012 um 23:13 Uhr)

Alt 14.11.2012, 16:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:
Daher bin ich mir auch nicht sicher ob mein PC nun Trojanerfrei ist oder nicht (Scan von Alvira und Malwarebytes sagt ja)
Gab es von keinem Tool Funde?
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________

__________________

Alt 14.11.2012, 19:58   #3
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Hallo danke für die Antwort,

ich habe einen Log von Malwarebytes mit einem Fund alle jüngeren sind ohne funde

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johanna :: EMIL [Administrator]

Schutz: Aktiviert

06.11.2012 11:22:34
mbam-log-2012-11-06 (11-22-34).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 188175
Laufzeit: 1 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) -> Daten: C:\Users\Johanna\AppData\Roaming\install\wlcomn.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Johanna\AppData\Roaming\install\wlcomn.exe (Backdoor.HMCPol.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
das hier ist von Alvira
Code:
ATTFilter
Exportierte Ereignisse:

04.11.2012 22:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'J:\RECYCLER\e621ca05.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.10.2012 14:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Johanna\AppData\Roaming\709explorer.exe'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dixzmer.A' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1dc79151.qua' 
      verschoben!

19.10.2012 14:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Johanna\AppData\Roaming\Gsqkqq.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fd0cc7c.qua' 
      verschoben!

04.11.2012 22:24 [System-Scanner] Malware gefunden
      Die Datei 'J:\RECYCLER\e621ca05.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' 
      [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei existiert nicht!

04.11.2012 22:24 [System-Scanner] Malware gefunden
      Die Datei 'J:\RECYCLER\e621ca05.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5bf24f22.qua' 
      verschoben!

04.11.2012 22:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'J:\RECYCLER\e621ca05.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.11.2012 22:19 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'J:\RECYCLER\e621ca05.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.10.2012 14:51 [System-Scanner] Malware gefunden
      Die Datei 'F:\RECYCLER\e621ca05.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '588fd850.qua' 
      verschoben!

19.10.2012 14:50 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'F:\RECYCLER\e621ca05.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.10.2012 14:47 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'F:\RECYCLER\e621ca05.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.10.2012 14:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' 
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '575fe3e0.qua' 
      verschoben!

19.10.2012 14:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Johanna\AppData\Roaming\306explorer.exe'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dixzmer.A' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3e79f3ae.qua' 
      verschoben!

19.10.2012 14:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Johanna\AppData\Roaming\63explorer.exe'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dixzmer.A' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7bacde97.qua' 
      verschoben!
         
__________________

Alt 14.11.2012, 21:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2012, 22:06   #5
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Gut also hier der Log von aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-14 21:51:35
-----------------------------
21:51:35.186    OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:35.186    Number of processors: 2 586 0x2505
21:51:35.188    ComputerName: EMIL  UserName: 
21:51:36.624    Initialize success
21:51:58.192    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:51:58.197    Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3
21:51:58.212    Disk 0 MBR read successfully
21:51:58.217    Disk 0 MBR scan
21:51:58.222    Disk 0 Windows 7 default MBR code
21:51:58.235    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:51:58.253    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        49899 MB offset 206848
21:51:58.271    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       426938 MB offset 102400000
21:51:58.313    Disk 0 scanning C:\Windows\system32\drivers
21:52:05.115    Service scanning
21:52:29.652    Modules scanning
21:52:29.670    Disk 0 trace - called modules:
21:52:29.778    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
21:52:29.787    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b035a0]
21:52:29.799    3 CLASSPNP.SYS[fffff88001b4143f] -> nt!IofCallDriver -> [0xfffffa80049a04f0]
21:52:30.027    5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
21:52:30.040    Scan finished successfully
21:53:18.502    Disk 0 MBR has been saved successfully to "C:\Users\Johanna\Desktop\logs\MBR.dat"
21:53:18.569    The log file has been saved successfully to "C:\Users\Johanna\Desktop\logs\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-14 21:55:09
-----------------------------
21:55:09.789    OS Version: Windows x64 6.1.7601 Service Pack 1
21:55:09.790    Number of processors: 2 586 0x2505
21:55:09.795    ComputerName: EMIL  UserName: 
21:55:10.322    Initialize success
21:55:12.794    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:55:12.799    Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3
21:55:12.861    Disk 0 MBR read successfully
21:55:12.867    Disk 0 MBR scan
21:55:12.872    Disk 0 Windows 7 default MBR code
21:55:12.885    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:55:12.902    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        49899 MB offset 206848
21:55:12.943    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       426938 MB offset 102400000
21:55:12.981    Disk 0 scanning C:\Windows\system32\drivers
21:55:20.573    Service scanning
21:55:47.012    Modules scanning
21:55:47.014    Disk 0 trace - called modules:
21:55:47.073    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
21:55:47.074    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b035a0]
21:55:47.075    3 CLASSPNP.SYS[fffff88001b4143f] -> nt!IofCallDriver -> [0xfffffa80049a04f0]
21:55:47.078    5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
21:55:47.079    Scan finished successfully
21:57:15.081    Disk 0 MBR has been saved successfully to "C:\Users\Johanna\Desktop\logs\MBR.dat"
21:57:15.101    The log file has been saved successfully to "C:\Users\Johanna\Desktop\logs\aswMBR.txt"
         
