Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Lufthansamail

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.12.2012, 21:54   #1
WeSch
 
Lufthansamail - Standard

Lufthansamail



Hallo,
ich habe gestern auch die Lufthansamail bekommen. Ich habe auf den Anhang geklickt und wurde gefragt, ob ich die Datei ausführen möchte. Ich habe dann den Vorgang abgebrochen und die mail gelöscht.
Betriebssytem Windows 7 64bit mit 2 usern
Betriebssytem Windows 8 mit Bootmanager auf derselben HD
Virenschutz: Bitdefender (kein Befund gemeldet)
Ich habe heute das System neu gebootet und festgestellt, dass der Taskmanager sich nicht mehr richtig starten läßt. Er startet und verabschiedet sich sofort wieder. Eine Systemwiederherstellung mit dem Datum 12.12. konnte nicht durchgeführt werden. Windows meldet, dass eine Datei dies verhindert. Ich habe gerade Windows 8 gestartet und überprüfe die Windows 7 Partition mit avast free. Bisher keine Meldung.

Frage: habe ich mir doch was gefangen und wie kann ich das kontrollieren?
Wie heisst dieses Verzeichnis ausgeschrieben:C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msisoyifx.exe ?

z.B. C:\users\name\appdata\local\Temp ?

Gruß
Werner

Hallo,
Malwarebytes hat folgendes gefunden und gelöscht (bzw. in quarantäne gestellt):
-wgsdgsdgdsgsd.exe (Trojan.FakeMS)
- ...startup\runctf.lnk (Trojan.Ransom.SUGen)
Der PC läuft wieder normal, d.h. der Taskmanager ist wieder da und der Internetexplorer lässt sich wieder normal starten.

Gruß
Werner

Hallo,
Malwarebytes hat 2 Trojaner gefunden und gelöscht bzw. in Quarantäne gestellt:
Trojan.FakeMS
Trojan.Ransom.SUGen
Der Taskmanager lässt sich wieder starten und der Internetexplorer auch wieder.
Gruss
Werner

Alt 19.12.2012, 02:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



Hallo und

Zitat:
Malwarebytes hat folgendes gefunden und gelöscht (bzw. in quarantäne gestellt):
-wgsdgsdgdsgsd.exe (Trojan.FakeMS)
Warum postest du nicht einfach die Logs anstatt einer eigenen unvollständigen Beschreibung, die uns nicht weiterhilft?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.12.2012, 09:45   #3
WeSch
 
Lufthansamail - Standard

Lufthansamail



Hallo Cosinus,
bitte entschuldige den "Panikeintrag". Ich bin hier neu und habe zu sehr auf den Bitdefender vertraut, der nichts gemeldet hatte. Hier nun die Logs:
1) von Malwarebytes gestern abend (Quickscan) - der PC hat sich nach dem kompletten Scan aufgehängt ohne log. Ich wiederhole das gerade und ergänze in 2 Stunden.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.10.9200.16438
Schüle :: I7 [Administrator]

Schutz: Aktiviert

18.12.2012 22:55:00
mbam-log-2012-12-18 (22-55-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240382
Laufzeit: 5 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Schüle\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt.
C:\Users\Schüle\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Löschen bei Neustart.
C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ADWCleaner R1
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 19/12/2012 um 08:41:49 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Schüle - I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Internet\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\SCHLE~1\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Schüle\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Schüle\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16438

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.8] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId=00e106b8000000000000060fb5237758",
Gefunden [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gefunden [l.47] : keyword = "babylon.com",
Gefunden [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758",
Gefunden [l.1403] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId=00e106b8000000000000060fb5237758",

*************************

AdwCleaner[R1].txt - [2534 octets] - [19/12/2012 08:41:49]

########## EOF - C:\AdwCleaner[R1].txt - [2594 octets] ##########
         
ADWCleaner S1
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 19/12/2012 um 08:44:20 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Schüle - I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Internet\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Schüle\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16438

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId[...]
Gelöscht [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gelöscht [l.47] : keyword = "babylon.com",
Gelöscht [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&b[...]
Gelöscht [l.1403] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId=00[...]

*************************

AdwCleaner[R1].txt - [2661 octets] - [19/12/2012 08:41:49]
AdwCleaner[S1].txt - [2491 octets] - [19/12/2012 08:44:20]

########## EOF - C:\AdwCleaner[S1].txt - [2551 octets] ##########
         
Und beim Neustart heute früh hat sich Bitdefender gemeldet:
Code:
ATTFilter
Bitdefender hat ein infiziertes Element erkannt in c:\users\name\appdata\locallow\sun\java\deployment\cache\6.0\30\1ede2ede-72ac81fe. Virus name:Gen:Variant.Kazy.128936. Dieses Element wurde zu Ihrem Schutz desinfiziert
         
Der vollständige scan wird nachher ergänzt.
Gruß
Werner

Hier das Ergebnis des vollständigen Scans. Bei den Funden tippe ich auf einen Fehlalarm. Das ist eine Schachengine, die ich und etliche andere gekauft haben. Bei Jotti gescannt war alles grün.
Gruß
Wermer
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.10.9200.16438
***** :: I7 [Administrator]

Schutz: Aktiviert

19.12.2012 09:02:30
mbam-log-2012-12-19 (11-27-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 731996
Laufzeit: 2 Stunde(n), 18 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\System Volume Information\SystemRestore\FRStaging\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.0-32bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.0-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.1-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.1a-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.1beta2-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-32bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

(Ende)
         
__________________

Alt 19.12.2012, 22:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2012, 09:33   #5
WeSch
 
Lufthansamail - Standard

Lufthansamail



Hallo Cosinus,
hier der Scan,
viele Grüße
Werner
Code:
ATTFilter
OTL logfile created on: 20.12.2012 09:08:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,35% Memory free
11,98 Gb Paging File | 10,02 Gb Available in Paging File | 83,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362,29 Gb Total Space | 260,00 Gb Free Space | 71,77% Space Free | Partition Type: NTFS
Drive D: | 449,12 Gb Total Space | 422,41 Gb Free Space | 94,05% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,45% Space Free | Partition Type: FAT32
Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
 
Computer Name: I7 | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Users\*****\Programme\vmware-authd.exe
PRC - [2012.10.25 23:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Users\*****\Programme\PDF24\pdf24.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 12:31:48 | 001,644,816 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012.12.19 12:31:44 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2009.11.25 04:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.19 12:31:54 | 000,068,440 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012.12.11 21:08:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Users\*****\Programme\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) [Auto | Running] -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe -- (SetClockService)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012.11.01 02:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.11.01 02:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.11.01 02:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.11.01 02:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.11.01 02:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.10.31 20:58:08 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012.10.31 20:58:01 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2012.10.31 20:57:27 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012.10.24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.10.24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.10.11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009.11.25 04:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.07.06 14:21:55 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 EA 53 30 4B 7F CA 01  [binary data]
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes,DefaultScope = {CB235525-13FB-4E1D-9B76-D2C5072DED04}
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{CB235525-13FB-4E1D-9B76-D2C5072DED04}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.10.23 18:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.10.23 18:31:15 | 000,000,000 | ---D | M]
 