und der von tdsskiller

Code:
ATTFilter
21:59:10.0900 1828  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:59:11.0274 1828  ============================================================
21:59:11.0274 1828  Current date / time: 2012/11/14 21:59:11.0274
21:59:11.0274 1828  SystemInfo:
21:59:11.0274 1828  
21:59:11.0274 1828  OS Version: 6.1.7601 ServicePack: 1.0
21:59:11.0274 1828  Product type: Workstation
21:59:11.0274 1828  ComputerName: EMIL
21:59:11.0274 1828  UserName: Johanna
21:59:11.0274 1828  Windows directory: C:\Windows
21:59:11.0274 1828  System windows directory: C:\Windows
21:59:11.0274 1828  Running under WOW64
21:59:11.0274 1828  Processor architecture: Intel x64
21:59:11.0274 1828  Number of processors: 2
21:59:11.0274 1828  Page size: 0x1000
21:59:11.0274 1828  Boot type: Normal boot
21:59:11.0274 1828  ============================================================
21:59:11.0945 1828  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:11.0960 1828  Drive \Device\Harddisk1\DR9 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0319 1828  Drive \Device\Harddisk2\DR8 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0366 1828  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0397 1828  Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0460 1828  Drive \Device\Harddisk5\DR5 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:16.0266 1828  ============================================================
21:59:16.0266 1828  \Device\Harddisk0\DR0:
21:59:16.0313 1828  MBR partitions:
21:59:16.0313 1828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:59:16.0313 1828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6175800
21:59:16.0313 1828  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x341DD000
21:59:16.0313 1828  \Device\Harddisk1\DR9:
21:59:16.0313 1828  MBR partitions:
21:59:16.0313 1828  \Device\Harddisk1\DR9\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3A384441
21:59:16.0313 1828  \Device\Harddisk2\DR8:
21:59:16.0344 1828  MBR partitions:
21:59:16.0344 1828  \Device\Harddisk2\DR8\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
21:59:16.0344 1828  \Device\Harddisk3\DR3:
21:59:16.0344 1828  MBR partitions:
21:59:16.0344 1828  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385830
21:59:16.0344 1828  \Device\Harddisk4\DR4:
21:59:16.0344 1828  MBR partitions:
21:59:16.0344 1828  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:59:16.0344 1828  \Device\Harddisk5\DR5:
21:59:16.0344 1828  MBR partitions:
21:59:16.0344 1828  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938
21:59:16.0344 1828  ============================================================
21:59:16.0375 1828  C: <-> \Device\Harddisk0\DR0\Partition2
21:59:16.0391 1828  E: <-> \Device\Harddisk0\DR0\Partition3
21:59:16.0406 1828  F: <-> \Device\Harddisk5\DR5\Partition1
21:59:16.0438 1828  I: <-> \Device\Harddisk1\DR9\Partition1
21:59:16.0500 1828  J: <-> \Device\Harddisk3\DR3\Partition1
21:59:16.0547 1828  K: <-> \Device\Harddisk4\DR4\Partition1
21:59:16.0594 1828  L: <-> \Device\Harddisk2\DR8\Partition1
21:59:16.0594 1828  ============================================================
21:59:16.0594 1828  Initialize success
21:59:16.0594 1828  ============================================================
21:59:28.0715 9000  ============================================================
21:59:28.0715 9000  Scan started
21:59:28.0715 9000  Mode: Manual; SigCheck; TDLFS; 
21:59:28.0715 9000  ============================================================
21:59:29.0152 9000  ================ Scan system memory ========================
21:59:29.0152 9000  System memory - ok
21:59:29.0152 9000  ================ Scan services =============================
21:59:29.0401 9000  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:59:29.0557 9000  1394ohci - ok
21:59:29.0620 9000  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:59:29.0651 9000  ACPI - ok
21:59:29.0698 9000  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:59:29.0838 9000  AcpiPmi - ok
21:59:29.0963 9000  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:59:29.0978 9000  AdobeARMservice - ok
21:59:30.0103 9000  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:30.0134 9000  AdobeFlashPlayerUpdateSvc - ok
21:59:30.0212 9000  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:59:30.0259 9000  adp94xx - ok
21:59:30.0337 9000  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:59:30.0368 9000  adpahci - ok
21:59:30.0384 9000  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:59:30.0415 9000  adpu320 - ok
21:59:30.0462 9000  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:59:30.0680 9000  AeLookupSvc - ok
21:59:30.0743 9000  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:59:30.0836 9000  AFD - ok
21:59:30.0868 9000  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:59:30.0899 9000  agp440 - ok
21:59:30.0930 9000  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:59:31.0008 9000  ALG - ok
21:59:31.0024 9000  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:59:31.0055 9000  aliide - ok
21:59:31.0070 9000  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:59:31.0086 9000  amdide - ok
21:59:31.0117 9000  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:59:31.0164 9000  AmdK8 - ok
21:59:31.0180 9000  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:59:31.0226 9000  AmdPPM - ok
21:59:31.0258 9000  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:59:31.0289 9000  amdsata - ok
21:59:31.0336 9000  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:59:31.0367 9000  amdsbs - ok
21:59:31.0382 9000  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:59:31.0398 9000  amdxata - ok
21:59:31.0492 9000  [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:59:31.0507 9000  AntiVirSchedulerService - ok
21:59:31.0523 9000  [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:59:31.0554 9000  AntiVirService - ok
21:59:31.0616 9000  [ A98662AF1F4FE95E0B1DAF75B98CFAE3 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
21:59:31.0726 9000  AnyDVD - ok
21:59:31.0772 9000  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:59:31.0960 9000  AppID - ok
21:59:31.0991 9000  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:59:32.0100 9000  AppIDSvc - ok
21:59:32.0131 9000  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:59:32.0256 9000  Appinfo - ok
21:59:32.0303 9000  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:59:32.0365 9000  AppMgmt - ok
21:59:32.0381 9000  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:59:32.0412 9000  arc - ok
21:59:32.0443 9000  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:59:32.0459 9000  arcsas - ok
21:59:32.0490 9000  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:32.0599 9000  AsyncMac - ok
21:59:32.0615 9000  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:59:32.0646 9000  atapi - ok
21:59:32.0724 9000  [ 8C56E93749BA53A4B645963D3439E01E ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:59:32.0818 9000  athr - ok
21:59:32.0880 9000  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:59:33.0005 9000  AudioEndpointBuilder - ok
21:59:33.0020 9000  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:59:33.0130 9000  AudioSrv - ok
21:59:33.0145 9000  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:59:33.0176 9000  avgntflt - ok
21:59:33.0223 9000  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:59:33.0239 9000  avipbb - ok
21:59:33.0254 9000  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:59:33.0270 9000  avkmgr - ok
21:59:33.0317 9000  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:59:33.0457 9000  AxInstSV - ok
21:59:33.0504 9000  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:59:33.0582 9000  b06bdrv - ok
21:59:33.0629 9000  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:33.0691 9000  b57nd60a - ok
21:59:33.0738 9000  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:59:33.0816 9000  BDESVC - ok
21:59:33.0847 9000  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:59:33.0956 9000  Beep - ok
21:59:34.0034 9000  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:59:34.0159 9000  BFE - ok
21:59:34.0206 9000  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:59:34.0362 9000  BITS - ok
21:59:34.0409 9000  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:34.0440 9000  blbdrive - ok
21:59:34.0471 9000  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:59:34.0534 9000  bowser - ok
21:59:34.0565 9000  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:59:34.0612 9000  BrFiltLo - ok
21:59:34.0627 9000  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:59:34.0658 9000  BrFiltUp - ok
21:59:34.0705 9000  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:59:34.0752 9000  Browser - ok
21:59:34.0783 9000  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:59:34.0861 9000  Brserid - ok
21:59:34.0892 9000  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:34.0939 9000  BrSerWdm - ok
21:59:34.0970 9000  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:35.0017 9000  BrUsbMdm - ok
21:59:35.0064 9000  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:35.0111 9000  BrUsbSer - ok
21:59:35.0158 9000  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:59:35.0236 9000  BthEnum - ok
21:59:35.0282 9000  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:59:35.0314 9000  BTHMODEM - ok
21:59:35.0360 9000  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:59:35.0423 9000  BthPan - ok
21:59:35.0470 9000  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:59:35.0516 9000  BTHPORT - ok
21:59:35.0548 9000  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:59:35.0672 9000  bthserv - ok
21:59:35.0704 9000  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:59:35.0750 9000  BTHUSB - ok
21:59:35.0782 9000  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:59:35.0906 9000  cdfs - ok
21:59:35.0938 9000  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:59:35.0969 9000  cdrom - ok
21:59:36.0000 9000  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:59:36.0109 9000  CertPropSvc - ok
21:59:36.0125 9000  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:59:36.0187 9000  circlass - ok
21:59:36.0218 9000  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:59:36.0265 9000  CLFS - ok
21:59:36.0328 9000  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:36.0359 9000  clr_optimization_v2.0.50727_32 - ok
21:59:36.0390 9000  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:36.0406 9000  clr_optimization_v2.0.50727_64 - ok
21:59:36.0499 9000  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:36.0530 9000  clr_optimization_v4.0.30319_32 - ok
21:59:36.0577 9000  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:36.0593 9000  clr_optimization_v4.0.30319_64 - ok
21:59:36.0655 9000  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:36.0702 9000  CmBatt - ok
21:59:36.0718 9000  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:59:36.0749 9000  cmdide - ok
21:59:36.0842 9000  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:59:36.0952 9000  CNG - ok
21:59:36.0998 9000  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:59:37.0030 9000  Compbatt - ok
21:59:37.0045 9000  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:59:37.0092 9000  CompositeBus - ok
21:59:37.0108 9000  COMSysApp - ok
21:59:37.0139 9000  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:59:37.0170 9000  crcdisk - ok
21:59:37.0217 9000  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:59:37.0279 9000  CryptSvc - ok
21:59:37.0310 9000  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
21:59:37.0404 9000  CSC - ok
21:59:37.0435 9000  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
21:59:37.0498 9000  CscService - ok
21:59:37.0544 9000  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
21:59:37.0560 9000  dc3d - ok
21:59:37.0622 9000  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:59:37.0732 9000  DcomLaunch - ok
21:59:37.0778 9000  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:59:37.0903 9000  defragsvc - ok
21:59:37.0919 9000  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:59:38.0028 9000  DfsC - ok
21:59:38.0059 9000  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:59:38.0168 9000  Dhcp - ok
21:59:38.0200 9000  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:59:38.0309 9000  discache - ok
21:59:38.0340 9000  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:59:38.0356 9000  Disk - ok
21:59:38.0402 9000  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:59:38.0465 9000  dmvsc - ok
21:59:38.0496 9000  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:59:38.0558 9000  Dnscache - ok
21:59:38.0605 9000  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:59:38.0714 9000  dot3svc - ok
21:59:38.0730 9000  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:59:38.0839 9000  DPS - ok
21:59:38.0886 9000  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:59:38.0933 9000  drmkaud - ok
21:59:38.0980 9000  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:59:39.0011 9000  dtsoftbus01 - ok
21:59:39.0058 9000  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:59:39.0120 9000  DXGKrnl - ok
21:59:39.0151 9000  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:59:39.0245 9000  EapHost - ok
21:59:39.0354 9000  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:59:39.0479 9000  ebdrv - ok
21:59:39.0526 9000  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:59:39.0588 9000  EFS - ok
21:59:39.0666 9000  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:59:39.0744 9000  ehRecvr - ok
21:59:39.0760 9000  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:59:39.0791 9000  ehSched - ok
21:59:39.0853 9000  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
21:59:39.0884 9000  ElbyCDIO - ok
21:59:39.0978 9000  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:59:40.0009 9000  elxstor - ok
21:59:40.0025 9000  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:59:40.0056 9000  ErrDev - ok
21:59:40.0103 9000  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:59:40.0228 9000  EventSystem - ok
21:59:40.0259 9000  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:59:40.0352 9000  exfat - ok
21:59:40.0399 9000  Fabs - ok
21:59:40.0430 9000  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:59:40.0524 9000  fastfat - ok
21:59:40.0571 9000  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:59:40.0664 9000  Fax - ok
21:59:40.0696 9000  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:59:40.0742 9000  fdc - ok
21:59:40.0774 9000  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:59:40.0867 9000  fdPHost - ok
21:59:40.0898 9000  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:59:41.0008 9000  FDResPub - ok
21:59:41.0054 9000  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:59:41.0070 9000  FileInfo - ok
21:59:41.0101 9000  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:59:41.0210 9000  Filetrace - ok
21:59:41.0320 9000  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:59:41.0413 9000  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:59:41.0413 9000  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:59:41.0460 9000  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:59:41.0476 9000  flpydisk - ok
21:59:41.0507 9000  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:59:41.0554 9000  FltMgr - ok
21:59:41.0616 9000  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:59:41.0710 9000  FontCache - ok
21:59:41.0788 9000  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:41.0803 9000  FontCache3.0.0.0 - ok
21:59:41.0819 9000  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:59:41.0850 9000  FsDepends - ok
21:59:41.0881 9000  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:59:41.0912 9000  Fs_Rec - ok
21:59:41.0959 9000  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
21:59:42.0022 9000  FUJ02B1 - ok
21:59:42.0037 9000  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
21:59:42.0084 9000  FUJ02E3 - ok
21:59:42.0115 9000  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:59:42.0162 9000  fvevol - ok
21:59:42.0193 9000  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:59:42.0224 9000  gagp30kx - ok
21:59:42.0271 9000  GEARAspiWDM - ok
21:59:42.0318 9000  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:59:42.0443 9000  gpsvc - ok
21:59:42.0490 9000  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:59:42.0521 9000  gusvc - ok
21:59:42.0552 9000  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:59:42.0630 9000  hcw85cir - ok
21:59:42.0677 9000  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:59:42.0724 9000  HdAudAddService - ok
21:59:42.0770 9000  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:59:42.0817 9000  HDAudBus - ok
21:59:42.0864 9000  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
21:59:42.0880 9000  HECIx64 - ok
21:59:42.0911 9000  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:59:42.0942 9000  HidBatt - ok
21:59:42.0958 9000  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:59:43.0020 9000  HidBth - ok
21:59:43.0051 9000  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:59:43.0098 9000  HidIr - ok
21:59:43.0129 9000  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:59:43.0223 9000  hidserv - ok
21:59:43.0270 9000  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:59:43.0301 9000  HidUsb - ok
21:59:43.0332 9000  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:59:43.0441 9000  hkmsvc - ok
21:59:43.0472 9000  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:43.0535 9000  HomeGroupListener - ok
21:59:43.0582 9000  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:43.0613 9000  HomeGroupProvider - ok
21:59:43.0660 9000  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:59:43.0691 9000  HpSAMD - ok
21:59:43.0722 9000  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:59:43.0784 9000  HTCAND64 - ok
21:59:43.0847 9000  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
21:59:43.0862 9000  htcnprot - ok
21:59:43.0909 9000  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:59:44.0034 9000  HTTP - ok
21:59:44.0065 9000  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:59:44.0096 9000  hwpolicy - ok
21:59:44.0128 9000  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:59:44.0159 9000  i8042prt - ok
21:59:44.0190 9000  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:59:44.0221 9000  iaStor - ok
21:59:44.0284 9000  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:59:44.0315 9000  iaStorV - ok
21:59:44.0377 9000  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:44.0424 9000  idsvc - ok
21:59:44.0674 9000  [ 8E509DE232CFA4F8A5B34F01802F500E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:59:45.0048 9000  igfx - ok
21:59:45.0095 9000  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:59:45.0126 9000  iirsp - ok
21:59:45.0173 9000  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:59:45.0298 9000  IKEEXT - ok
21:59:45.0329 9000  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
21:59:45.0376 9000  Impcd - ok
21:59:45.0485 9000  [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:59:45.0578 9000  IntcAzAudAddService - ok
21:59:45.0625 9000  [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:59:45.0688 9000  IntcDAud - ok
21:59:45.0719 9000  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:59:45.0734 9000  intelide - ok
21:59:45.0766 9000  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:59:45.0812 9000  intelppm - ok
21:59:45.0844 9000  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:59:45.0953 9000  IPBusEnum - ok
21:59:45.0968 9000  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:46.0062 9000  IpFilterDriver - ok
21:59:46.0109 9000  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:59:46.0234 9000  iphlpsvc - ok
21:59:46.0265 9000  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:59:46.0312 9000  IPMIDRV - ok
21:59:46.0327 9000  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:59:46.0421 9000  IPNAT - ok
21:59:46.0452 9000  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:59:46.0514 9000  IRENUM - ok
21:59:46.0514 9000  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:59:46.0546 9000  isapnp - ok
21:59:46.0577 9000  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:59:46.0608 9000  iScsiPrt - ok
21:59:46.0624 9000  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:59:46.0655 9000  kbdclass - ok
21:59:46.0670 9000  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:59:46.0717 9000  kbdhid - ok
21:59:46.0748 9000  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:59:46.0764 9000  KeyIso - ok
21:59:46.0795 9000  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:59:46.0826 9000  KSecDD - ok
21:59:46.0842 9000  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:59:46.0873 9000  KSecPkg - ok
21:59:46.0936 9000  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:59:47.0092 9000  ksthunk - ok
21:59:47.0123 9000  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:59:47.0248 9000  KtmRm - ok
21:59:47.0310 9000  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:59:47.0404 9000  LanmanServer - ok
21:59:47.0435 9000  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:59:47.0544 9000  LanmanWorkstation - ok
21:59:47.0560 9000  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:59:47.0669 9000  lltdio - ok
21:59:47.0700 9000  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:59:47.0809 9000  lltdsvc - ok
21:59:47.0840 9000  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:59:47.0950 9000  lmhosts - ok
21:59:48.0012 9000  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:59:48.0043 9000  LMS ( UnsignedFile.Multi.Generic ) - warning
21:59:48.0043 9000  LMS - detected UnsignedFile.Multi.Generic (1)
21:59:48.0106 9000  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:59:48.0137 9000  LSI_FC - ok
21:59:48.0168 9000  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:59:48.0199 9000  LSI_SAS - ok
21:59:48.0215 9000  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:59:48.0246 9000  LSI_SAS2 - ok
21:59:48.0277 9000  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:59:48.0293 9000  LSI_SCSI - ok
21:59:48.0324 9000  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:59:48.0433 9000  luafv - ok
21:59:48.0496 9000  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:59:48.0511 9000  MBAMProtector - ok
21:59:48.0605 9000  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:59:48.0636 9000  MBAMScheduler - ok
21:59:48.0683 9000  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:59:48.0730 9000  MBAMService - ok
21:59:48.0761 9000  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:59:48.0792 9000  Mcx2Svc - ok
21:59:48.0823 9000  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:59:48.0839 9000  megasas - ok
21:59:48.0870 9000  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:59:48.0901 9000  MegaSR - ok
21:59:48.0932 9000  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:59:49.0026 9000  MMCSS - ok
21:59:49.0057 9000  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:59:49.0151 9000  Modem - ok
21:59:49.0182 9000  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:59:49.0229 9000  monitor - ok
21:59:49.0276 9000  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:59:49.0291 9000  mouclass - ok
21:59:49.0322 9000  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:59:49.0354 9000  mouhid - ok
21:59:49.0385 9000  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:59:49.0416 9000  mountmgr - ok
21:59:49.0510 9000  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:59:49.0541 9000  MozillaMaintenance - ok
21:59:49.0556 9000  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:59:49.0572 9000  mpio - ok
21:59:49.0603 9000  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:59:49.0697 9000  mpsdrv - ok
21:59:49.0744 9000  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:59:49.0853 9000  MpsSvc - ok
21:59:49.0868 9000  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:59:49.0931 9000  MRxDAV - ok
21:59:49.0962 9000  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:50.0009 9000  mrxsmb - ok
21:59:50.0040 9000  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:50.0056 9000  mrxsmb10 - ok
21:59:50.0087 9000  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:50.0102 9000  mrxsmb20 - ok
21:59:50.0149 9000  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:59:50.0180 9000  msahci - ok
21:59:50.0212 9000  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:59:50.0227 9000  msdsm - ok
21:59:50.0258 9000  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:59:50.0305 9000  MSDTC - ok
21:59:50.0321 9000  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:59:50.0430 9000  Msfs - ok
21:59:50.0446 9000  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:59:50.0555 9000  mshidkmdf - ok
21:59:50.0570 9000  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:59:50.0586 9000  msisadrv - ok
21:59:50.0633 9000  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:59:50.0726 9000  MSiSCSI - ok
21:59:50.0742 9000  msiserver - ok
21:59:50.0758 9000  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:59:50.0867 9000  MSKSSRV - ok
21:59:50.0882 9000  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:50.0992 9000  MSPCLOCK - ok
21:59:50.0992 9000  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:59:51.0101 9000  MSPQM - ok
21:59:51.0116 9000  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:59:51.0163 9000  MsRPC - ok
21:59:51.0179 9000  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:59:51.0210 9000  mssmbios - ok
21:59:51.0241 9000  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:59:51.0350 9000  MSTEE - ok
21:59:51.0350 9000  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:59:51.0397 9000  MTConfig - ok
21:59:51.0413 9000  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:59:51.0444 9000  Mup - ok
21:59:51.0475 9000  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:59:51.0584 9000  napagent - ok
21:59:51.0631 9000  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:59:51.0694 9000  NativeWifiP - ok
21:59:51.0756 9000  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:59:51.0818 9000  NDIS - ok
21:59:51.0850 9000  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:51.0943 9000  NdisCap - ok
21:59:51.0974 9000  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:52.0052 9000  NdisTapi - ok
21:59:52.0068 9000  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:52.0162 9000  Ndisuio - ok
21:59:52.0193 9000  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:52.0286 9000  NdisWan - ok
21:59:52.0302 9000  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:59:52.0396 9000  NDProxy - ok
21:59:52.0427 9000  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:59:52.0520 9000  NetBIOS - ok
21:59:52.0552 9000  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:59:52.0645 9000  NetBT - ok
21:59:52.0692 9000  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:59:52.0723 9000  Netlogon - ok
21:59:52.0770 9000  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:59:52.0879 9000  Netman - ok
21:59:52.0895 9000  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:59:53.0020 9000  netprofm - ok
21:59:53.0051 9000  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:59:53.0066 9000  NetTcpPortSharing - ok
21:59:53.0113 9000  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:59:53.0129 9000  nfrd960 - ok
21:59:53.0285 9000  [ 0526356C6FABC0F0CE3BFB3039338BBE ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
21:59:53.0316 9000  NitroReaderDriverReadSpool2 - ok
21:59:53.0363 9000  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:59:53.0472 9000  NlaSvc - ok
21:59:53.0503 9000  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:59:53.0597 9000  Npfs - ok
21:59:53.0612 9000  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:59:53.0706 9000  nsi - ok
21:59:53.0722 9000  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:59:53.0831 9000  nsiproxy - ok
21:59:53.0893 9000  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:59:54.0002 9000  Ntfs - ok
21:59:54.0018 9000  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:59:54.0112 9000  Null - ok
21:59:54.0143 9000  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:59:54.0174 9000  nvraid - ok
21:59:54.0205 9000  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:59:54.0236 9000  nvstor - ok
21:59:54.0252 9000  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:59:54.0283 9000  nv_agp - ok
21:59:54.0377 9000  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:59:54.0408 9000  odserv - ok
21:59:54.0439 9000  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:59:54.0486 9000  ohci1394 - ok
21:59:54.0548 9000  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:59:54.0580 9000  ose - ok
21:59:54.0626 9000  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:59:54.0689 9000  p2pimsvc - ok
21:59:54.0720 9000  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:59:54.0751 9000  p2psvc - ok
21:59:54.0782 9000  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:59:54.0829 9000  Parport - ok
21:59:54.0860 9000  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:59:54.0892 9000  partmgr - ok
21:59:54.0954 9000  [ 8F873BD8188ED208922CAE9B79DD6A35 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:59:54.0985 9000  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:59:54.0985 9000  PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:59:55.0016 9000  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:59:55.0079 9000  PcaSvc - ok
21:59:55.0110 9000  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:59:55.0141 9000  pci - ok
21:59:55.0157 9000  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:59:55.0188 9000  pciide - ok
21:59:55.0219 9000  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:59:55.0250 9000  pcmcia - ok
21:59:55.0266 9000  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:59:55.0282 9000  pcw - ok
21:59:55.0313 9000  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:59:55.0422 9000  PEAUTH - ok
21:59:55.0484 9000  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:59:55.0562 9000  PeerDistSvc - ok
21:59:55.0640 9000  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:59:55.0672 9000  PerfHost - ok
21:59:55.0734 9000  [ C0F1CFCEE7E8AFF3AE0A7F54A7D3D6BE ] PFNService      C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
21:59:55.0765 9000  PFNService ( UnsignedFile.Multi.Generic ) - warning
21:59:55.0765 9000  PFNService - detected UnsignedFile.Multi.Generic (1)
21:59:55.0828 9000  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:59:55.0968 9000  pla - ok
21:59:56.0030 9000  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:59:56.0093 9000  PlugPlay - ok
21:59:56.0124 9000  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:59:56.0155 9000  PNRPAutoReg - ok
21:59:56.0171 9000  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:59:56.0218 9000  PNRPsvc - ok
21:59:56.0249 9000  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
21:59:56.0280 9000  Point64 - ok
21:59:56.0311 9000  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:59:56.0436 9000  PolicyAgent - ok
21:59:56.0467 9000  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:59:56.0576 9000  Power - ok
21:59:56.0623 9000  [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
21:59:56.0639 9000  PowerSavingUtilityService - ok
21:59:56.0686 9000  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:59:56.0795 9000  PptpMiniport - ok
21:59:56.0826 9000  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:59:56.0857 9000  Processor - ok
21:59:56.0904 9000  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:59:56.0982 9000  ProfSvc - ok
21:59:56.0998 9000  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:59:57.0029 9000  ProtectedStorage - ok
21:59:57.0044 9000  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:59:57.0154 9000  Psched - ok
21:59:57.0200 9000  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:59:57.0294 9000  ql2300 - ok
21:59:57.0310 9000  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:59:57.0341 9000  ql40xx - ok
21:59:57.0372 9000  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:59:57.0419 9000  QWAVE - ok
21:59:57.0434 9000  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:59:57.0481 9000  QWAVEdrv - ok
21:59:57.0497 9000  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:59:57.0590 9000  RasAcd - ok
21:59:57.0637 9000  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:57.0731 9000  RasAgileVpn - ok
21:59:57.0824 9000  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:59:57.0949 9000  RasAuto - ok
21:59:57.0996 9000  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:58.0090 9000  Rasl2tp - ok
21:59:58.0121 9000  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:59:58.0214 9000  RasMan - ok
21:59:58.0230 9000  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:58.0339 9000  RasPppoe - ok
21:59:58.0355 9000  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:59:58.0464 9000  RasSstp - ok
21:59:58.0480 9000  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:59:58.0589 9000  rdbss - ok
21:59:58.0604 9000  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:59:58.0651 9000  rdpbus - ok
21:59:58.0682 9000  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:58.0760 9000  RDPCDD - ok
21:59:58.0807 9000  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:59:58.0885 9000  RDPDR - ok
21:59:58.0916 9000  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:59:59.0026 9000  RDPENCDD - ok
21:59:59.0104 9000  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:59:59.0182 9000  RDPREFMP - ok
21:59:59.0213 9000  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:59:59.0291 9000  RDPWD - ok
21:59:59.0322 9000  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:59:59.0353 9000  rdyboost - ok
21:59:59.0384 9000  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:59:59.0478 9000  RemoteAccess - ok
21:59:59.0509 9000  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:59:59.0618 9000  RemoteRegistry - ok
21:59:59.0650 9000  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:59:59.0696 9000  RFCOMM - ok
21:59:59.0712 9000  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:59:59.0821 9000  RpcEptMapper - ok
21:59:59.0852 9000  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:59:59.0884 9000  RpcLocator - ok
21:59:59.0930 9000  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:00:00.0040 9000  RpcSs - ok
22:00:00.0102 9000  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:00:00.0180 9000  rspndr - ok
22:00:00.0227 9000  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
22:00:00.0274 9000  RSUSBSTOR - ok
22:00:00.0320 9000  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:00:00.0352 9000  RTL8167 - ok
22:00:00.0367 9000  RtsUIR - ok
22:00:00.0398 9000  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:00:00.0430 9000  s3cap - ok
22:00:00.0445 9000  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:00:00.0461 9000  SamSs - ok
22:00:00.0492 9000  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:00:00.0523 9000  sbp2port - ok
22:00:00.0554 9000  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:00:00.0648 9000  SCardSvr - ok