[2012.12.10 23:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Users\*****\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562912A8-2BCE-4110-9163-09C0D5DD71F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1739EC1-A2A2-4BDB-9B03-8C4A792A4B85}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.20 09:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.12.18 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.18 22:53:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.18 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.10 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\VisualBeeExe
[2012.12.10 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.10 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2012.12.07 20:49:11 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012.12.06 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012.12.03 11:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shredder Classic 4 ct 2012
[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.11.29 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.11.29 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\*****\Hama
[2012.11.28 09:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.11.27 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Virtual Machines
[2012.11.27 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\VMware
[2012.11.27 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\VMware
[2012.11.27 14:13:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2012.11.27 14:13:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2012.11.27 14:13:22 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2012.11.27 14:13:18 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.11.27 14:13:18 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012.11.27 14:12:48 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.11.27 14:12:44 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.11.27 14:12:43 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.11.27 14:12:39 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.11.27 14:12:36 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.11.27 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.11.27 14:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.11.26 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.11.26 10:54:31 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2012.11.26 08:59:12 | 000,000,000 | RH-D | C] -- C:\ESD
[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2012.11.21 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Windows 8-Upgrade-Assistent-Dateien
[1 C:\Users\*****\Documents\*.tmp files -> C:\Users\*****\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 09:07:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 09:07:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.12.20 08:58:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 08:58:20 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 08:51:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 08:50:56 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000UA.job
[2012.12.19 18:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000Core.job
[2012.12.19 13:37:00 | 000,010,465 | ---- | M] () -- C:\Users\*****\Documents\1355915070_1_02.xml
[2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.12.19 08:41:21 | 000,547,175 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe
[2012.12.18 22:53:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.18 12:11:31 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.17 10:58:15 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2012.12.16 10:16:56 | 000,075,057 | ---- | M] () -- C:\Users\Public\Documents\computer.ssp
[2012.12.14 18:16:40 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.14 18:16:40 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.14 18:16:40 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.14 18:16:40 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.14 18:16:40 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.13 22:20:06 | 000,000,497 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012.12.13 17:18:55 | 000,002,482 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk
[2012.12.12 12:26:06 | 000,007,607 | ---- | M] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012.12.12 08:50:28 | 000,313,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.10 22:58:14 | 003,121,706 | ---- | M] () -- C:\Users\*****\Documents\0185 - Falco - Rock me Amadeus.mp3
[2012.12.09 10:13:29 | 000,139,149 | ---- | M] () -- C:\Users\*****\Documents\gow.jpg
[2012.12.07 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012.12.06 16:52:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.06 09:00:17 | 001,185,142 | ---- | M] () -- C:\Users\*****\Documents\Nokia_Lumia_820_UG_de.pdf
[2012.12.05 11:59:27 | 000,773,086 | ---- | M] () -- C:\Users\*****\Documents\Schule03.jpg
[2012.12.03 11:49:37 | 000,001,085 | ---- | M] () -- C:\Users\*****\Desktop\Shredder Classic 4 ct 2012.lnk
[2012.11.30 17:26:14 | 000,367,413 | ---- | M] () -- C:\Users\*****\Documents\Schule02.jpg
[2012.11.30 17:23:17 | 000,393,693 | ---- | M] () -- C:\Users\*****\Documents\Schule01.jpg
[2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.11.27 14:12:12 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 14:12:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.11.26 11:22:54 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.26 10:54:20 | 000,001,393 | ---- | M] () -- C:\Users\*****\Desktop\Windows installieren.lnk
[2012.11.25 17:57:01 | 000,000,178 | ---- | M] () -- C:\Users\*****\Desktop\Buy RAR Password Recovery Now!.url
[2012.11.21 16:38:27 | 000,024,478 | ---- | M] () -- C:\Users\*****\Documents\Windows 8-Upgrade-Assistent.html
[1 C:\Users\*****\Documents\*.tmp files -> C:\Users\*****\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.19 13:37:38 | 000,010,465 | ---- | C] () -- C:\Users\*****\Documents\1355915070_1_02.xml
[2012.12.19 08:41:19 | 000,547,175 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe
[2012.12.18 22:53:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.18 12:11:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.10 23:10:52 | 003,121,706 | ---- | C] () -- C:\Users\*****\Documents\0185 - Falco - Rock me Amadeus.mp3
[2012.12.07 20:51:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012.12.07 20:49:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.12.06 16:52:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.06 09:00:17 | 001,185,142 | ---- | C] () -- C:\Users\*****\Documents\Nokia_Lumia_820_UG_de.pdf
[2012.12.05 11:59:27 | 000,773,086 | ---- | C] () -- C:\Users\*****\Documents\Schule03.jpg
[2012.12.03 11:49:37 | 000,001,085 | ---- | C] () -- C:\Users\*****\Desktop\Shredder Classic 4 ct 2012.lnk
[2012.11.30 17:26:13 | 000,367,413 | ---- | C] () -- C:\Users\*****\Documents\Schule02.jpg
[2012.11.30 17:23:17 | 000,393,693 | ---- | C] () -- C:\Users\*****\Documents\Schule01.jpg
[2012.11.27 14:12:12 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 14:12:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.11.26 11:22:54 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.26 11:22:54 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.11.26 10:47:51 | 000,001,393 | ---- | C] () -- C:\Users\*****\Desktop\Windows installieren.lnk
[2012.11.25 17:57:01 | 000,000,178 | ---- | C] () -- C:\Users\*****\Desktop\Buy RAR Password Recovery Now!.url
[2012.11.21 16:38:26 | 000,024,478 | ---- | C] () -- C:\Users\*****\Documents\Windows 8-Upgrade-Assistent.html
[2012.10.23 18:32:34 | 000,372,193 | ---- | C] () -- C:\ProgramData\1351013324.bdinstall.bin
[2012.09.15 09:54:15 | 000,850,964 | ---- | C] () -- C:\ProgramData\1347698460.bdinstall.bin
[2011.12.07 11:49:51 | 000,619,208 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.11.13 11:55:37 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.09.08 23:00:41 | 000,000,030 | ---- | C] () -- C:\Windows\CHSSBASE.INI
[2011.09.08 22:53:42 | 000,007,676 | ---- | C] () -- C:\Windows\ENGINEEXT.INI
[2009.12.21 11:45:42 | 000,021,872 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.12.21 10:39:44 | 000,002,126 | ---- | C] () -- C:\Users\*****\classic.css
[2009.12.17 21:28:31 | 000,007,607 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.18 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Bitdefender
[2011.09.30 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ChessBase
[2011.10.02 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\GHISLER
[2012.10.04 08:05:34 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ShredderChess
[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bitdefender
[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CCS64
[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChessBase
[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Garmin
[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GHISLER
[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HIARCS Chess
[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lokasoft
[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan
[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ShredderChess
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.02.25 23:34:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.26 10:55:01 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT
[2009.12.17 20:12:21 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.26 08:59:12 | 000,000,000 | RH-D | M] -- C:\ESD
[2012.01.22 11:37:13 | 000,000,000 | ---D | M] -- C:\gtb
[2009.12.19 22:17:47 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.11.26 22:37:10 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.18 22:46:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.18 22:53:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.19 08:44:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.17 19:33:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.20 09:10:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.03.12 17:09:34 | 000,000,000 | ---D | M] -- C:\Tbs
[2012.11.25 18:36:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.18 22:48:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.09 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Adobe
[2009.12.17 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ATI
[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bitdefender
[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited
[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CCS64
[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChessBase
[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Garmin
[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GHISLER
[2012.10.08 17:45:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Help
[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HIARCS Chess
[2009.12.17 19:34:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Identities
[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lokasoft
[2009.12.17 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macromedia
[2012.12.18 22:53:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Center Programs
[2012.12.07 20:51:07 | 000,000,000 | --SD | M] -- C:\Users\*****\AppData\Roaming\Microsoft
[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan
[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ShredderChess
[2012.11.27 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VMware
 
< %APPDATA%\*.exe /s >
[2009.12.17 20:13:23 | 000,010,134 | R--- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Installer\{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}\ARPPRODUCTICON.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.09.15 09:35:02 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2012.09.15 09:35:02 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 757 bytes -> C:\Users\*****\Documents\Rechnung Januar.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2270C8D2

< End of report >
         
Noch ein Scanergebnis von heute früh:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.10.9200.16438
Schüle :: I7 [Administrator]

Schutz: Aktiviert

20.12.2012 09:36:54
mbam-log-2012-12-20 (09-36-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240067
Laufzeit: 6 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hallo,
ich habe noch ein file extras.txt auf dem Desktop gefunden. Ich poste das mal, falls es wichtig wäre. Kannst du bitte auch erklären, warum gestern die Datei dsg....pad gestern nicht gefunden wurde?
Gruß
Werner
Code:
ATTFilter
OTL Extras logfile created on: 20.12.2012 09:08:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,35% Memory free
11,98 Gb Paging File | 10,02 Gb Available in Paging File | 83,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362,29 Gb Total Space | 260,00 Gb Free Space | 71,77% Space Free | Partition Type: NTFS
Drive D: | 449,12 Gb Total Space | 422,41 Gb Free Space | 94,05% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,45% Space Free | Partition Type: FAT32
Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
 
Computer Name: I7 | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\*****\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\*****\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0179F28E-2729-4056-A4BE-CC17CE464DE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{01F1095D-E969-46C8-8B64-7A6C54BA7332}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{03B2CA9E-1B08-4997-B4E3-025508D8B77E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{069017E8-07A4-463F-9631-18F78639470E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{116F1CC3-3A1C-4979-B94E-B85A6A509AB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{161AAD4C-9D8B-4793-B510-0D76A561A6D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1D054408-C445-4867-8605-3C6764DBEB3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1ED130FC-0302-433B-83C8-F9573C7E827D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{34A86B82-6C29-4A01-A9F7-368C736F6F70}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3DF5EE76-2B1D-4CE4-89CE-3DBBC0BEF4AB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{42159FA7-061A-430F-803C-AE1338962EBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4AE6877D-9064-40A4-8781-379F17887E15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4AFDCD52-723E-44A4-9D6D-4284ECD1B583}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{535BF0F6-EC59-45D1-811C-726C15262432}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6716FA2C-6D03-446C-893F-94104C93BA04}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{7496FFFD-303A-48FA-BE0C-F30F86F8806F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{74EA1916-89ED-45F5-A0A0-805E41E5C8BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76449877-2AEB-428D-9808-475B1C49EEC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{77026035-502C-4D03-9305-88B75EAE377F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{8A1351CB-6251-44BD-952C-F9B6954EAFCE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F33392D-959A-43DC-A742-973ABF8CC1FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{924D41E6-5EBC-4975-B5C4-AF4E0D95751F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9D1858ED-F041-4F5F-A30F-1C89995242B0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A6F5A5C2-CAC9-489E-B2CE-EEA06E534FAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9ABFD90-4600-4B27-83E9-28DC6D49DD59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA583E94-FB24-4240-B3EC-C4AE8F8C84C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AEA5B71D-1E89-40CA-8AA3-2E0611AFA3FD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BAEDE04F-6726-4E68-8CA7-8488CCDF584D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C3173BD9-A1B9-467E-93C4-6086161EF982}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{CF5A64C9-760E-4210-AC17-E1DDAE4987EC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D19FF783-BC65-43CF-A265-169285F50A9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D418B153-5558-4EE8-8E36-787F6C7257DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D7EC82E0-6E16-462C-8BF4-BC7CEDEC4037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DF05527C-78D6-4198-A22E-4963E5301E08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E57136FA-504C-44CC-9422-75E09E370C09}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EE83A702-6D2D-4EA4-873E-88C602A52FFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F8308444-BC62-4E42-B241-D1BD07659BE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE36AF96-B15C-47F9-A68E-64C3EDB2FB5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF5093F-172F-4DFE-B330-60F5156DFED0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{10C17015-58F0-4DB2-BAFA-B7B2406C8035}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"{110013D9-E91C-4BD7-9B40-326EAA471B5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14ADEBBC-6B71-412F-9E7B-EDE1C87DB672}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3095AB67-436A-41A6-B036-11214CBB5F35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3A6BA35E-4445-4C5C-82A1-419A446B831D}" = dir=in | app=c:\users\*****\programme\vmware-authd.exe | 
"{3C68DD5C-8611-4D74-B2A3-3FAAEDC2A516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4978FA4C-4C9A-434B-B7EE-D99475EDBC11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4CA7B2D4-A422-4E45-89BA-97275005BF62}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{51C6ABC8-AEA7-49F5-BDED-B52809CDA851}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BEE3067-E315-4970-B797-3006555E174C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{63A3AE9E-2336-484D-B5B1-3C9A78F15A21}" = dir=in | app=c:\users\*****\programme\vmware-authd.exe | 
"{73963FA4-3147-4391-B256-E18845E965DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{74B03633-B88B-4C90-B2DF-E7126DC0AF14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7511D1F9-31C7-4F33-9D4B-25B92D59EAD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{777981AA-B591-48A3-B3D6-BC921746C759}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E2E086C-AF85-4F7A-8B0D-C8EC35ECCB6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E8051E0-8ED0-40A2-9A8B-E209CF00226A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80E3149B-316B-4001-AA47-B2FDD49C85F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{843A4568-08A0-4867-AFA0-EE93A3C8F236}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8E7D93FF-7558-4524-9393-D0B69804097B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{932A0554-B230-4975-8291-06CE4F712B12}" = protocol=6 | dir=out | app=system | 
"{A445137B-7964-4390-AC6B-9F70CDF9C83B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8E71E65-75AD-4A09-A477-4D1FA66CD5FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDC8FD7D-D6E3-4354-915C-9926AA3CE200}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E0076D6B-FD5A-4C5A-83B4-00547AE18566}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E3834364-D982-4991-A24F-479C1FF9FC2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1BEED96-8016-4621-A535-4317C91D6319}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"{F592D8C5-216A-4CBE-ACDE-E429669D58C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{25A6184E-AA0E-4E46-9450-9E7F76AB735B}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{91BA1A99-7B40-4D6E-AD40-AC96A773CDDA}D:\users\public\cstal2\chesstal.exe" = protocol=6 | dir=in | app=d:\users\public\cstal2\chesstal.exe | 
"TCP Query User{F2BBDFDE-0FE8-43C9-91CA-D91719F2A1D2}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 
"TCP Query User{FD434365-2F68-4DD5-AEF5-71B9E8326A83}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{015F5D7F-9C45-4B90-9FC8-920C1EE53591}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{1E4FDF82-5DA1-40A1-BE06-76C042938479}D:\users\public\cstal2\chesstal.exe" = protocol=17 | dir=in | app=d:\users\public\cstal2\chesstal.exe | 
"UDP Query User{36E55135-D5FD-4EE6-882B-F35F500E2DAD}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{A2D42CA7-0AB7-4711-87F5-F38A49E41751}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C76E78E4-118F-48B7-815A-7B46B34A2E6A}_is1" = Houdini Version 2.0
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEBA7043-8935-4646-9EC4-0672C8B134CE}_is1" = Houdini 3 Pro
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Bitdefender" = Bitdefender Internet Security 2013
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0322F845-FC35-4735-98FC-A89A39A9A2CD}" = Deep Fritz 11
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}" = Deep Fritz 13
"{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1" = Deep Shredder 12 UCI
"{18E928DE-ABBA-4CEB-A9E4-205769B03FE8}" = Garmin BaseCamp
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1C0A1883-3A46-4416-A225-99BFF203462A}" = Deep Fritz 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2F34E931-7BEA-4BC6-8286-4197EC77EF34}" = Garmin TOPO Deutschland 2012 Pro
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5783F7-199B-4298-AC69-0FF3E4DB06B7}" = Shredder7
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}" = Fritz 13
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93695498-4D9E-4D30-9EC4-8B4A8DEFB4F7}" = ChessBase Light 2007
"{971853BB-F530-442A-B780-F7E3A8EE13AD}" = Deep Fritz 12
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{AABDD1F7-DA6B-4BA2-8F81-C7175A846E9C}" = ChessBase Light 2007
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BAE05770-60EE-4D5D-B7EF-19143852EF18}" = ChessPartner 6.0.2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7DDC5E9-B191-4E1B-B1F1-A05066DEB23A}_is1" = Shredder Classic 4 ct 2011
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{D0F246F5-90C7-446E-B8B3-EDF0D844DFB8}" = DeepJunior13.3
"{D4DA2F6E-54FB-487D-9007-4525819AD0B5}" = DeepJunior 11.1 UCI
"{D827E64C-47C5-4660-A41C-55C1306E22DA}_is1" = Shredder Classic 4 ct 2012
"{D872430A-15AF-4B40-A43E-B7D9D71F2380}" = Nimzo8
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E11A7A62-FBD9-4575-B874-B482DF213467}" = Fritz9
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED930E19-6843-41D6-90B5-22424F216CCA}" = DeepJunior13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F694D244-C236-4988-8EAB-C3F9397250B2}" = DeepJunior12UCI
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9F63821-64B4-4BA9-A811-970C8F6DF016}" = Deep Fritz 11
"{FEDE4C8E-4C50-4B23-BC30-623D7C188D95}" = F13 EngineCloud Beta
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"aquasuite" = aquasuite
"Chess Tiger 2007" = Chess Tiger 2007
"CPCEMU_is1" = CPCEMU v1.7
"Deep Sjeng" = Deep Sjeng
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Scid vs PC_is1" = Scid vs PC 4.8
"STANDARDR" = Microsoft Office Standard 2007
"Totalcmd" = Total Commander (Remove or Repair)
"VMware_Player" = VMware Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2012 17:49:54 | Computer Name = I7 | Source = System Restore | ID = 8210
Description = 
 
Error - 18.12.2012 19:42:28 | Computer Name = I7 | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 18.12.2012 19:42:28 | Computer Name = I7 | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 18.12.2012 21:29:10 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamservice.exe, Version: 1.65.0.0,
 Zeitstempel: 0x506784f8  Name des fehlerhaften Moduls: mbamservice.exe, Version: 
1.65.0.0, Zeitstempel: 0x506784f8  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005e63e
ID
 des fehlerhaften Prozesses: 0xa4c  Startzeit der fehlerhaften Anwendung: 0x01cddd6b98e4d399
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Berichtskennung:
 7ce5c89a-497b-11e2-a1b2-005056c00008
 
Error - 19.12.2012 11:25:48 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e
ID
 des fehlerhaften Prozesses: 0x1238  Startzeit der fehlerhaften Anwendung: 0x01cdddfc6e33a840
Pfad
 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
 5cb65b93-49f0-11e2-9869-005056c00008
 
Error - 19.12.2012 11:39:31 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e
ID
 des fehlerhaften Prozesses: 0x14e8  Startzeit der fehlerhaften Anwendung: 0x01cdddfe76c2148b
Pfad
 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
 47aeac10-49f2-11e2-9869-005056c00008
 
Error - 19.12.2012 11:40:35 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e
ID
 des fehlerhaften Prozesses: 0x1370  Startzeit der fehlerhaften Anwendung: 0x01cdddff0e491a2d
Pfad
 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
 6d7c1e28-49f2-11e2-9869-005056c00008
 
Error - 19.12.2012 11:44:37 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e
ID
 des fehlerhaften Prozesses: 0xf70  Startzeit der fehlerhaften Anwendung: 0x01cdddff9f931368
Pfad
 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
 fe20cedb-49f2-11e2-9869-005056c00008
 
Error - 19.12.2012 12:00:50 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e
ID
 des fehlerhaften Prozesses: 0x1144  Startzeit der fehlerhaften Anwendung: 0x01cdde0149499e4b
Pfad
 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
 41b92e56-49f5-11e2-9869-005056c00008
 
Error - 19.12.2012 12:29:35 | Computer Name = I7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,
 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:
 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e
ID
 des fehlerhaften Prozesses: 0x113c  Startzeit der fehlerhaften Anwendung: 0x01cdde05e3ac9129
Pfad
 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe
Berichtskennung:
 4638f1f5-49f9-11e2-9869-005056c00008
 
[ OSession Events ]
Error - 21.12.2009 07:02:09 | Computer Name = I7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1254
 seconds with 840 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.12.2012 03:52:57 | Computer Name = I7 | Source = DCOM | ID = 10010
Description = 
 
Error - 20.12.2012 03:53:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Schedule erreicht.
 
Error - 20.12.2012 03:53:30 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 20.12.2012 03:54:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 20.12.2012 03:54:30 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 20.12.2012 03:55:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SENS erreicht.
 
Error - 20.12.2012 03:55:30 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 20.12.2012 03:56:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 20.12.2012 03:58:50 | Computer Name = I7 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 08:55:30 unerwartet heruntergefahren.
 
Error - 20.12.2012 04:00:18 | Computer Name = I7 | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         


Alt 20.12.2012, 12:38   #6
WeSch
 
Lufthansamail - Standard

Lufthansamail



Hallo Cosinus,
nachdem in dem extras.txt was von offenem IE stand habe ich den otl scan wiederholt:
Code:
ATTFilter
OTL logfile created on: 20.12.2012 12:16:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 73,76% Memory free
11,98 Gb Paging File | 9,98 Gb Available in Paging File | 83,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362,29 Gb Total Space | 259,76 Gb Free Space | 71,70% Space Free | Partition Type: NTFS
Drive D: | 449,12 Gb Total Space | 422,41 Gb Free Space | 94,05% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,45% Space Free | Partition Type: FAT32
Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS
 
Computer Name: I7 | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Users\******\Programme\vmware-authd.exe
PRC - [2012.10.25 23:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Users\******\Programme\PDF24\pdf24.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 12:31:48 | 001,644,816 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012.12.19 12:31:44 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2009.11.25 04:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.19 12:31:54 | 000,068,440 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012.12.11 21:08:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Users\******\Programme\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) [Auto | Running] -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe -- (SetClockService)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012.11.01 02:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.11.01 02:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.11.01 02:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.11.01 02:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.11.01 02:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.10.31 20:58:08 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012.10.31 20:58:01 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2012.10.31 20:57:27 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012.10.24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.10.24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.10.11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009.11.25 04:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.07.06 14:21:55 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 EA 53 30 4B 7F CA 01  [binary data]
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes,DefaultScope = {CB235525-13FB-4E1D-9B76-D2C5072DED04}
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{CB235525-13FB-4E1D-9B76-D2C5072DED04}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\******\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\******\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.10.23 18:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.10.23 18:31:15 | 000,000,000 | ---D | M]
 