22:00:00.0679 9000  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:00:00.0773 9000  scfilter - ok
22:00:00.0820 9000  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:00:00.0960 9000  Schedule - ok
22:00:00.0991 9000  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:00:01.0069 9000  SCPolicySvc - ok
22:00:01.0100 9000  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:00:01.0178 9000  SDRSVC - ok
22:00:01.0225 9000  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:00:01.0319 9000  secdrv - ok
22:00:01.0334 9000  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:00:01.0428 9000  seclogon - ok
22:00:01.0444 9000  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:00:01.0537 9000  SENS - ok
22:00:01.0553 9000  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:00:01.0615 9000  SensrSvc - ok
22:00:01.0631 9000  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:00:01.0678 9000  Serenum - ok
22:00:01.0709 9000  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:00:01.0756 9000  Serial - ok
22:00:01.0771 9000  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:00:01.0802 9000  sermouse - ok
22:00:01.0849 9000  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:00:01.0958 9000  SessionEnv - ok
22:00:01.0990 9000  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:00:02.0021 9000  sffdisk - ok
22:00:02.0036 9000  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:00:02.0083 9000  sffp_mmc - ok
22:00:02.0083 9000  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:00:02.0130 9000  sffp_sd - ok
22:00:02.0161 9000  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:00:02.0208 9000  sfloppy - ok
22:00:02.0239 9000  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:00:02.0348 9000  SharedAccess - ok
22:00:02.0380 9000  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:02.0489 9000  ShellHWDetection - ok
22:00:02.0520 9000  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:00:02.0551 9000  SiSRaid2 - ok
22:00:02.0567 9000  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:00:02.0598 9000  SiSRaid4 - ok
22:00:02.0629 9000  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:00:02.0723 9000  Smb - ok
22:00:02.0770 9000  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:00:02.0801 9000  SNMPTRAP - ok
22:00:02.0832 9000  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:00:02.0848 9000  spldr - ok
22:00:02.0910 9000  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:00:03.0004 9000  Spooler - ok
22:00:03.0160 9000  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:00:03.0378 9000  sppsvc - ok
22:00:03.0394 9000  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:00:03.0503 9000  sppuinotify - ok
22:00:03.0550 9000  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:00:03.0612 9000  srv - ok
22:00:03.0643 9000  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:00:03.0674 9000  srv2 - ok
22:00:03.0706 9000  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:00:03.0737 9000  srvnet - ok
22:00:03.0784 9000  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:00:03.0877 9000  SSDPSRV - ok
22:00:03.0893 9000  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:00:03.0986 9000  SstpSvc - ok
22:00:04.0033 9000  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:00:04.0049 9000  stexstor - ok
22:00:04.0096 9000  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:00:04.0174 9000  stisvc - ok
22:00:04.0205 9000  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:00:04.0220 9000  storflt - ok
22:00:04.0236 9000  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
22:00:04.0314 9000  StorSvc - ok
22:00:04.0345 9000  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:00:04.0361 9000  storvsc - ok
22:00:04.0392 9000  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:00:04.0423 9000  swenum - ok
22:00:04.0454 9000  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:00:04.0564 9000  swprv - ok
22:00:04.0610 9000  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:00:04.0642 9000  SynTP - ok
22:00:04.0688 9000  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:00:04.0798 9000  SysMain - ok
22:00:04.0829 9000  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:04.0891 9000  TabletInputService - ok
22:00:04.0922 9000  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:00:05.0032 9000  TapiSrv - ok
22:00:05.0047 9000  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:00:05.0141 9000  TBS - ok
22:00:05.0234 9000  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:00:05.0344 9000  Tcpip - ok
22:00:05.0390 9000  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:00:05.0484 9000  TCPIP6 - ok
22:00:05.0515 9000  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:00:05.0609 9000  tcpipreg - ok
22:00:05.0624 9000  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:00:05.0687 9000  TDPIPE - ok
22:00:05.0702 9000  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:00:05.0734 9000  TDTCP - ok
22:00:05.0780 9000  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:00:05.0874 9000  tdx - ok
22:00:05.0890 9000  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:00:05.0921 9000  TermDD - ok
22:00:05.0968 9000  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:00:06.0077 9000  TermService - ok
22:00:06.0108 9000  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:00:06.0139 9000  Themes - ok
22:00:06.0155 9000  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:00:06.0248 9000  THREADORDER - ok
22:00:06.0280 9000  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:00:06.0373 9000  TrkWks - ok
22:00:06.0436 9000  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:06.0529 9000  TrustedInstaller - ok
22:00:06.0560 9000  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:06.0654 9000  tssecsrv - ok
22:00:06.0701 9000  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:00:06.0779 9000  TsUsbFlt - ok
22:00:06.0794 9000  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:00:06.0826 9000  TsUsbGD - ok
22:00:06.0872 9000  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:00:06.0982 9000  tunnel - ok
22:00:06.0997 9000  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:00:07.0028 9000  uagp35 - ok
22:00:07.0044 9000  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:00:07.0153 9000  udfs - ok
22:00:07.0184 9000  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:00:07.0231 9000  UI0Detect - ok
22:00:07.0262 9000  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:00:07.0294 9000  uliagpkx - ok
22:00:07.0325 9000  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:00:07.0356 9000  umbus - ok
22:00:07.0372 9000  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:00:07.0418 9000  UmPass - ok
22:00:07.0450 9000  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
22:00:07.0496 9000  UmRdpService - ok
22:00:07.0559 9000  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
22:00:07.0559 9000  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
22:00:07.0559 9000  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
22:00:07.0637 9000  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:00:07.0730 9000  UNS ( UnsignedFile.Multi.Generic ) - warning
22:00:07.0730 9000  UNS - detected UnsignedFile.Multi.Generic (1)
22:00:07.0777 9000  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:00:07.0886 9000  upnphost - ok
22:00:07.0918 9000  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:07.0949 9000  usbccgp - ok
22:00:07.0964 9000  USBCCID - ok
22:00:08.0011 9000  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:00:08.0042 9000  usbcir - ok
22:00:08.0058 9000  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:00:08.0089 9000  usbehci - ok
22:00:08.0152 9000  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:00:08.0183 9000  usbhub - ok
22:00:08.0214 9000  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:00:08.0245 9000  usbohci - ok
22:00:08.0292 9000  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:00:08.0339 9000  usbprint - ok
22:00:08.0354 9000  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:08.0401 9000  USBSTOR - ok
22:00:08.0432 9000  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:00:08.0479 9000  usbuhci - ok
22:00:08.0510 9000  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:00:08.0573 9000  usbvideo - ok
22:00:08.0620 9000  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
22:00:08.0682 9000  usb_rndisx - ok
22:00:08.0713 9000  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:00:08.0807 9000  UxSms - ok
22:00:08.0838 9000  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:00:08.0854 9000  VaultSvc - ok
22:00:08.0900 9000  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
22:00:08.0932 9000  VClone - ok
22:00:08.0978 9000  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:00:09.0010 9000  vdrvroot - ok
22:00:09.0041 9000  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:00:09.0166 9000  vds - ok
22:00:09.0197 9000  [ D9656445499625B0ED88C0B203F3C16F ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
22:00:09.0228 9000  VFPRadioSupportService - ok
22:00:09.0275 9000  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:09.0306 9000  vga - ok
22:00:09.0322 9000  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:00:09.0431 9000  VgaSave - ok
22:00:09.0446 9000  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:00:09.0478 9000  vhdmp - ok
22:00:09.0493 9000  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:00:09.0524 9000  viaide - ok
22:00:09.0556 9000  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:00:09.0587 9000  vmbus - ok
22:00:09.0602 9000  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:00:09.0634 9000  VMBusHID - ok
22:00:09.0649 9000  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:00:09.0680 9000  volmgr - ok
22:00:09.0696 9000  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:00:09.0743 9000  volmgrx - ok
22:00:09.0774 9000  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:00:09.0805 9000  volsnap - ok
22:00:09.0836 9000  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:00:09.0868 9000  vsmraid - ok
22:00:09.0914 9000  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:00:10.0055 9000  VSS - ok
22:00:10.0086 9000  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:10.0133 9000  vwifibus - ok
22:00:10.0148 9000  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:10.0195 9000  vwififlt - ok
22:00:10.0211 9000  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:00:10.0273 9000  vwifimp - ok
22:00:10.0320 9000  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:00:10.0414 9000  W32Time - ok
22:00:10.0445 9000  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:00:10.0492 9000  WacomPen - ok
22:00:10.0523 9000  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:00:10.0632 9000  WANARP - ok
22:00:10.0632 9000  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:00:10.0726 9000  Wanarpv6 - ok
22:00:10.0788 9000  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:00:10.0897 9000  wbengine - ok
22:00:10.0913 9000  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:00:10.0960 9000  WbioSrvc - ok
22:00:10.0991 9000  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:00:11.0038 9000  wcncsvc - ok
22:00:11.0069 9000  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:11.0147 9000  WcsPlugInService - ok
22:00:11.0162 9000  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:00:11.0178 9000  Wd - ok
22:00:11.0240 9000  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:00:11.0303 9000  Wdf01000 - ok
22:00:11.0334 9000  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:00:11.0428 9000  WdiServiceHost - ok
22:00:11.0443 9000  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:00:11.0490 9000  WdiSystemHost - ok
22:00:11.0506 9000  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:00:11.0584 9000  WebClient - ok
22:00:11.0599 9000  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:00:11.0708 9000  Wecsvc - ok
22:00:11.0724 9000  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:00:11.0833 9000  wercplsupport - ok
22:00:11.0864 9000  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:00:11.0958 9000  WerSvc - ok
22:00:12.0005 9000  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:12.0083 9000  WfpLwf - ok
22:00:12.0114 9000  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:00:12.0130 9000  WIMMount - ok
22:00:12.0145 9000  WinDefend - ok
22:00:12.0161 9000  WinHttpAutoProxySvc - ok
22:00:12.0223 9000  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:00:12.0317 9000  Winmgmt - ok
22:00:12.0395 9000  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:00:12.0535 9000  WinRM - ok
22:00:12.0598 9000  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:00:12.0676 9000  Wlansvc - ok
22:00:12.0707 9000  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:00:12.0738 9000  WmiAcpi - ok
22:00:12.0769 9000  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:00:12.0816 9000  wmiApSrv - ok
22:00:12.0847 9000  WMPNetworkSvc - ok
22:00:12.0879 9000  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:00:12.0941 9000  WPCSvc - ok
22:00:12.0941 9000  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:00:12.0988 9000  WPDBusEnum - ok
22:00:13.0019 9000  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:00:13.0097 9000  ws2ifsl - ok
22:00:13.0128 9000  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:00:13.0191 9000  wscsvc - ok
22:00:13.0191 9000  WSearch - ok
22:00:13.0284 9000  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:00:13.0425 9000  wuauserv - ok
22:00:13.0440 9000  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:00:13.0549 9000  WudfPf - ok
22:00:13.0596 9000  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:13.0690 9000  WUDFRd - ok
22:00:13.0721 9000  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:00:13.0815 9000  wudfsvc - ok
22:00:13.0846 9000  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:00:13.0908 9000  WwanSvc - ok
22:00:13.0924 9000  ================ Scan global ===============================
22:00:13.0955 9000  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:13.0986 9000  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:00:14.0002 9000  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:00:14.0033 9000  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:14.0064 9000  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:14.0064 9000  [Global] - ok
22:00:14.0064 9000  ================ Scan MBR ==================================
22:00:14.0080 9000  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:15.0219 9000  \Device\Harddisk0\DR0 - ok
22:00:15.0219 9000  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR9
22:00:15.0733 9000  \Device\Harddisk1\DR9 - ok
22:00:15.0765 9000  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR8
22:00:16.0233 9000  \Device\Harddisk2\DR8 - ok
22:00:20.0569 9000  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
22:00:20.0757 9000  \Device\Harddisk3\DR3 - ok
22:00:20.0757 9000  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
22:00:21.0006 9000  \Device\Harddisk4\DR4 - ok
22:00:21.0006 9000  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
22:00:21.0162 9000  \Device\Harddisk5\DR5 - ok
22:00:21.0162 9000  ================ Scan VBR ==================================
22:00:21.0240 9000  [ 185B025061A16D6DE0A44981E7D6CB58 ] \Device\Harddisk0\DR0\Partition1
22:00:21.0240 9000  \Device\Harddisk0\DR0\Partition1 - ok
22:00:21.0256 9000  [ 757FA0FAE3CBBB78B4C86600FFC8D4A6 ] \Device\Harddisk0\DR0\Partition2
22:00:21.0256 9000  \Device\Harddisk0\DR0\Partition2 - ok
22:00:21.0271 9000  [ D13A14F1B89C0C9D36E3C5A3ADD0A39F ] \Device\Harddisk0\DR0\Partition3
22:00:21.0287 9000  \Device\Harddisk0\DR0\Partition3 - ok
22:00:21.0287 9000  [ F884B36201CA1E5E4761A114E33DDE4A ] \Device\Harddisk1\DR9\Partition1
22:00:21.0287 9000  \Device\Harddisk1\DR9\Partition1 - ok
22:00:21.0334 9000  [ 4204DDEAAAFFBC5ACEB33492F340D198 ] \Device\Harddisk2\DR8\Partition1
22:00:21.0334 9000  \Device\Harddisk2\DR8\Partition1 - ok
22:00:21.0334 9000  [ C84B11C31C8979BA7875D69E337D1907 ] \Device\Harddisk3\DR3\Partition1
22:00:21.0334 9000  \Device\Harddisk3\DR3\Partition1 - ok
22:00:21.0349 9000  [ 7EFE1A85F3039E3919565DEEA0FBCE57 ] \Device\Harddisk4\DR4\Partition1
22:00:21.0349 9000  \Device\Harddisk4\DR4\Partition1 - ok
22:00:21.0349 9000  [ 608A00E3DAEFB11B7B74FA345246E2BA ] \Device\Harddisk5\DR5\Partition1
22:00:21.0365 9000  \Device\Harddisk5\DR5\Partition1 - ok
22:00:21.0365 9000  ============================================================
22:00:21.0365 9000  Scan finished
22:00:21.0365 9000  ============================================================
22:00:21.0381 7444  Detected object count: 6
22:00:21.0381 7444  Actual detected object count: 6
22:02:00.0050 7444  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0050 7444  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:00.0050 7444  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0050 7444  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:00.0060 7444  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0060 7444  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:00.0060 7444  PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0060 7444  PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:00.0060 7444  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0060 7444  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:00.0070 7444  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0070 7444  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 14.11.2012, 22:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Verschlüsselungstrojaner e621ca05