[2012.12.10 23:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Users\******\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562912A8-2BCE-4110-9163-09C0D5DD71F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1739EC1-A2A2-4BDB-9B03-8C4A792A4B85}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.20 09:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012.12.18 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.18 22:53:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.18 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.10 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\VisualBeeExe
[2012.12.10 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.10 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2012.12.07 20:49:11 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012.12.06 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012.12.03 11:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shredder Classic 4 ct 2012
[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012.11.29 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.11.29 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\******\Hama
[2012.11.28 09:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.11.27 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Virtual Machines
[2012.11.27 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\VMware
[2012.11.27 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\VMware
[2012.11.27 14:13:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2012.11.27 14:13:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2012.11.27 14:13:22 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2012.11.27 14:13:18 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.11.27 14:13:18 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012.11.27 14:12:48 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.11.27 14:12:44 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.11.27 14:12:43 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.11.27 14:12:39 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.11.27 14:12:36 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.11.27 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.11.27 14:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Canneverbe Limited
[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.11.26 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.11.26 10:54:31 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2012.11.26 08:59:12 | 000,000,000 | RH-D | C] -- C:\ESD
[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2012.11.21 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Windows 8-Upgrade-Assistent-Dateien
[1 C:\Users\******\Documents\*.tmp files -> C:\Users\******\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 11:58:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000UA.job
[2012.12.20 11:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 10:42:03 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 10:42:03 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 10:32:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 10:32:51 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012.12.19 18:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000Core.job
[2012.12.19 13:37:00 | 000,010,465 | ---- | M] () -- C:\Users\******\Documents\1355915070_1_02.xml
[2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.12.19 08:41:21 | 000,547,175 | ---- | M] () -- C:\Users\******\Desktop\adwcleaner.exe
[2012.12.18 22:53:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 10:58:15 | 000,017,408 | ---- | M] () -- C:\Users\******\AppData\Local\WebpageIcons.db
[2012.12.16 10:16:56 | 000,075,057 | ---- | M] () -- C:\Users\Public\Documents\computer.ssp
[2012.12.14 18:16:40 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.14 18:16:40 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.14 18:16:40 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.14 18:16:40 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.14 18:16:40 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.13 22:20:06 | 000,000,497 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012.12.13 17:18:55 | 000,002,482 | ---- | M] () -- C:\Users\******\Desktop\Google Chrome.lnk
[2012.12.12 12:26:06 | 000,007,607 | ---- | M] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg
[2012.12.12 08:50:28 | 000,313,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.10 22:58:14 | 003,121,706 | ---- | M] () -- C:\Users\******\Documents\0185 - Falco - Rock me Amadeus.mp3
[2012.12.09 10:13:29 | 000,139,149 | ---- | M] () -- C:\Users\******\Documents\gow.jpg
[2012.12.07 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012.12.06 16:52:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.06 09:00:17 | 001,185,142 | ---- | M] () -- C:\Users\******\Documents\Nokia_Lumia_820_UG_de.pdf
[2012.12.05 11:59:27 | 000,773,086 | ---- | M] () -- C:\Users\******\Documents\Schule03.jpg
[2012.12.03 11:49:37 | 000,001,085 | ---- | M] () -- C:\Users\******\Desktop\Shredder Classic 4 ct 2012.lnk
[2012.11.30 17:26:14 | 000,367,413 | ---- | M] () -- C:\Users\******\Documents\Schule02.jpg
[2012.11.30 17:23:17 | 000,393,693 | ---- | M] () -- C:\Users\******\Documents\Schule01.jpg
[2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.11.27 14:12:12 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 14:12:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.11.26 11:22:54 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.26 10:54:20 | 000,001,393 | ---- | M] () -- C:\Users\******\Desktop\Windows installieren.lnk
[2012.11.25 17:57:01 | 000,000,178 | ---- | M] () -- C:\Users\******\Desktop\Buy RAR Password Recovery Now!.url
[2012.11.21 16:38:27 | 000,024,478 | ---- | M] () -- C:\Users\******\Documents\Windows 8-Upgrade-Assistent.html
[1 C:\Users\******\Documents\*.tmp files -> C:\Users\******\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.19 13:37:38 | 000,010,465 | ---- | C] () -- C:\Users\******\Documents\1355915070_1_02.xml
[2012.12.19 08:41:19 | 000,547,175 | ---- | C] () -- C:\Users\******\Desktop\adwcleaner.exe
[2012.12.18 22:53:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.10 23:10:52 | 003,121,706 | ---- | C] () -- C:\Users\******\Documents\0185 - Falco - Rock me Amadeus.mp3
[2012.12.07 20:51:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012.12.07 20:49:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012.12.06 16:52:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.06 09:00:17 | 001,185,142 | ---- | C] () -- C:\Users\******\Documents\Nokia_Lumia_820_UG_de.pdf
[2012.12.05 11:59:27 | 000,773,086 | ---- | C] () -- C:\Users\******\Documents\Schule03.jpg
[2012.12.03 11:49:37 | 000,001,085 | ---- | C] () -- C:\Users\******\Desktop\Shredder Classic 4 ct 2012.lnk
[2012.11.30 17:26:13 | 000,367,413 | ---- | C] () -- C:\Users\******\Documents\Schule02.jpg
[2012.11.30 17:23:17 | 000,393,693 | ---- | C] () -- C:\Users\******\Documents\Schule01.jpg
[2012.11.27 14:12:12 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 14:12:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.11.26 11:22:54 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.11.26 11:22:54 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.11.26 10:47:51 | 000,001,393 | ---- | C] () -- C:\Users\******\Desktop\Windows installieren.lnk
[2012.11.25 17:57:01 | 000,000,178 | ---- | C] () -- C:\Users\******\Desktop\Buy RAR Password Recovery Now!.url
[2012.11.21 16:38:26 | 000,024,478 | ---- | C] () -- C:\Users\******\Documents\Windows 8-Upgrade-Assistent.html
[2012.10.23 18:32:34 | 000,372,193 | ---- | C] () -- C:\ProgramData\1351013324.bdinstall.bin
[2012.09.15 09:54:15 | 000,850,964 | ---- | C] () -- C:\ProgramData\1347698460.bdinstall.bin
[2011.12.07 11:49:51 | 000,619,208 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.11.13 11:55:37 | 000,017,408 | ---- | C] () -- C:\Users\******\AppData\Local\WebpageIcons.db
[2011.09.08 23:00:41 | 000,000,030 | ---- | C] () -- C:\Windows\CHSSBASE.INI
[2011.09.08 22:53:42 | 000,007,676 | ---- | C] () -- C:\Windows\ENGINEEXT.INI
[2009.12.21 11:45:42 | 000,021,872 | ---- | C] () -- C:\Users\******\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.12.21 10:39:44 | 000,002,126 | ---- | C] () -- C:\Users\******\classic.css
[2009.12.17 21:28:31 | 000,007,607 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.18 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Bitdefender
[2011.09.30 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ChessBase
[2011.10.02 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\GHISLER
[2012.10.04 08:05:34 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ShredderChess
[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Bitdefender
[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited
[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\CCS64
[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ChessBase
[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Garmin
[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GHISLER
[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\HIARCS Chess
[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Lokasoft
[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\QuickScan
[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ShredderChess
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.02.25 23:34:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.26 10:55:01 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT
[2009.12.17 20:12:21 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.26 08:59:12 | 000,000,000 | RH-D | M] -- C:\ESD
[2012.01.22 11:37:13 | 000,000,000 | ---D | M] -- C:\gtb
[2009.12.19 22:17:47 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.11.26 22:37:10 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.18 22:46:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.18 22:53:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.20 09:58:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.17 19:33:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.20 12:18:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.03.12 17:09:34 | 000,000,000 | ---D | M] -- C:\Tbs
[2012.11.25 18:36:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.18 22:48:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.09 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Adobe
[2009.12.17 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ATI
[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Bitdefender
[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited
[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\CCS64
[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ChessBase
[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Garmin
[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GHISLER
[2012.10.08 17:45:53 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Help
[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\HIARCS Chess
[2009.12.17 19:34:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Identities
[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Lokasoft
[2009.12.17 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Macromedia
[2012.12.18 22:53:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Media Center Programs
[2012.12.07 20:51:07 | 000,000,000 | --SD | M] -- C:\Users\******\AppData\Roaming\Microsoft
[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\QuickScan
[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ShredderChess
[2012.12.20 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\VMware
 
< %APPDATA%\*.exe /s >
[2009.12.17 20:13:23 | 000,010,134 | R--- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Installer\{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}\ARPPRODUCTICON.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.09.15 09:35:02 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2012.09.15 09:35:02 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 757 bytes -> C:\Users\******\Documents\Rechnung Januar.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2270C8D2

< End of report >
         

Alt 20.12.2012, 15:49   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



Warum machst du alle Logs unter Win8?! Du hast den Dreck doch unter Win7 eingefangen?!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2012, 15:51   #8
WeSch
 
Lufthansamail - Standard

Lufthansamail



Hallo,
ich habe ganz sicher Windows 7 gestartet, weil ich auf W8 ja nichts gefangen habe. Das ist ein Dual Boot system.
Werner

Zitat:
Zitat von cosinus Beitrag anzeigen
Warum machst du alle Logs unter Win8?! Du hast den Dreck doch unter Win7 eingefangen?!
..allerdings arbeite ich mit dem IE10, den es auch für Windows 7 gibt.
Ich bin jetzt 2h weg.
Gruß
Werner

Alt 20.12.2012, 15:57   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



Hm hast Recht, ich hab die Versionsnummer durcheinander bekommen

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2012, 20:25   #10
WeSch
 
Lufthansamail - Standard

Lufthansamail



So, es geht weiter - sieht nach rootkit aus :-(
Werner
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 18:51:21
-----------------------------
18:51:21.029    OS Version: Windows x64 6.1.7601 Service Pack 1
18:51:21.029    Number of processors: 4 586 0x1A05
18:51:21.029    ComputerName: I7  UserName: 
18:51:21.869    Initialize success
18:55:12.478    AVAST engine defs: 12122000
18:55:24.728    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:55:24.728    Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01106 Size: 953869MB BusType: 3
18:55:24.728    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:55:24.728    Disk 1 Vendor: USB_eSATA_Flash_SSD 090508S Size: 15392MB BusType: 3
18:55:24.748    Disk 0 MBR read successfully
18:55:24.758    Disk 0 MBR scan
18:55:24.838    Disk 0 Windows 7 default MBR code
18:55:24.858    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:55:24.868    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       459900 MB offset 206848
18:55:24.908    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       370987 MB offset 942082048
18:55:24.908    Disk 0 Partition - 00     0F Extended LBA            122880 MB offset 1701863424
18:55:24.968    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       122879 MB offset 1701865472
18:55:25.018    Disk 0 scanning C:\Windows\system32\drivers
18:55:33.968    Service scanning
18:55:36.468    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
18:55:36.508    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
18:55:50.198    Modules scanning
18:55:50.198    Disk 0 trace - called modules:
18:55:50.238    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
18:55:50.238    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065cb060]
18:55:50.248    3 CLASSPNP.SYS[fffff88001b6a43f] -> nt!IofCallDriver -> [0xfffffa8006306580]
18:55:50.248    5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800630e060]
18:55:51.188    AVAST engine scan C:\Windows
18:55:52.988    AVAST engine scan C:\Windows\system32
18:58:12.439    AVAST engine scan C:\Windows\system32\drivers
18:58:22.659    AVAST engine scan C:\Users\Schüle
19:43:56.614    AVAST engine scan C:\ProgramData
19:45:16.721    Scan finished successfully
19:47:18.338    Disk 0 MBR has been saved successfully to "C:\Users\Schüle\Desktop\MBR.dat"
19:47:18.401    The log file has been saved successfully to "C:\Users\Schüle\Desktop\aswMBR.txt"
         
Code:
ATTFilter
19:47:50.0439 2860  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:47:50.0736 2860  ============================================================
19:47:50.0736 2860  Current date / time: 2012/12/20 19:47:50.0736
19:47:50.0736 2860  SystemInfo:
19:47:50.0736 2860  
19:47:50.0736 2860  OS Version: 6.1.7601 ServicePack: 1.0
19:47:50.0736 2860  Product type: Workstation
19:47:50.0736 2860  ComputerName: I7
19:47:50.0736 2860  UserName: Schüle
19:47:50.0736 2860  Windows directory: C:\Windows
19:47:50.0736 2860  System windows directory: C:\Windows
19:47:50.0736 2860  Running under WOW64
19:47:50.0736 2860  Processor architecture: Intel x64
19:47:50.0736 2860  Number of processors: 4
19:47:50.0736 2860  Page size: 0x1000
19:47:50.0736 2860  Boot type: Normal boot
19:47:50.0736 2860  ============================================================
19:47:51.0859 2860  Drive \Device\Harddisk1\DR1 - Size: 0x3C2000000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7AA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:47:51.0859 2860  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:47:51.0984 2860  ============================================================
19:47:51.0984 2860  \Device\Harddisk1\DR1:
19:47:51.0984 2860  MBR partitions:
19:47:51.0984 2860  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1E0E800
19:47:51.0984 2860  \Device\Harddisk0\DR0:
19:47:51.0984 2860  MBR partitions:
19:47:51.0984 2860  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:47:51.0984 2860  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3823E000
19:47:51.0984 2860  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38270800, BlocksNum 0x2D495800
19:47:51.0999 2860  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x65706800, BlocksNum 0xEFFF800
19:47:51.0999 2860  ============================================================
19:47:52.0046 2860  C: <-> \Device\Harddisk0\DR0\Partition3
19:47:52.0077 2860  D: <-> \Device\Harddisk0\DR0\Partition2
19:47:52.0124 2860  G: <-> \Device\Harddisk0\DR0\Partition4
19:47:52.0124 2860  F: <-> \Device\Harddisk1\DR1\Partition1
19:47:52.0124 2860  ============================================================
19:47:52.0124 2860  Initialize success
19:47:52.0124 2860  ============================================================
19:48:27.0177 5020  ============================================================
19:48:27.0177 5020  Scan started
19:48:27.0177 5020  Mode: Manual; SigCheck; TDLFS; 
19:48:27.0177 5020  ============================================================
19:48:28.0098 5020  ================ Scan system memory ========================
19:48:28.0098 5020  System memory - ok
19:48:28.0098 5020  ================ Scan services =============================
19:48:28.0222 5020  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:48:28.0347 5020  1394ohci - ok
19:48:28.0378 5020  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:48:28.0410 5020  ACPI - ok
19:48:28.0425 5020  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:48:28.0488 5020  AcpiPmi - ok
19:48:28.0597 5020  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:48:28.0628 5020  AdobeARMservice - ok
19:48:28.0737 5020  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:28.0784 5020  AdobeFlashPlayerUpdateSvc - ok
19:48:28.0815 5020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:48:28.0831 5020  adp94xx - ok
19:48:28.0862 5020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:48:28.0878 5020  adpahci - ok
19:48:28.0878 5020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:48:28.0893 5020  adpu320 - ok
19:48:28.0909 5020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:48:29.0018 5020  AeLookupSvc - ok
19:48:29.0065 5020  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:48:29.0112 5020  AFD - ok
19:48:29.0127 5020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:48:29.0143 5020  agp440 - ok
19:48:29.0158 5020  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:48:29.0205 5020  ALG - ok
19:48:29.0221 5020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:48:29.0236 5020  aliide - ok
19:48:29.0268 5020  [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:48:29.0330 5020  AMD External Events Utility - ok
19:48:29.0330 5020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:48:29.0346 5020  amdide - ok
19:48:29.0361 5020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:48:29.0408 5020  AmdK8 - ok
19:48:29.0424 5020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:48:29.0455 5020  AmdPPM - ok
19:48:29.0470 5020  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:48:29.0486 5020  amdsata - ok
19:48:29.0502 5020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:48:29.0517 5020  amdsbs - ok
19:48:29.0533 5020  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:48:29.0564 5020  amdxata - ok
19:48:29.0580 5020  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:48:29.0673 5020  AppID - ok
19:48:29.0689 5020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:48:29.0751 5020  AppIDSvc - ok
19:48:29.0782 5020  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:48:29.0814 5020  Appinfo - ok
19:48:29.0829 5020  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:48:29.0845 5020  arc - ok
19:48:29.0860 5020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:48:29.0876 5020  arcsas - ok
19:48:29.0892 5020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:48:29.0938 5020  AsyncMac - ok
19:48:29.0970 5020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:48:29.0985 5020  atapi - ok
19:48:30.0063 5020  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:48:30.0141 5020  athr - ok
19:48:30.0297 5020  [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:48:30.0391 5020  atikmdag - ok
19:48:30.0438 5020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:48:30.0500 5020  AudioEndpointBuilder - ok
19:48:30.0516 5020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:48:30.0547 5020  AudioSrv - ok
19:48:30.0594 5020  [ E7433C0C2505D8DEE6CA2A446C355595 ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
19:48:30.0672 5020  avc3 - ok
19:48:30.0718 5020  [ 3B9549FEF98AB1768A1D6A919F355B70 ] avchv           C:\Windows\system32\DRIVERS\avchv.sys
19:48:30.0734 5020  avchv - ok
19:48:30.0781 5020  [ 3CA0BD46B2FC65393A9B1DCAF6E2F7E7 ] avckf           C:\Windows\system32\DRIVERS\avckf.sys
19:48:30.0796 5020  avckf - ok
19:48:30.0843 5020  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:48:30.0906 5020  AxInstSV - ok
19:48:30.0937 5020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:48:30.0984 5020  b06bdrv - ok
19:48:30.0999 5020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:48:31.0046 5020  b57nd60a - ok
19:48:31.0124 5020  [ EB274492865DD388FCA5BD9B0FB508EA ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
19:48:31.0140 5020  BdDesktopParental - ok
19:48:31.0155 5020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:48:31.0186 5020  BDESVC - ok
19:48:31.0264 5020  [ 9920B815BC3B3F2D69071842DD18D422 ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
19:48:31.0280 5020  BdfNdisf - ok
19:48:31.0296 5020  [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:48:31.0327 5020  bdfwfpf - ok
19:48:31.0342 5020  [ F4683F14A40B05438A8B6E3B4EE765AC ] BDSandBox       C:\Windows\system32\drivers\bdsandbox.sys
19:48:31.0358 5020  BDSandBox - ok
19:48:31.0389 5020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:48:31.0452 5020  Beep - ok
19:48:31.0514 5020  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:48:31.0576 5020  BFE - ok
19:48:31.0623 5020  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:48:31.0686 5020  BITS - ok
19:48:31.0717 5020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:48:31.0748 5020  blbdrive - ok
19:48:31.0795 5020  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:48:31.0826 5020  bowser - ok
19:48:31.0826 5020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:48:31.0888 5020  BrFiltLo - ok
19:48:31.0888 5020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:48:31.0920 5020  BrFiltUp - ok
19:48:31.0935 5020  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:48:31.0966 5020  Browser - ok
19:48:31.0982 5020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:48:32.0029 5020  Brserid - ok
19:48:32.0044 5020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:48:32.0060 5020  BrSerWdm - ok
19:48:32.0091 5020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:48:32.0122 5020  BrUsbMdm - ok
19:48:32.0138 5020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:48:32.0154 5020  BrUsbSer - ok
19:48:32.0169 5020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:48:32.0200 5020  BTHMODEM - ok
19:48:32.0232 5020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:48:32.0278 5020  bthserv - ok
19:48:32.0294 5020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:48:32.0325 5020  cdfs - ok
19:48:32.0356 5020  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:48:32.0372 5020  cdrom - ok
19:48:32.0403 5020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:48:32.0450 5020  CertPropSvc - ok
19:48:32.0481 5020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:48:32.0497 5020  circlass - ok
19:48:32.0512 5020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:48:32.0528 5020  CLFS - ok
19:48:32.0575 5020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:48:32.0590 5020  clr_optimization_v2.0.50727_32 - ok
19:48:32.0637 5020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:48:32.0653 5020  clr_optimization_v2.0.50727_64 - ok
19:48:32.0715 5020  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:48:32.0731 5020  clr_optimization_v4.0.30319_32 - ok
19:48:32.0762 5020  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:48:32.0778 5020  clr_optimization_v4.0.30319_64 - ok
19:48:32.0793 5020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:48:32.0824 5020  CmBatt - ok
19:48:32.0840 5020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:48:32.0856 5020  cmdide - ok
19:48:32.0902 5020  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:48:32.0949 5020  CNG - ok
19:48:32.0949 5020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:48:32.0965 5020  Compbatt - ok
19:48:32.0996 5020  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:48:33.0012 5020  CompositeBus - ok
19:48:33.0012 5020  COMSysApp - ok
19:48:33.0058 5020  [ C08063F052308B6F5882482615387F30 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
19:48:33.0074 5020  cpuz135 - ok
19:48:33.0090 5020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:48:33.0105 5020  crcdisk - ok
19:48:33.0168 5020  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:48:33.0214 5020  CryptSvc - ok
19:48:33.0261 5020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:48:33.0324 5020  DcomLaunch - ok
19:48:33.0339 5020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:48:33.0386 5020  defragsvc - ok
19:48:33.0402 5020  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:48:33.0448 5020  DfsC - ok
19:48:33.0464 5020  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:48:33.0495 5020  Dhcp - ok
19:48:33.0511 5020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:48:33.0542 5020  discache - ok
19:48:33.0573 5020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:48:33.0589 5020  Disk - ok
19:48:33.0620 5020  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:48:33.0667 5020  Dnscache - ok
19:48:33.0698 5020  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:48:33.0745 5020  dot3svc - ok
19:48:33.0760 5020  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:48:33.0807 5020  DPS - ok
19:48:33.0838 5020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:48:33.0854 5020  drmkaud - ok
19:48:33.0885 5020  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:48:33.0916 5020  DXGKrnl - ok
19:48:33.0948 5020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:48:33.0979 5020  EapHost - ok
19:48:34.0041 5020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:48:34.0104 5020  ebdrv - ok
19:48:34.0150 5020  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:48:34.0197 5020  EFS - ok
19:48:34.0244 5020  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:48:34.0306 5020  ehRecvr - ok
19:48:34.0322 5020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:48:34.0369 5020  ehSched - ok
19:48:34.0400 5020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:48:34.0431 5020  elxstor - ok
19:48:34.0431 5020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:48:34.0447 5020  ErrDev - ok
19:48:34.0494 5020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:48:34.0525 5020  EventSystem - ok
19:48:34.0556 5020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:48:34.0587 5020  exfat - ok
19:48:34.0603 5020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:48:34.0634 5020  fastfat - ok
19:48:34.0681 5020  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:48:34.0728 5020  Fax - ok
19:48:34.0759 5020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:48:34.0790 5020  fdc - ok
19:48:34.0790 5020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:48:34.0852 5020  fdPHost - ok
19:48:34.0868 5020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:48:34.0899 5020  FDResPub - ok
19:48:34.0930 5020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:48:34.0946 5020  FileInfo - ok
19:48:34.0946 5020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:48:35.0008 5020  Filetrace - ok
19:48:35.0024 5020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:48:35.0040 5020  flpydisk - ok
19:48:35.0055 5020  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:48:35.0071 5020  FltMgr - ok
19:48:35.0118 5020  [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache       C:\Windows\system32\FntCache.dll
19:48:35.0180 5020  FontCache - ok
19:48:35.0227 5020  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:48:35.0242 5020  FontCache3.0.0.0 - ok
19:48:35.0258 5020  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:48:35.0274 5020  FsDepends - ok
19:48:35.0289 5020  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:48:35.0305 5020  Fs_Rec - ok
19:48:35.0336 5020  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:48:35.0352 5020  fvevol - ok
19:48:35.0383 5020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:48:35.0398 5020  gagp30kx - ok
19:48:35.0430 5020  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:48:35.0476 5020  gpsvc - ok
19:48:35.0523 5020  [ BF2763FEA9704B1D9AA2C7719423251A ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys
19:48:35.0539 5020  gzflt - ok
19:48:35.0570 5020  [ 3CC07DAD48FA53193AE2F85DD8200B5E ] hcmon           C:\Windows\system32\drivers\hcmon.sys
19:48:35.0586 5020  hcmon - ok
19:48:35.0601 5020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:48:35.0648 5020  hcw85cir - ok
19:48:35.0679 5020  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:48:35.0695 5020  HdAudAddService - ok
19:48:35.0726 5020  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:48:35.0742 5020  HDAudBus - ok
19:48:35.0757 5020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:48:35.0773 5020  HidBatt - ok
19:48:35.0788 5020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:48:35.0804 5020  HidBth - ok
19:48:35.0820 5020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:48:35.0851 5020  HidIr - ok
19:48:35.0866 5020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:48:35.0929 5020  hidserv - ok
19:48:35.0960 5020  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:48:35.0976 5020  HidUsb - ok
19:48:36.0007 5020  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:48:36.0085 5020  hkmsvc - ok
19:48:36.0100 5020  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:48:36.0132 5020  HomeGroupListener - ok
19:48:36.0163 5020  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:48:36.0178 5020  HomeGroupProvider - ok
19:48:36.0194 5020  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:48:36.0210 5020  HpSAMD - ok
19:48:36.0256 5020  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:48:36.0319 5020  HTTP - ok
19:48:36.0334 5020  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:48:36.0334 5020  hwpolicy - ok
19:48:36.0350 5020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:48:36.0366 5020  i8042prt - ok
19:48:36.0397 5020  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:48:36.0412 5020  iaStorV - ok