Alt 14.11.2012, 23:06   #7
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.11.2012 22:49:40 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johanna\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 60,83% Memory free
7,60 Gb Paging File | 5,68 Gb Available in Paging File | 74,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 1,84 Gb Free Space | 3,77% Space Free | Partition Type: NTFS
Drive D: | 6,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 416,93 Gb Total Space | 322,67 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 228,01 Gb Free Space | 48,97% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 448,98 Gb Free Space | 96,40% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 48,77 Gb Free Space | 5,24% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 400,29 Gb Free Space | 42,97% Space Free | Partition Type: NTFS
 
Computer Name: EMIL | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 18:32:55 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
PRC - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.22 08:39:20 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.21 18:55:04 | 010,855,544 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.09.05 18:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.03.15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.09 21:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.10.08 20:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.13 17:16:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.13 17:15:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 17:15:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 17:15:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 17:15:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.05 18:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.05.12 13:06:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.05.12 13:06:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.05.12 13:06:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.05.12 13:06:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.05.12 13:06:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.29 17:34:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 20:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.01.16 09:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.06.23 17:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 18:34:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.13 18:34:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.09 19:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.19 12:02:05 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.04.22 13:12:38 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.11.01 17:04:44 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.09 19:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006.11.01 19:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006.11.01 19:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.01.18 23:16:38 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0F67909D-4634-4BFB-A465-9CA9BEE6B796}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2
FF - prefs.js..extensions.enabledAddons: next@scribefire.com:4.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {F807FACD-E46A-4793-B345-D58CB177673C}:4.0.0.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.12.24 09:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.22 08:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.12 00:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions
[2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.11.12 21:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions
[2012.10.05 13:17:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.10.19 13:38:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.07 16:37:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.05 13:17:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\de_DE@dicts.j3e.de
[2012.10.05 13:17:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.10.14 23:01:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung
[2012.10.05 13:17:06 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\amznUWL2@amazon.com.xpi
[2012.10.03 15:20:56 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\extension@ciuvo.com.xpi
[2012.10.18 11:02:41 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\fbdislike@doweb.fr.xpi
[2012.10.05 13:17:29 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\next@scribefire.com.xpi
[2011.11.10 14:52:57 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\personas@christopher.beard.xpi
[2012.10.25 21:44:20 | 000,431,213 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\shoppingassist@ookong.com.xpi
[2012.10.17 11:02:40 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\SkipScreen@SkipScreen.xpi
[2012.03.16 19:03:45 | 000,023,334 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\trustmyweb.addons.firefox@hotmail.com.xpi
[2011.12.07 16:32:53 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.03.16 18:58:25 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
[2011.11.10 14:50:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2011.11.12 12:14:35 | 000,162,610 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}.xpi
[2012.10.30 23:37:05 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2012.10.03 15:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.05 13:17:34 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.19 13:38:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.05 13:17:41 | 000,529,750 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi
[2012.11.12 21:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 17:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.03 10:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.22 08:39:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.29 17:34:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.18 09:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.09 18:01:50 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
[2012.10.18 09:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.18 09:05:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.18 09:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.18 09:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.18 09:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRBIP] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diplomarbeit - Verknüpfung.lnk =  File not found
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.14 21:59:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe
[2012.11.14 21:50:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe
[2012.11.14 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\logs
[2012.11.12 22:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.11.09 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Kontoauszüge
[2012.11.08 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dvdcss
[2012.11.08 13:37:44 | 000,000,000 | R--D | C] -- L:\System wiederherstellung JOhanna\Dokumente\Scanned Documents
[2012.11.08 13:37:41 | 000,000,000 | ---D | C] -- L:\System wiederherstellung JOhanna\Dokumente\Fax
[2012.11.06 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.11.06 21:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.11.06 13:08:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.06 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.11.06 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012.11.06 12:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.06 11:11:47 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes
[2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 11:11:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.06 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.06 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012.11.03 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.01 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer
[2012.10.30 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Job hunt
[2012.10.29 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\GHISLER
[2012.10.26 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namexif
[2012.10.25 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\PhotoScape
[2012.10.25 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.10.25 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2012.10.25 22:40:38 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe
[2012.10.25 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\rtw präsi
[2012.10.22 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.10.22 08:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.10.22 08:39:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.22 08:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.10.22 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Real
[2012.10.22 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.10.19 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Avira
[2012.10.19 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.19 13:42:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.19 13:42:44 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.19 13:42:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.17 18:27:29 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.10.17 13:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.10.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 22:41:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.11.14 22:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.14 21:56:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe
[2012.11.14 21:56:00 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.14 21:56:00 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.14 21:56:00 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.14 21:55:59 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.14 21:55:59 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.14 21:50:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe
[2012.11.14 21:40:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.11.14 19:41:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.11.14 18:40:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.11.14 18:15:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 10:14:11 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 10:14:11 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 10:07:06 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.14 10:06:23 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.13 18:34:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 18:34:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.11.12 22:32:49 | 000,000,168 | ---- | M] () -- C:\Users\Johanna\defogger_reenable
[2012.11.12 22:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Johanna\Desktop\Defogger.exe
[2012.11.06 21:41:53 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.11.06 21:40:42 | 010,797,876 | ---- | M] () -- C:\Users\Johanna\Desktop\m,..drd
[2012.11.06 11:13:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 09:29:10 | 000,000,995 | ---- | M] () -- C:\Users\Johanna\Desktop\Namexif.lnk
[2012.10.25 22:42:05 | 000,001,035 | ---- | M] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk
[2012.10.25 22:41:29 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe
[2012.10.22 08:40:15 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.22 08:39:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.19 15:01:37 | 000,000,162 | -H-- | M] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt
[2012.10.19 14:53:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.10.19 13:42:50 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.19 13:39:43 | 005,193,498 | -H-- | M] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat
[2012.10.17 13:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.17 13:06:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.10.17 13:06:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.11.12 22:34:20 | 000,050,477 | ---- | C] () -- C:\Users\Johanna\Desktop\Defogger.exe
[2012.11.12 22:32:49 | 000,000,168 | ---- | C] () -- C:\Users\Johanna\defogger_reenable
[2012.11.06 21:41:53 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.11.06 21:40:39 | 010,797,876 | ---- | C] () -- C:\Users\Johanna\Desktop\m,..drd
[2012.11.06 11:11:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 09:29:10 | 000,000,995 | ---- | C] () -- C:\Users\Johanna\Desktop\Namexif.lnk
[2012.10.25 22:42:05 | 000,001,035 | ---- | C] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk
[2012.10.22 08:40:15 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.19 15:01:37 | 000,000,162 | -H-- | C] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt
[2012.10.19 15:01:34 | 000,014,122 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz.odt
[2012.10.19 15:01:34 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz2.odt
[2012.10.19 14:53:59 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2012.10.19 14:53:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.10.19 13:42:50 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.17 13:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.17 13:06:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.10.17 13:06:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012.10.17 13:05:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.03.27 16:38:39 | 000,870,683 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe
[2012.03.10 11:31:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.24 22:34:26 | 000,001,514 | ---- | C] () -- C:\Users\Johanna\.recently-used.xbel
[2012.01.18 15:33:29 | 000,011,442 | ---- | C] () -- C:\Users\Johanna\gsview64.ini
[2012.01.16 12:32:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.12.10 21:35:47 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.22 23:50:05 | 000,003,584 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 18:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\chrtmp
[2011.11.19 13:27:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.11.19 13:19:38 | 000,000,008 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\benibelawordCount.usage
[2011.06.24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011.06.24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2005.04.08 03:16:43 | 005,193,498 | -H-- | C] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.20 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\.purple
[2012.05.06 07:04:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\calibre
[2012.05.20 09:27:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Dropbox
[2012.05.05 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Fujitsu
[2012.04.03 02:15:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\HTC
[2012.05.06 07:42:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.05.06 07:08:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Philips-Songbird
[2012.05.06 07:10:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Rovio
[2012.11.14 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\.purple
[2012.03.09 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\adma
[2011.11.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\benibela
[2012.11.01 12:30:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer
[2012.01.16 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CAD-KAS
[2012.04.01 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\calibre
[2011.12.10 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.05 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DAEMON Tools Lite
[2012.01.16 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Downloaded Installations
[2012.11.14 10:08:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox
[2012.01.15 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoft
[2011.12.07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FileZilla
[2011.11.10 12:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Fujitsu
[2012.10.26 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GHISLER
[2012.01.24 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\gtk-2.0
[2011.11.24 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\HTC
[2012.11.06 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\install
[2012.01.02 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MAGIX
[2012.10.26 09:30:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\namexif
[2012.03.09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Nitro PDF
[2011.12.18 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDAppFlex
[2012.03.04 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDF Writer
[2012.01.24 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Philips-Songbird
[2012.10.25 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape
[2012.03.27 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PlagiarismFinder
[2012.03.16 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\QuickScan
[2012.01.06 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Rovio
[2011.11.27 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\SnapTeam
[2011.11.10 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird
[2012.01.17 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TrainIt
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.14 23:07:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.06 13:08:54 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.10 11:40:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.10 11:48:50 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.14 22:35:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.06 21:41:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.12 21:54:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.06 11:11:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.10 11:40:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.20 16:53:04 | 000,000,000 | ---D | M] -- C:\Python26
[2011.11.20 17:02:16 | 000,000,000 | ---D | M] -- C:\Python27
[2011.11.10 11:40:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.24 21:40:02 | 000,000,000 | ---D | M] -- C:\sdk
[2012.11.14 22:53:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.26 09:32:55 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.04.03 02:13:46 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.14 10:06:22 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.14 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\.purple
[2012.03.09 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\adma
[2011.12.18 11:56:32 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Adobe
[2012.10.19 13:55:19 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Avira
[2011.11.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\benibela
[2012.11.01 12:30:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer
[2012.01.16 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CAD-KAS
[2012.04.01 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\calibre
[2011.12.10 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.05 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DAEMON Tools Lite
[2012.01.16 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Downloaded Installations
[2012.11.14 10:08:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox
[2012.11.12 15:11:49 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\dvdcss
[2012.01.15 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoft
[2011.12.07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FileZilla
[2011.11.10 12:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Fujitsu
[2012.10.26 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GHISLER
[2012.01.24 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\gtk-2.0
[2011.11.24 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\HTC
[2011.11.10 11:40:55 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Identities
[2012.11.06 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\install
[2011.11.10 14:18:27 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Macromedia
[2012.01.02 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MAGIX
[2012.11.06 11:11:47 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes
[2011.04.12 08:54:56 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Media Center Programs
[2012.03.04 15:58:07 | 000,000,000 | --SD | M] -- C:\Users\Johanna\AppData\Roaming\Microsoft
[2012.11.01 10:42:02 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Mozilla
[2012.10.26 09:30:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\namexif
[2012.03.09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Nitro PDF
[2011.12.18 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDAppFlex
[2012.03.04 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDF Writer
[2012.01.24 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Philips-Songbird
[2012.10.25 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape
[2012.03.27 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PlagiarismFinder
[2012.03.16 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\QuickScan
[2012.10.22 08:43:09 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Real
[2012.01.06 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Rovio
[2011.11.27 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\SnapTeam
[2011.11.10 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird
[2012.01.17 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TrainIt
[2012.11.12 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\vlc
[2011.11.13 18:55:28 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.24 17:46:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Johanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.11.20 15:52:19 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Johanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.16 08:09:24 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.03.16 08:09:24 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.03.29 20:37:50 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.05 17:35:06 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.10.05 17:35:07 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job