19:48:36.0459 5020  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:48:36.0475 5020  idsvc - ok
19:48:36.0490 5020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:48:36.0506 5020  iirsp - ok
19:48:36.0537 5020  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:48:36.0568 5020  IKEEXT - ok
19:48:36.0584 5020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:48:36.0600 5020  intelide - ok
19:48:36.0615 5020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:48:36.0631 5020  intelppm - ok
19:48:36.0662 5020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:48:36.0709 5020  IPBusEnum - ok
19:48:36.0724 5020  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:48:36.0756 5020  IpFilterDriver - ok
19:48:36.0787 5020  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:48:36.0834 5020  iphlpsvc - ok
19:48:36.0849 5020  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:48:36.0865 5020  IPMIDRV - ok
19:48:36.0880 5020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:48:36.0943 5020  IPNAT - ok
19:48:36.0974 5020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:48:37.0052 5020  IRENUM - ok
19:48:37.0068 5020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:48:37.0083 5020  isapnp - ok
19:48:37.0099 5020  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:48:37.0114 5020  iScsiPrt - ok
19:48:37.0130 5020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:48:37.0146 5020  kbdclass - ok
19:48:37.0161 5020  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:48:37.0177 5020  kbdhid - ok
19:48:37.0192 5020  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:48:37.0208 5020  KeyIso - ok
19:48:37.0239 5020  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:48:37.0255 5020  KSecDD - ok
19:48:37.0286 5020  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:48:37.0302 5020  KSecPkg - ok
19:48:37.0317 5020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:48:37.0348 5020  ksthunk - ok
19:48:37.0380 5020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:48:37.0411 5020  KtmRm - ok
19:48:37.0442 5020  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:48:37.0489 5020  LanmanServer - ok
19:48:37.0504 5020  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:48:37.0551 5020  LanmanWorkstation - ok
19:48:37.0567 5020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:48:37.0614 5020  lltdio - ok
19:48:37.0629 5020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:48:37.0660 5020  lltdsvc - ok
19:48:37.0676 5020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:48:37.0707 5020  lmhosts - ok
19:48:37.0738 5020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:48:37.0754 5020  LSI_FC - ok
19:48:37.0770 5020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:48:37.0770 5020  LSI_SAS - ok
19:48:37.0785 5020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:48:37.0801 5020  LSI_SAS2 - ok
19:48:37.0816 5020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:48:37.0832 5020  LSI_SCSI - ok
19:48:37.0848 5020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:48:37.0863 5020  luafv - ok
19:48:37.0926 5020  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:48:37.0941 5020  MBAMProtector - ok
19:48:37.0988 5020  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:48:38.0035 5020  MBAMScheduler - ok
19:48:38.0066 5020  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:48:38.0097 5020  MBAMService - ok
19:48:38.0144 5020  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:48:38.0191 5020  Mcx2Svc - ok
19:48:38.0331 5020  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:48:38.0456 5020  MDM ( UnsignedFile.Multi.Generic ) - warning
19:48:38.0456 5020  MDM - detected UnsignedFile.Multi.Generic (1)
19:48:38.0487 5020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:48:38.0487 5020  megasas - ok
19:48:38.0518 5020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:48:38.0534 5020  MegaSR - ok
19:48:38.0565 5020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:48:38.0628 5020  MMCSS - ok
19:48:38.0628 5020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:48:38.0674 5020  Modem - ok
19:48:38.0721 5020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:48:38.0752 5020  monitor - ok
19:48:38.0768 5020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:48:38.0784 5020  mouclass - ok
19:48:38.0799 5020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:48:38.0830 5020  mouhid - ok
19:48:38.0846 5020  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:48:38.0862 5020  mountmgr - ok
19:48:38.0877 5020  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:48:38.0893 5020  mpio - ok
19:48:38.0908 5020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:48:38.0940 5020  mpsdrv - ok
19:48:38.0971 5020  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:48:39.0033 5020  MpsSvc - ok
19:48:39.0064 5020  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:48:39.0080 5020  MRxDAV - ok
19:48:39.0111 5020  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:48:39.0158 5020  mrxsmb - ok
19:48:39.0174 5020  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:48:39.0205 5020  mrxsmb10 - ok
19:48:39.0236 5020  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:48:39.0252 5020  mrxsmb20 - ok
19:48:39.0283 5020  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:48:39.0298 5020  msahci - ok
19:48:39.0314 5020  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:48:39.0330 5020  msdsm - ok
19:48:39.0345 5020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:48:39.0376 5020  MSDTC - ok
19:48:39.0408 5020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:48:39.0454 5020  Msfs - ok
19:48:39.0470 5020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:48:39.0517 5020  mshidkmdf - ok
19:48:39.0532 5020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:48:39.0548 5020  msisadrv - ok
19:48:39.0564 5020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:48:39.0626 5020  MSiSCSI - ok
19:48:39.0626 5020  msiserver - ok
19:48:39.0657 5020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:48:39.0688 5020  MSKSSRV - ok
19:48:39.0688 5020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:48:39.0720 5020  MSPCLOCK - ok
19:48:39.0720 5020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:48:39.0766 5020  MSPQM - ok
19:48:39.0798 5020  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:48:39.0813 5020  MsRPC - ok
19:48:39.0829 5020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:48:39.0844 5020  mssmbios - ok
19:48:39.0844 5020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:48:39.0876 5020  MSTEE - ok
19:48:39.0891 5020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:48:39.0907 5020  MTConfig - ok
19:48:39.0938 5020  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:48:39.0985 5020  MTsensor - ok
19:48:40.0000 5020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:48:40.0032 5020  Mup - ok
19:48:40.0078 5020  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:48:40.0110 5020  napagent - ok
19:48:40.0156 5020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:48:40.0188 5020  NativeWifiP - ok
19:48:40.0219 5020  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:48:40.0250 5020  NDIS - ok
19:48:40.0266 5020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:48:40.0297 5020  NdisCap - ok
19:48:40.0328 5020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:48:40.0375 5020  NdisTapi - ok
19:48:40.0406 5020  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:48:40.0437 5020  Ndisuio - ok
19:48:40.0468 5020  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:48:40.0500 5020  NdisWan - ok
19:48:40.0515 5020  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:48:40.0562 5020  NDProxy - ok
19:48:40.0578 5020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:48:40.0609 5020  NetBIOS - ok
19:48:40.0624 5020  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:48:40.0671 5020  NetBT - ok
19:48:40.0687 5020  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:48:40.0687 5020  Netlogon - ok
19:48:40.0718 5020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:48:40.0749 5020  Netman - ok
19:48:40.0765 5020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:48:40.0812 5020  netprofm - ok
19:48:40.0827 5020  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:48:40.0843 5020  NetTcpPortSharing - ok
19:48:40.0874 5020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:48:40.0890 5020  nfrd960 - ok
19:48:40.0905 5020  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:48:40.0921 5020  NlaSvc - ok
19:48:40.0952 5020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:48:40.0999 5020  Npfs - ok
19:48:41.0014 5020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:48:41.0061 5020  nsi - ok
19:48:41.0061 5020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:48:41.0108 5020  nsiproxy - ok
19:48:41.0155 5020  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:48:41.0202 5020  Ntfs - ok
19:48:41.0217 5020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:48:41.0248 5020  Null - ok
19:48:41.0264 5020  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:48:41.0295 5020  nusb3hub - ok
19:48:41.0326 5020  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:48:41.0358 5020  nusb3xhc - ok
19:48:41.0373 5020  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:48:41.0389 5020  nvraid - ok
19:48:41.0420 5020  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:48:41.0436 5020  nvstor - ok
19:48:41.0467 5020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:48:41.0482 5020  nv_agp - ok
19:48:41.0560 5020  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:48:41.0685 5020  odserv - ok
19:48:41.0685 5020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:48:41.0716 5020  ohci1394 - ok
19:48:41.0748 5020  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:48:41.0794 5020  ose - ok
19:48:41.0826 5020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:48:41.0872 5020  p2pimsvc - ok
19:48:41.0904 5020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:48:41.0919 5020  p2psvc - ok
19:48:41.0935 5020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:48:41.0950 5020  Parport - ok
19:48:41.0982 5020  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:48:41.0997 5020  partmgr - ok
19:48:42.0013 5020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:48:42.0044 5020  PcaSvc - ok
19:48:42.0060 5020  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:48:42.0091 5020  pci - ok
19:48:42.0091 5020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:48:42.0106 5020  pciide - ok
19:48:42.0122 5020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:48:42.0138 5020  pcmcia - ok
19:48:42.0169 5020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:48:42.0169 5020  pcw - ok
19:48:42.0200 5020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:48:42.0247 5020  PEAUTH - ok
19:48:42.0309 5020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:48:42.0340 5020  PerfHost - ok
19:48:42.0387 5020  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:48:42.0434 5020  pla - ok
19:48:42.0496 5020  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:48:42.0543 5020  PlugPlay - ok
19:48:42.0559 5020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:48:42.0574 5020  PNRPAutoReg - ok
19:48:42.0606 5020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:48:42.0621 5020  PNRPsvc - ok
19:48:42.0652 5020  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:48:42.0715 5020  PolicyAgent - ok
19:48:42.0730 5020  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:48:42.0777 5020  Power - ok
19:48:42.0808 5020  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:48:42.0840 5020  PptpMiniport - ok
19:48:42.0855 5020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:48:42.0871 5020  Processor - ok
19:48:42.0902 5020  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:48:42.0933 5020  ProfSvc - ok
19:48:42.0933 5020  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:48:42.0949 5020  ProtectedStorage - ok
19:48:42.0980 5020  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:48:43.0042 5020  Psched - ok
19:48:43.0074 5020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:48:43.0105 5020  ql2300 - ok
19:48:43.0120 5020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:48:43.0120 5020  ql40xx - ok
19:48:43.0152 5020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:48:43.0183 5020  QWAVE - ok
19:48:43.0198 5020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:48:43.0214 5020  QWAVEdrv - ok
19:48:43.0261 5020  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
19:48:43.0276 5020  RapiMgr - ok
19:48:43.0292 5020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:48:43.0323 5020  RasAcd - ok
19:48:43.0354 5020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:48:43.0401 5020  RasAgileVpn - ok
19:48:43.0401 5020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:48:43.0432 5020  RasAuto - ok
19:48:43.0448 5020  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:48:43.0495 5020  Rasl2tp - ok
19:48:43.0510 5020  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:48:43.0557 5020  RasMan - ok
19:48:43.0573 5020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:48:43.0604 5020  RasPppoe - ok
19:48:43.0635 5020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:48:43.0666 5020  RasSstp - ok
19:48:43.0666 5020  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:48:43.0713 5020  rdbss - ok
19:48:43.0713 5020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:48:43.0729 5020  rdpbus - ok
19:48:43.0760 5020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:48:43.0791 5020  RDPCDD - ok
19:48:43.0807 5020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:48:43.0854 5020  RDPENCDD - ok
19:48:43.0854 5020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:48:43.0885 5020  RDPREFMP - ok
19:48:43.0932 5020  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:48:43.0947 5020  RdpVideoMiniport - ok
19:48:43.0978 5020  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:48:43.0994 5020  RDPWD - ok
19:48:44.0025 5020  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:48:44.0056 5020  rdyboost - ok
19:48:44.0103 5020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:48:44.0166 5020  RemoteAccess - ok
19:48:44.0181 5020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:48:44.0244 5020  RemoteRegistry - ok
19:48:44.0244 5020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:48:44.0290 5020  RpcEptMapper - ok
19:48:44.0322 5020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:48:44.0337 5020  RpcLocator - ok
19:48:44.0384 5020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:48:44.0431 5020  RpcSs - ok
19:48:44.0446 5020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:48:44.0478 5020  rspndr - ok
19:48:44.0509 5020  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:48:44.0509 5020  SamSs - ok
19:48:44.0540 5020  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:48:44.0556 5020  sbp2port - ok
19:48:44.0618 5020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:48:44.0727 5020  SCardSvr - ok
19:48:44.0836 5020  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:48:44.0883 5020  scfilter - ok
19:48:44.0930 5020  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:48:44.0992 5020  Schedule - ok
19:48:45.0008 5020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:48:45.0039 5020  SCPolicySvc - ok
19:48:45.0055 5020  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:48:45.0102 5020  SDRSVC - ok
19:48:45.0117 5020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:48:45.0148 5020  secdrv - ok
19:48:45.0180 5020  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:48:45.0226 5020  seclogon - ok
19:48:45.0242 5020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:48:45.0273 5020  SENS - ok
19:48:45.0289 5020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:48:45.0320 5020  SensrSvc - ok
19:48:45.0336 5020  [ 9F6490423AC3271E84A90A0DD9D30A3B ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys
19:48:45.0367 5020  Ser2pl - ok
19:48:45.0382 5020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:48:45.0398 5020  Serenum - ok
19:48:45.0414 5020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:48:45.0429 5020  Serial - ok
19:48:45.0445 5020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:48:45.0460 5020  sermouse - ok
19:48:45.0476 5020  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:48:45.0538 5020  SessionEnv - ok
19:48:45.0601 5020  [ 6F0C3E47E915BE7882629E57FA646406 ] SetClockService C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe
19:48:45.0632 5020  SetClockService ( UnsignedFile.Multi.Generic ) - warning
19:48:45.0632 5020  SetClockService - detected UnsignedFile.Multi.Generic (1)
19:48:45.0648 5020  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:48:45.0679 5020  sffdisk - ok
19:48:45.0694 5020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:48:45.0726 5020  sffp_mmc - ok
19:48:45.0741 5020  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:48:45.0772 5020  sffp_sd - ok
19:48:45.0788 5020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:48:45.0819 5020  sfloppy - ok
19:48:45.0850 5020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:48:45.0897 5020  SharedAccess - ok
19:48:45.0928 5020  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:48:45.0975 5020  ShellHWDetection - ok
19:48:46.0006 5020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:48:46.0006 5020  SiSRaid2 - ok
19:48:46.0038 5020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:48:46.0038 5020  SiSRaid4 - ok
19:48:46.0053 5020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:48:46.0100 5020  Smb - ok
19:48:46.0116 5020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:48:46.0147 5020  SNMPTRAP - ok
19:48:46.0162 5020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:48:46.0178 5020  spldr - ok
19:48:46.0209 5020  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:48:46.0256 5020  Spooler - ok
19:48:46.0334 5020  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:48:46.0412 5020  sppsvc - ok
19:48:46.0443 5020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:48:46.0474 5020  sppuinotify - ok
19:48:46.0506 5020  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:48:46.0537 5020  srv - ok
19:48:46.0568 5020  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:48:46.0599 5020  srv2 - ok
19:48:46.0615 5020  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:48:46.0630 5020  srvnet - ok
19:48:46.0662 5020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:48:46.0708 5020  SSDPSRV - ok
19:48:46.0724 5020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:48:46.0755 5020  SstpSvc - ok
19:48:46.0771 5020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:48:46.0786 5020  stexstor - ok
19:48:46.0818 5020  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:48:46.0864 5020  stisvc - ok
19:48:46.0880 5020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:48:46.0896 5020  swenum - ok
19:48:46.0911 5020  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:48:46.0974 5020  swprv - ok
19:48:47.0020 5020  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:48:47.0052 5020  SysMain - ok
19:48:47.0083 5020  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:48:47.0114 5020  TabletInputService - ok
19:48:47.0130 5020  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:48:47.0192 5020  TapiSrv - ok
19:48:47.0208 5020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:48:47.0270 5020  TBS - ok
19:48:47.0332 5020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:48:47.0379 5020  Tcpip - ok
19:48:47.0410 5020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:48:47.0442 5020  TCPIP6 - ok
19:48:47.0457 5020  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:48:47.0488 5020  tcpipreg - ok
19:48:47.0504 5020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:48:47.0535 5020  TDPIPE - ok
19:48:47.0551 5020  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:48:47.0566 5020  TDTCP - ok
19:48:47.0598 5020  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:48:47.0644 5020  tdx - ok
19:48:47.0660 5020  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:48:47.0676 5020  TermDD - ok
19:48:47.0707 5020  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:48:47.0754 5020  TermService - ok
19:48:47.0785 5020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:48:47.0800 5020  Themes - ok
19:48:47.0816 5020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:48:47.0847 5020  THREADORDER - ok
19:48:47.0878 5020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:48:47.0910 5020  TrkWks - ok
19:48:47.0941 5020  [ B66EE1D68197DFB9AA24F961E68ACDCC ] trufos          C:\Windows\system32\DRIVERS\trufos.sys
19:48:47.0972 5020  trufos - ok
19:48:48.0050 5020  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:48:48.0097 5020  TrustedInstaller - ok
19:48:48.0128 5020  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:48:48.0159 5020  tssecsrv - ok
19:48:48.0190 5020  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:48:48.0222 5020  TsUsbFlt - ok
19:48:48.0253 5020  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:48:48.0284 5020  tunnel - ok
19:48:48.0315 5020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:48:48.0331 5020  uagp35 - ok
19:48:48.0346 5020  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:48:48.0393 5020  udfs - ok
19:48:48.0409 5020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:48:48.0440 5020  UI0Detect - ok
19:48:48.0456 5020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:48:48.0471 5020  uliagpkx - ok
19:48:48.0518 5020  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:48:48.0534 5020  umbus - ok
19:48:48.0549 5020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:48:48.0565 5020  UmPass - ok
19:48:48.0643 5020  [ 75A488DA3EA48BE97695A727185515CF ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
19:48:48.0658 5020  UPDATESRV - ok
19:48:48.0690 5020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:48:48.0736 5020  upnphost - ok
19:48:48.0752 5020  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:48:48.0783 5020  usbccgp - ok
19:48:48.0814 5020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:48:48.0830 5020  usbcir - ok
19:48:48.0846 5020  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:48:48.0877 5020  usbehci - ok
19:48:48.0908 5020  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:48:48.0939 5020  usbhub - ok
19:48:48.0955 5020  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:48:48.0970 5020  usbohci - ok
19:48:48.0970 5020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:48:49.0002 5020  usbprint - ok
19:48:49.0048 5020  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:48:49.0064 5020  usbscan - ok
19:48:49.0080 5020  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:48:49.0111 5020  USBSTOR - ok
19:48:49.0126 5020  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:48:49.0142 5020  usbuhci - ok
19:48:49.0189 5020  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
19:48:49.0220 5020  usb_rndisx - ok
19:48:49.0251 5020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:48:49.0282 5020  UxSms - ok
19:48:49.0298 5020  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:48:49.0314 5020  VaultSvc - ok
19:48:49.0329 5020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:48:49.0345 5020  vdrvroot - ok
19:48:49.0376 5020  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:48:49.0407 5020  vds - ok
19:48:49.0438 5020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:48:49.0470 5020  vga - ok
19:48:49.0470 5020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:48:49.0516 5020  VgaSave - ok
19:48:49.0532 5020  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:48:49.0548 5020  vhdmp - ok
19:48:49.0579 5020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:48:49.0594 5020  viaide - ok
19:48:49.0657 5020  [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService  C:\Users\Schüle\Programme\vmware-authd.exe
19:48:49.0688 5020  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
19:48:49.0688 5020  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
19:48:49.0704 5020  [ 6203C901DEFF10631AAD919B3BD1489B ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
19:48:49.0719 5020  vmci - ok
19:48:49.0766 5020  [ DE8F365C4C038AFE02F6E3B18ECAED33 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
19:48:49.0782 5020  vmkbd - ok
19:48:49.0797 5020  [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:48:49.0813 5020  VMnetAdapter - ok
19:48:49.0860 5020  [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:48:49.0906 5020  VMnetBridge - ok
19:48:49.0906 5020  VMnetDHCP - ok
19:48:49.0922 5020  [ 36EDBFE2C2405081620ADEF7B691ED89 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
19:48:49.0922 5020  VMnetuserif - ok
19:48:49.0953 5020  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
19:48:49.0969 5020  vmusb - ok
19:48:50.0047 5020  [ B55A8DADA1D825B73C811101B06E012F ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
19:48:50.0078 5020  VMUSBArbService - ok
19:48:50.0078 5020  VMware NAT Service - ok
19:48:50.0109 5020  [ 0E6ACC0257C6EFBB41E9FF4CD2A88B7F ] vmx86           C:\Windows\system32\drivers\vmx86.sys
19:48:50.0109 5020  vmx86 - ok
19:48:50.0140 5020  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:48:50.0140 5020  volmgr - ok
19:48:50.0172 5020  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:48:50.0203 5020  volmgrx - ok
19:48:50.0218 5020  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:48:50.0234 5020  volsnap - ok
19:48:50.0250 5020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:48:50.0265 5020  vsmraid - ok
19:48:50.0281 5020  [ EF1E48D431223F670CFFD6169B1A136F ] vsock           C:\Windows\system32\drivers\vsock.sys
19:48:50.0296 5020  vsock - ok
19:48:50.0359 5020  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:48:50.0421 5020  VSS - ok
19:48:50.0468 5020  [ CE9659E7047145791F1288C167C22BFE ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
19:48:50.0499 5020  VSSERV - ok
19:48:50.0515 5020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:48:50.0530 5020  vwifibus - ok
19:48:50.0562 5020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:48:50.0577 5020  vwififlt - ok
19:48:50.0608 5020  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:48:50.0640 5020  vwifimp - ok
19:48:50.0671 5020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:48:50.0702 5020  W32Time - ok
19:48:50.0702 5020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:48:50.0733 5020  WacomPen - ok
19:48:50.0764 5020  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:48:50.0827 5020  WANARP - ok
19:48:50.0827 5020  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:48:50.0858 5020  Wanarpv6 - ok
19:48:50.0920 5020  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:48:50.0967 5020  WatAdminSvc - ok
19:48:50.0998 5020  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:48:51.0045 5020  wbengine - ok
19:48:51.0061 5020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:48:51.0076 5020  WbioSrvc - ok
19:48:51.0092 5020  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
19:48:51.0108 5020  WcesComm - ok
19:48:51.0123 5020  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:48:51.0154 5020  wcncsvc - ok
19:48:51.0170 5020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:48:51.0186 5020  WcsPlugInService - ok
19:48:51.0201 5020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:48:51.0217 5020  Wd - ok
19:48:51.0248 5020  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:48:51.0295 5020  Wdf01000 - ok
19:48:51.0295 5020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:48:51.0357 5020  WdiServiceHost - ok
19:48:51.0357 5020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:48:51.0373 5020  WdiSystemHost - ok
19:48:51.0388 5020  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:48:51.0435 5020  WebClient - ok
19:48:51.0435 5020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:48:51.0482 5020  Wecsvc - ok
19:48:51.0498 5020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:48:51.0529 5020  wercplsupport - ok
19:48:51.0544 5020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:48:51.0591 5020  WerSvc - ok
19:48:51.0622 5020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:48:51.0654 5020  WfpLwf - ok
19:48:51.0669 5020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:48:51.0669 5020  WIMMount - ok
19:48:51.0685 5020  WinDefend - ok
19:48:51.0685 5020  WinHttpAutoProxySvc - ok
19:48:51.0747 5020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:48:51.0794 5020  Winmgmt - ok
19:48:51.0841 5020  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:48:51.0903 5020  WinRM - ok
19:48:51.0934 5020  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:48:51.0966 5020  WinUsb - ok
19:48:51.0997 5020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:48:52.0044 5020  Wlansvc - ok
19:48:52.0090 5020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:48:52.0106 5020  WmiAcpi - ok
19:48:52.0153 5020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:48:52.0184 5020  wmiApSrv - ok
19:48:52.0200 5020  WMPNetworkSvc - ok
19:48:52.0215 5020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:48:52.0246 5020  WPCSvc - ok
19:48:52.0262 5020  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:48:52.0293 5020  WPDBusEnum - ok
19:48:52.0309 5020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:48:52.0371 5020  ws2ifsl - ok
19:48:52.0387 5020  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:48:52.0418 5020  wscsvc - ok
19:48:52.0449 5020  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:48:52.0480 5020  WSDPrintDevice - ok
19:48:52.0480 5020  WSearch - ok
19:48:52.0543 5020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:48:52.0590 5020  wuauserv - ok
19:48:52.0621 5020  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:48:52.0652 5020  WudfPf - ok
19:48:52.0683 5020  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:48:52.0714 5020  WUDFRd - ok
19:48:52.0730 5020  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:48:52.0761 5020  wudfsvc - ok
19:48:52.0792 5020  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:48:52.0808 5020  WwanSvc - ok
19:48:52.0855 5020  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
19:48:52.0917 5020  yukonw7 - ok
19:48:52.0933 5020  ================ Scan global ===============================
19:48:52.0964 5020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:48:52.0995 5020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:48:52.0995 5020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:48:53.0026 5020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:48:53.0042 5020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:48:53.0058 5020  [Global] - ok
19:48:53.0058 5020  ================ Scan MBR ==================================
19:48:53.0058 5020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:48:53.0089 5020  \Device\Harddisk1\DR1 - ok
19:48:53.0104 5020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:48:53.0510 5020  \Device\Harddisk0\DR0 - ok
19:48:53.0510 5020  ================ Scan VBR ==================================
19:48:53.0526 5020  [ FA24A3BD6C5E51D12E3308AA41408E6A ] \Device\Harddisk1\DR1\Partition1
19:48:53.0526 5020  \Device\Harddisk1\DR1\Partition1 - ok
19:48:53.0541 5020  [ 2BC86AC1F3ADF177FD22F16DE1EAFCF7 ] \Device\Harddisk0\DR0\Partition1
19:48:53.0541 5020  \Device\Harddisk0\DR0\Partition1 - ok
19:48:53.0557 5020  [ BF0194E6E00FEC8CD192456991E3B221 ] \Device\Harddisk0\DR0\Partition2
19:48:53.0557 5020  \Device\Harddisk0\DR0\Partition2 - ok
19:48:53.0588 5020  [ A0D87E6B482464D6A90349A78F1A044A ] \Device\Harddisk0\DR0\Partition3
19:48:53.0588 5020  \Device\Harddisk0\DR0\Partition3 - ok
19:48:53.0619 5020  [ E719C21CB8B30C063AD4B3E290A3A7B2 ] \Device\Harddisk0\DR0\Partition4
19:48:53.0619 5020  \Device\Harddisk0\DR0\Partition4 - ok
19:48:53.0619 5020  ============================================================
19:48:53.0619 5020  Scan finished
19:48:53.0619 5020  ============================================================
19:48:53.0635 4904  Detected object count: 3
19:48:53.0635 4904  Actual detected object count: 3
19:49:12.0402 4904  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:12.0402 4904  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:49:12.0402 4904  SetClockService ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:12.0402 4904  SetClockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:49:12.0402 4904  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:12.0402 4904  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:17:57.0883 3884  Deinitialize success
         