< End of report >
         
--- --- ---

Alt 14.11.2012, 23:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Code:
ATTFilter
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129
         
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.11.2012, 23:42   #9
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Nein das ist mein privater Laptop.
Eine is von Zuhause, eins über Android und eins von ner Freundin

Geändert von TschaeiBie (15.11.2012 um 00:08 Uhr)

Alt 15.11.2012, 16:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Bitte mach ein Log mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.11.2012, 20:26   #11
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Hatte beim Ausführen des Programms das Problem das Avira trotz dem das es deaktiviert ist die Meldung "Echtzeit-Scanner: Registry blockiert, Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry blockiert." gebracht hat. Hab das dann ignoriert und alles in ruhe gelassen.
Hier der Log
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-15.01 - Johanna 15.11.2012  20:03:17.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3893.2739 [GMT 1:00]
ausgeführt von:: c:\users\Johanna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johanna\AppData\Roaming\Johannalog.dat
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-15 bis 2012-11-15  ))))))))))))))))))))))))))))))
.
.
2012-11-15 19:13 . 2012-11-15 19:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-15 19:13 . 2012-11-15 19:13	--------	d-----w-	c:\users\Anna\AppData\Local\temp
2012-11-14 22:36 . 2012-11-14 22:36	--------	d-----w-	c:\users\Johanna\AppData\Roaming\e-academy Inc
2012-11-14 22:36 . 2012-11-14 22:36	--------	d-----w-	c:\users\Johanna\AppData\Local\e-academy Inc
2012-11-08 17:05 . 2012-11-15 18:13	--------	d-----w-	c:\users\Johanna\AppData\Roaming\dvdcss
2012-11-06 20:41 . 2012-11-12 19:57	--------	d-----w-	c:\program files\Recuva
2012-11-06 11:14 . 2012-11-06 11:14	--------	d-----w-	c:\program files\OO Software
2012-11-06 11:13 . 2012-11-06 11:13	--------	d-----w-	c:\windows\Downloaded Installations
2012-11-06 10:11 . 2012-11-06 10:11	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Malwarebytes
2012-11-06 10:11 . 2012-11-06 10:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-06 10:11 . 2012-11-06 10:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-06 10:11 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-06 09:47 . 2012-11-06 09:47	--------	d-----w-	c:\programdata\Panda Security
2012-11-06 09:46 . 2012-11-06 09:48	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2012-11-03 09:34 . 2012-11-03 09:34	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-01 11:30 . 2012-11-01 11:30	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Bildverkleinerer
2012-10-26 08:32 . 2012-10-26 08:32	--------	d-----w-	C:\totalcmd
2012-10-26 08:32 . 2012-10-26 08:32	--------	d-----w-	c:\users\Johanna\AppData\Roaming\GHISLER
2012-10-26 08:29 . 2012-10-26 08:30	--------	d-----w-	c:\users\Johanna\AppData\Roaming\namexif
2012-10-26 08:29 . 2012-10-26 08:29	--------	d-----w-	c:\program files (x86)\Namexif
2012-10-25 22:01 . 2012-10-25 22:01	--------	d-----w-	c:\users\Johanna\AppData\Roaming\PhotoScape
2012-10-25 21:41 . 2012-10-25 21:42	--------	d-----w-	c:\program files (x86)\PhotoScape
2012-10-22 07:39 . 2012-10-22 07:39	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2012-10-22 07:39 . 2012-10-22 07:40	--------	d-----w-	c:\program files (x86)\Real
2012-10-19 14:12 . 2012-10-19 14:24	--------	d-----w-	c:\program files (x86)\Unlocker
2012-10-19 13:53 . 2002-02-18 16:40	6200	----a-w-	c:\windows\SysWow64\INT13EXT.VXD
2012-10-19 13:53 . 2012-10-19 13:53	--------	d-----w-	c:\program files (x86)\PC Inspector File Recovery
2012-10-19 13:52 . 2002-12-05 12:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-10-19 13:52 . 2002-12-05 12:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-10-19 13:52 . 2002-12-02 13:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-10-19 13:52 . 2002-12-02 11:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-10-19 13:52 . 2002-12-02 11:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-10-19 13:52 . 2012-10-19 13:52	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-10-19 13:52 . 2012-10-19 13:52	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-10-19 12:55 . 2012-10-19 12:55	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Avira
2012-10-19 12:42 . 2012-11-13 17:34	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-19 12:42 . 2012-11-13 17:34	98888	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-19 12:42 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-19 12:42 . 2012-10-19 12:42	--------	d-----w-	c:\programdata\Avira
2012-10-19 12:42 . 2012-10-19 12:42	--------	d-----w-	c:\program files (x86)\Avira
2012-10-17 23:25 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDFDFB0A-D44F-4A43-9DC6-840FA029ADF2}\mpengine.dll
2012-10-17 17:27 . 2012-10-17 17:30	--------	d-----w-	c:\windows\rescache
2012-10-17 12:12 . 2012-10-17 12:12	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2012-10-17 12:05 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-10-17 12:05 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-10-17 12:05 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-10-17 12:05 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 07:39 . 2010-10-25 14:13	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-10-22 07:39 . 2010-10-25 14:13	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-10-12 14:35 . 2012-10-12 14:35	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2012-10-12 14:35 . 2012-10-12 14:35	828872	----a-w-	c:\windows\system32\msvcr110.dll
2012-10-12 14:35 . 2012-10-12 14:35	661448	----a-w-	c:\windows\system32\msvcp110.dll
2012-10-12 14:35 . 2012-10-12 14:35	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2012-10-12 14:35 . 2012-10-12 14:35	50856	----a-w-	c:\windows\system32\drivers\point64.sys
2012-10-12 14:35 . 2012-10-12 14:35	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2012-10-12 14:35 . 2012-10-12 14:35	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2012-10-09 19:38 . 2012-03-29 19:37	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:38 . 2011-11-10 13:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 19:38 . 2012-10-09 19:38	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-09 18:31 . 2012-10-09 18:31	75928	----a-w-	c:\windows\system32\drivers\dc3d.sys
2012-10-09 18:31 . 2012-10-09 18:31	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2012-09-28 20:32 . 2012-09-28 20:32	2177688	----a-w-	c:\windows\system32\coin92.dll
2012-09-24 14:32 . 2012-10-12 13:17	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32 . 2011-11-10 14:10	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 18:21	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 18:21	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 18:22	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 18:21	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 18:21	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 18:21	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 18:22	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 18:22	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-10-03 20:42	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-10-03 20:42	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-10-03 20:43	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-10-03 20:43	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-10-03 20:43	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-10-03 20:43	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-10-03 20:43	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-10-03 20:43	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-10-03 20:43	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-10-03 20:43	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-10-03 20:43	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-10-03 20:43	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-10-03 20:43	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-10-03 20:43	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-10-03 20:43	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-10-03 20:43	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-10-03 20:43	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-10-03 20:43	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-10-03 20:43	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-10-03 20:43	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-10-03 20:43	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-10-03 20:43	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-10-03 15:17	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-10-03 15:18	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-10-03 15:17	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-10-03 15:17	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-10-03 15:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 18:22	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 18:22	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 18:22	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 18:22	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 18:22	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 18:22	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 18:22	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 18:22	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 18:22	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 18:22	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 18:22	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 18:22	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 18:22	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 18:22	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 18:22	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-09-21 10855544]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-03-09 5934712]
"Facebook Update"="c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-05 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-05-12 593920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-01-25 380416]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-13 384800]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-22 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Diplomarbeit - Verknüpfung.lnk - e:\dokumente\Diplomarbeit [N/A]
Dropbox.lnk - c:\users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files (x86)\Mozilla Firefox\firefox.exe [2012-10-29 917984]
Pidgin.lnk - c:\program files (x86)\Pidgin\pidgin.exe [2011-8-20 48618]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-19 279616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-30 84256]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-01-16 343032]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-23 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-10-09 75928]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:38]
.
2012-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
- c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-05 16:34]
.
2012-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
- c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-05 16:34]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
- c:\users\Johanna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 07:09]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
- c:\users\Johanna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-09-21 17:40	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-09-21 17:40	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-09-21 17:40	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-09-21 17:40	480888	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-23 6310912]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"CSRBIP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe" [2009-12-24 419752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-27 8312352]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.arccosine.com/search.php?q=
FF - prefs.js: network.proxy.ftp - proxy.fh-landshut.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.fh-landshut.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.fh-landshut.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.fh-landshut.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-05 14:17; en-GB@dictionaries.addons.mozilla.org; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-05 14:17; next@scribefire.com; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\next@scribefire.com.xpi
FF - ExtSQL: 2012-10-05 14:17; {F807FACD-E46A-4793-B345-D58CB177673C}; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi
FF - ExtSQL: 2012-10-06 04:24; foxyproxy@eric.h.jung; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2012-10-12 15:17; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 09:39; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-10-30 23:37; {76C80A11-FAD4-406c-8246-F5ED4F9367B5}; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
FF - ExtSQL: 2012-11-03 10:31; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-FoxTab PDF Converter - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.aac"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.cda"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.flac"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.m4a"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.mp3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.mp4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.ogg"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.wav"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.wma"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-15  20:20:47
ComboFix-quarantined-files.txt  2012-11-15 19:20
.
Vor Suchlauf: 2.520.444.928 Bytes frei
Nach Suchlauf: 2.829.471.744 Bytes frei
.
- - End Of File - - A4D13B88C730C9584A1E62D8B04FAA12
         
--- --- ---

Alt 15.11.2012, 22:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.11.2012, 12:21   #13
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 16/11/2012 um 12:20:12 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Johanna - EMIL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Johanna\Desktop\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8ck5kwpk.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [14357 octets] - [12/11/2012 21:53:35]
AdwCleaner[R2].txt - [957 octets] - [16/11/2012 12:20:12]
AdwCleaner[S1].txt - [14359 octets] - [12/11/2012 21:54:15]

########## EOF - C:\AdwCleaner[R2].txt - [1077 octets] ##########
         

Alt 16.11.2012, 14:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.11.2012, 15:54   #15
TschaeiBie
 
Verschlüsselungstrojaner e621ca05 - Standard

Verschlüsselungstrojaner e621ca05



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.11.2012 15:31:42 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johanna\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 22,44% Memory free
7,60 Gb Paging File | 3,21 Gb Available in Paging File | 42,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 2,75 Gb Free Space | 5,64% Space Free | Partition Type: NTFS
Drive E: | 416,93 Gb Total Space | 319,61 Gb Free Space | 76,66% Space Free | Partition Type: NTFS
Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 228,71 Gb Free Space | 49,12% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 448,98 Gb Free Space | 96,40% Space Free | Partition Type: NTFS
Drive K: | 14,83 Gb Total Space | 6,49 Gb Free Space | 43,78% Space Free | Partition Type: FAT32
Drive L: | 3,72 Gb Total Space | 2,49 Gb Free Space | 67,04% Space Free | Partition Type: FAT32
Drive M: | 931,51 Gb Total Space | 61,31 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 399,60 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
 
Computer Name: EMIL | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Johanna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Johanna\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Users\Johanna\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe (Kivuto Solutions Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
PRC - C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\Pidgin\libjabber.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Pidgin\liboscar.dll ()
MOD - C:\Program Files (x86)\Pidgin\libymsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\exchndl.dll ()
MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PFNService) -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VFPRadioSupportService) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0F67909D-4634-4BFB-A465-9CA9BEE6B796}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2
FF - prefs.js..extensions.enabledAddons: next@scribefire.com:4.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {F807FACD-E46A-4793-B345-D58CB177673C}:4.0.0.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.fh-landshut.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.12.24 09:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.22 08:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.12 00:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions
[2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.11.12 21:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions
[2012.10.05 13:17:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.10.19 13:38:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.07 16:37:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.05 13:17:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\de_DE@dicts.j3e.de
[2012.10.05 13:17:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.10.14 23:01:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung
[2012.10.05 13:17:06 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\amznUWL2@amazon.com.xpi
[2012.10.03 15:20:56 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\extension@ciuvo.com.xpi
[2012.10.18 11:02:41 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\fbdislike@doweb.fr.xpi
[2012.10.05 13:17:29 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\next@scribefire.com.xpi
[2011.11.10 14:52:57 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\personas@christopher.beard.xpi
[2012.10.25 21:44:20 | 000,431,213 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\shoppingassist@ookong.com.xpi
[2012.10.17 11:02:40 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\SkipScreen@SkipScreen.xpi
[2012.03.16 19:03:45 | 000,023,334 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\trustmyweb.addons.firefox@hotmail.com.xpi
[2011.12.07 16:32:53 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.03.16 18:58:25 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
[2011.11.10 14:50:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2011.11.12 12:14:35 | 000,162,610 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}.xpi
[2012.10.30 23:37:05 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2012.10.03 15:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.05 13:17:34 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.19 13:38:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.05 13:17:41 | 000,529,750 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi
[2012.11.12 21:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 17:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.03 10:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.22 08:39:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.29 17:34:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.18 09:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.09 18:01:50 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
[2012.10.18 09:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.18 09:05:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.18 09:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.18 09:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.18 09:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.15 20:15:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRBIP] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diplomarbeit - Verknüpfung.lnk =  File not found
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.16 11:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.15 20:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.15 20:00:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.15 20:00:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.15 20:00:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.15 20:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.15 19:59:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.15 19:58:45 | 005,001,745 | R--- | C] (Swearware) -- C:\Users\Johanna\Desktop\ComboFix.exe
[2012.11.14 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Downloads
[2012.11.14 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\e-academy Inc
[2012.11.14 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\e-academy Inc
[2012.11.14 21:59:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe
[2012.11.14 21:50:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe
[2012.11.14 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\logs
[2012.11.12 22:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.11.09 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Kontoauszüge
[2012.11.08 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dvdcss
[2012.11.06 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.11.06 21:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.11.06 13:08:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.06 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.11.06 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012.11.06 12:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.06 11:11:47 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes
[2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 11:11:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.06 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.06 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012.11.03 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.03 10:31:33 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.11.03 10:31:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.11.03 10:31:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.11.01 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer
[2012.10.30 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Job hunt
[2012.10.29 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\GHISLER
[2012.10.26 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif
[2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namexif
[2012.10.25 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\PhotoScape
[2012.10.25 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.10.25 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2012.10.25 22:40:38 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe
[2012.10.25 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\rtw präsi
[2012.10.22 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.10.22 08:39:38 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.10.22 08:39:26 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.10.22 08:39:26 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.10.22 08:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.10.22 08:39:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.22 08:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.10.22 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Real
[2012.10.22 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.10.19 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Avira
[2012.10.19 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.19 13:42:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.19 13:42:44 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.19 13:42:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.17 18:27:29 | 000,000,000 | ---D | C] -- C:\Windows\rescache
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.16 15:40:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.11.16 15:38:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.16 15:33:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.16 15:33:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.16 15:33:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.16 15:33:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.16 15:33:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.16 14:41:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
[2012.11.16 12:17:34 | 000,541,569 | ---- | M] () -- C:\Users\Johanna\Desktop\adwcleaner(1).exe
[2012.11.16 11:02:55 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.16 11:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.16 09:01:05 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.16 09:01:05 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.16 08:53:31 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 20:15:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.15 19:53:42 | 005,001,745 | R--- | M] (Swearware) -- C:\Users\Johanna\Desktop\ComboFix.exe
[2012.11.15 19:41:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.11.15 18:40:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
[2012.11.15 00:02:11 | 000,026,335 | ---- | M] () -- C:\Users\Johanna\Desktop\Unbenannt.PNG
[2012.11.14 23:36:31 | 000,003,153 | ---- | M] () -- C:\Users\Johanna\Desktop\Secure Download Manager.lnk
[2012.11.14 21:56:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe
[2012.11.14 21:50:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe
[2012.11.13 18:34:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 18:34:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.11.12 22:32:49 | 000,000,168 | ---- | M] () -- C:\Users\Johanna\defogger_reenable
[2012.11.12 22:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Johanna\Desktop\Defogger.exe
[2012.11.06 21:41:53 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.11.06 21:40:42 | 010,797,876 | ---- | M] () -- C:\Users\Johanna\Desktop\m,..drd
[2012.11.06 11:13:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 09:29:10 | 000,000,995 | ---- | M] () -- C:\Users\Johanna\Desktop\Namexif.lnk
[2012.10.25 22:42:05 | 000,001,035 | ---- | M] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk
[2012.10.25 22:41:29 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe
[2012.10.22 08:40:15 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.22 08:39:38 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.10.22 08:39:26 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.10.22 08:39:26 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.10.22 08:39:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.19 15:01:37 | 000,000,162 | -H-- | M] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt
[2012.10.19 14:53:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.10.19 13:42:50 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.16 12:17:59 | 000,541,569 | ---- | C] () -- C:\Users\Johanna\Desktop\adwcleaner(1).exe
[2012.11.15 20:00:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.15 20:00:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.15 20:00:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.15 20:00:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.15 20:00:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.15 00:01:18 | 000,026,335 | ---- | C] () -- C:\Users\Johanna\Desktop\Unbenannt.PNG
[2012.11.14 23:36:31 | 000,003,153 | ---- | C] () -- C:\Users\Johanna\Desktop\Secure Download Manager.lnk
[2012.11.12 22:34:20 | 000,050,477 | ---- | C] () -- C:\Users\Johanna\Desktop\Defogger.exe
[2012.11.12 22:32:49 | 000,000,168 | ---- | C] () -- C:\Users\Johanna\defogger_reenable
[2012.11.06 21:41:53 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.11.06 21:40:39 | 010,797,876 | ---- | C] () -- C:\Users\Johanna\Desktop\m,..drd
[2012.11.06 11:11:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.26 09:29:10 | 000,000,995 | ---- | C] () -- C:\Users\Johanna\Desktop\Namexif.lnk
[2012.10.25 22:42:05 | 000,001,035 | ---- | C] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk
[2012.10.22 08:40:15 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.19 15:01:37 | 000,000,162 | -H-- | C] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt
[2012.10.19 15:01:34 | 000,014,122 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz.odt
[2012.10.19 15:01:34 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz2.odt
[2012.10.19 14:53:59 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2012.10.19 14:53:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.10.19 13:42:50 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.27 16:38:39 | 000,870,683 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe
[2012.03.10 11:31:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.24 22:34:26 | 000,001,514 | ---- | C] () -- C:\Users\Johanna\.recently-used.xbel
[2012.01.18 15:33:29 | 000,011,442 | ---- | C] () -- C:\Users\Johanna\gsview64.ini
[2012.01.16 12:32:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.12.10 21:35:47 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.22 23:50:05 | 000,003,584 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 18:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\chrtmp
[2011.11.19 13:27:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.11.19 13:19:38 | 000,000,008 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\benibelawordCount.usage
[2011.06.24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011.06.24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---



extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.11.2012 15:31:43 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johanna\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 22,44% Memory free
7,60 Gb Paging File | 3,21 Gb Available in Paging File | 42,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 2,75 Gb Free Space | 5,64% Space Free | Partition Type: NTFS
Drive E: | 416,93 Gb Total Space | 319,61 Gb Free Space | 76,66% Space Free | Partition Type: NTFS
Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 228,71 Gb Free Space | 49,12% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 448,98 Gb Free Space | 96,40% Space Free | Partition Type: NTFS
Drive K: | 14,83 Gb Total Space | 6,49 Gb Free Space | 43,78% Space Free | Partition Type: FAT32
Drive L: | 3,72 Gb Total Space | 2,49 Gb Free Space | 67,04% Space Free | Partition Type: FAT32
Drive M: | 931,51 Gb Total Space | 61,31 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 399,60 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
 
Computer Name: EMIL | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09548B5D-2BF3-40A4-ADEE-A2BD9E68E532}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{31FEF6BC-B65F-45EA-9A1F-D25AE073A270}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3BC16D89-E76F-4B23-9919-5F33E016FEFC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{42961938-16C3-4A2B-9DCB-BAE4F0C42FFC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4343256B-3FB4-462F-81E1-11F365B1101E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4B55CCD7-E8FB-47DA-AF91-2DDAE267DA92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4CADDE23-7A26-4261-AA2B-D531A3406555}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4F3A4DC4-5446-4C1A-9146-F0DD21BC3526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52F33100-40B8-445C-9A45-F3EFBD47F36D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58D99A46-8D80-4F64-BF50-50BD7A5C00DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62C3FB3F-B337-49BB-8DC6-0F8DC014DAD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{64888FE0-AB3D-42D8-A91E-8309BE01BDC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6AEF10E0-9053-40E6-8588-62BD59F6C392}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E1D9754-C575-4330-959A-F2AA7FF44874}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F9B2AEB-ACE6-4267-950B-A57A16808B4C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81E2D665-2B99-4BC3-84FE-0B17FC74D435}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85671521-7786-40EA-833C-7D90EB0A2000}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D4D00D0-B2CE-4001-B12F-2BB605F88BFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E08C784-D382-4620-9521-331B0BA44E94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{92099217-A451-4C16-9FCB-5EB7B737FD32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A3F8B2C9-DF9C-4153-AD85-81E2EF5AAD32}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A4C4B925-C7F2-4781-9007-269711F56783}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A4F30C21-7B57-42B3-821D-66119D30CFCA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A5187E1E-4DAE-4E50-AF1F-194227DD9300}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AFA7C6D3-6DE2-4EDD-AC7B-96C059874956}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B1C7A11F-6BD8-4F84-AC30-C3E8122CD889}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BC0C3649-EFF9-4D32-A54A-3355262F97F3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C49CDD86-C6D7-4272-A648-967D1C059084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1E14867-AB59-44BE-ACA9-7170645B9FFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCBD6D70-3D52-4CC6-969A-1C0F6EA128C7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E17611D4-2AFF-429A-9E8E-CB426A752906}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D8D8D-11C1-44A2-A5CB-D7B7FB363C4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{09A1F54F-35DA-46C4-913B-0D8BD63DDFEB}" = protocol=17 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{169110C2-D944-47FD-AFD8-536C4D289FDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1AE3A9B9-C835-405A-A758-8EBC05384E59}" = protocol=6 | dir=out | app=system | 
"{1C447D06-FA38-400E-9BAC-18BB2C7B7692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22A9C294-E5ED-483A-8F1B-E97E0430BCF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{281D8AB3-00E9-454A-9413-8D5F38D182D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3B29DFA8-D460-49DA-9FF3-4E5F23D5ACBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A66869B-AEF4-4CA0-963D-AF633FAC4A01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{534D89DC-669B-4039-B022-3951F14FEBC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{54D69F8E-DF2E-4A86-B3E2-03E0E21E2EA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{72909D1E-7187-4CCC-94B2-94D15BB7D8B4}" = protocol=6 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7BCA72CF-DD25-45D2-A300-257F5741A173}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{839BD70B-E8A9-4F30-8FD4-4C0666A13E04}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{904FAFFC-C7AD-48C7-9266-E5FD45CE8F2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A115562A-1E53-4C6D-AA04-504D5A25534F}" = protocol=6 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A580D5AC-734E-450D-91D2-2B4D64E698E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{ABED54FF-EBDD-4159-8A5C-EF6BA1AE17E2}" = dir=in | app=c:\users\johanna\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{AC4B04D3-7D79-4BA6-9CFE-71498AF0A84F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD9007C0-F123-40C3-826A-8DDDA7F5B336}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AEF174DB-3A85-4BE8-9072-FF78976F2572}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF004807-07A2-4D07-B2A6-D6322A7811BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D802C877-5E2D-4FC7-92BE-35BA8AA8C1EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E177F216-58C1-4AF9-9BCB-F3415DA17B97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F022E531-A159-4867-AC07-00C18CDC68D7}" = protocol=17 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F0FDB36A-BD47-4367-9D7E-1D3CD35A4899}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FFE1E75B-9E1D-4F4E-AD25-38A5B719B02D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{595C33F5-6CFF-4E9A-9580-8CCD56034A6E}C:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5DA6AC45-F5D3-4BF4-9D94-9AB4C4F15A27}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{6410F2D9-7E6C-4410-89A1-06A5A7A1B9BF}C:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8423E0F6-2C7E-45B1-9E22-66490534F988}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{CE6EF444-6CA7-44E2-889B-E09342089D33}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{F8B1F721-D59C-4C34-A2CB-103837629201}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{1CB02451-E280-4600-A95C-FFA1812C3279}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2F6FF1D3-E533-4357-B700-CF45A5FF7ED5}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{80D6E467-3579-4748-A417-127A987FD8C3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{96C70F17-234F-4117-9C4B-481CD6717B4A}C:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C33622A3-E920-4A3E-BBE1-CD1F782E9F6F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{D7259864-4F67-4A1D-9C26-01AA71D27264}C:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18E12084-AD08-4E7E-9C01-165CE2C8121B}" = Nitro PDF Reader 2
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{663A0073-D1FD-42B8-899F-AA5FA8359704}" = O&O DiskRecovery
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{169917C4-4A77-45F4-B20E-860703FD5E6F}" = pdfforge Toolbar v6.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.8
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}" = Angry Birds
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{43ED5430-0652-4216-8B5D-4F82E3AB416F}" = calibre
"{469D0E8F-2B20-47FD-8FB3-8769F348A67F}" = mufin player 2.5
"{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}" = ActiveState ActivePython 2.7.2.5 (32-bit)
"{4982D16F-7D12-4038-B38D-662623AC3C83}" = HTC Sync
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F365D768-9054-46D3-9AC4-56C163008DFD}" = StudyProf Lernkartei 3.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"Catan" = Catan
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"MAGIX_MSI_mufin_player_2_5" = mufin player 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"PDF Editor 3" = PDF Editor 3
"Philips Songbird" = Philips Songbird
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PlagiarismFinder 2.0" = PlagiarismFinder 2.0
"RealPlayer 15.0" = RealPlayer
"Snap" = Snap (remove only)
"SugarSync" = SugarSync Manager
"TeXstudio_is1" = TeXstudio 2.2
"TrainIt 2.x" = TrainIt 2.x
"Unlocker" = Unlocker 1.9.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"pycrypto-py2.6" = Python 2.6 pycrypto-2.0.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2012 16:58:09 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.11.2012 07:28:55 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.11.2012 09:45:26 | Computer Name = Emil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.11.2012 05:08:19 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 08:08:06 | Computer Name = Emil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.11.2012 14:56:09 | Computer Name = Emil | Source = Application Hang | ID = 1002
Description = Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f84    Startzeit: 
01cdc24784c8c0a9    Endzeit: 6    Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Berichts-ID:
 f019476c-2e8c-11e2-ad00-e0ca9458b830  
 
Error - 15.11.2012 04:38:45 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.11.2012 14:55:59 | Computer Name = Emil | Source = Application Hang | ID = 1002
Description = Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ff8    Startzeit: 
01cdc30c7f309904    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Berichts-ID:
 14eadfba-2f56-11e2-9fd4-e0ca9458b830  
 
Error - 16.11.2012 03:55:25 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.11.2012 06:22:47 | Computer Name = Emil | Source = Application Hang | ID = 1002
Description = Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12c0    Startzeit:
 01cdc3e196b70da1    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

Berichts-ID:
 8e274404-2fd7-11e2-a177-e0ca9458b830  
 
[ OSession Events ]
Error - 28.01.2012 09:42:11 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4389
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 25.02.2012 09:45:00 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4125
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 16.03.2012 06:22:10 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9848
 seconds with 2340 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2012 04:04:41 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 966
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2012 19:09:40 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54290
 seconds with 12780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.11.2012 05:57:19 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.11.2012 05:57:20 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.11.2012 06:22:00 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.11.2012 06:22:01 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.11.2012 06:22:01 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.11.2012 06:22:02 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.11.2012 04:58:26 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2012 04:58:27 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2012 04:58:27 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2012 08:13:48 | Computer Name = Emil | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---

[/code]

Antwort

Themen zu Verschlüsselungstrojaner e621ca05
alten, application/pdf:, externe, externen, festplatte, festplatten, gelöscht, gemeldet, gen, hallo zusammen, inspector, kurzem, limited.com/facebook, malwarebytes, nicht mehr, ordner, panda usb vaccine, platte, platten, plug-in, recuva, recycler, sichtbar, spector, tracker, trojaner, verknüpfungen, win32/dorkbot.d, zusammen, öffnen



Ähnliche Themen: Verschlüsselungstrojaner e621ca05


  1. recycler/e621ca05.exe auf Laptop/ externer Festplatte, SD-Karte
    Log-Analyse und Auswertung - 09.12.2013 (11)
  2. USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET
    Log-Analyse und Auswertung - 25.08.2013 (27)
  3. C:\windows\system32RECYCLER\e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (29)
  4. F:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 28.03.2013 (21)
  5. recycler/e621ca05.exe auf meiner SD-Karte
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (20)
  6. Trojaner e621ca05.exe auf externer Festplatte. Ist auch mein Rechner befallen?
    Log-Analyse und Auswertung - 21.11.2012 (10)
  7. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (63)
  8. "F:\RECYCLER\e621ca05.exe" kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (22)
  9. ,,Recycler/e621ca05.exe könnte nicht gefunden werden" auf externe Festplatte
    Alles rund um Windows - 19.10.2012 (1)
  10. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Alles rund um Windows - 15.10.2012 (2)
  11. Virus Befall: e621ca05
    Log-Analyse und Auswertung - 08.10.2012 (29)
  12. e621ca05- externe Festplatte nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  13. Ext. Fesplatte zeigt nur noch Verknüpfungen (e621ca05.exe)
    Log-Analyse und Auswertung - 12.09.2012 (3)
  14. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 21.08.2012 (23)
  15. recycler e621ca05.exe auf Externer Festplatte
    Log-Analyse und Auswertung - 21.05.2012 (11)
  16. recycler/e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  17. Fehler bei Speicherkarten durch G:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 31.03.2012 (29)

Zum Thema Verschlüsselungstrojaner e621ca05 - Hallo zusammen, ich habe auf allen meinen externen Festplatten nur noch Verknüpfungen zu den Ordnern. Malwarebytes hat mir einen Trojaner gemeldet den ich dann gelöscht habe. Fortan waren die Verknüpfungen - Verschlüsselungstrojaner e621ca05...
Archiv
Du betrachtest: Verschlüsselungstrojaner e621ca05 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.