Alt 20.12.2012, 20:36   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2012, 21:16   #12
WeSch
 
Lufthansamail - Standard

Lufthansamail



Code:
ATTFilter
ComboFix 12-12-20.02 - Schüle 20.12.2012  20:59:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.3809 [GMT 1:00]
ausgeführt von:: c:\users\Sch³le\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1347698460.bdinstall.bin
c:\programdata\1351013324.bdinstall.bin
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-20 bis 2012-12-20  ))))))))))))))))))))))))))))))
.
.
2012-12-20 20:04 . 2012-12-20 20:04	--------	d-----w-	c:\users\Internet\AppData\Local\temp
2012-12-20 20:04 . 2012-12-20 20:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-18 21:53 . 2012-12-18 21:53	--------	d-----w-	c:\users\Schüle\AppData\Roaming\Malwarebytes
2012-12-18 21:53 . 2012-12-18 21:53	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-18 21:53 . 2012-12-18 21:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-18 21:53 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-18 18:43 . 2012-12-18 18:43	--------	d-----w-	c:\users\Internet\AppData\Roaming\Bitdefender
2012-12-12 07:44 . 2012-11-14 03:51	19450880	----a-w-	c:\windows\system32\mshtml.dll
2012-12-12 07:44 . 2012-11-14 03:25	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2012-12-12 07:44 . 2012-11-14 01:14	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-12-12 07:42 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 07:42 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-12 07:38 . 2012-11-05 20:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-12 07:38 . 2012-11-05 20:32	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-12 07:38 . 2012-11-05 21:35	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-12 07:38 . 2012-11-05 20:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-12 07:38 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 07:38 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 07:38 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-10 22:06 . 2012-12-10 22:06	--------	d-----w-	c:\windows\SysWow64\searchplugins
2012-12-10 22:06 . 2012-12-10 22:06	--------	d-----w-	c:\windows\SysWow64\Extensions
2012-12-10 22:06 . 2012-12-10 22:26	--------	d-----w-	c:\users\Schüle\AppData\Local\VisualBeeExe
2012-12-10 22:05 . 2012-12-18 21:46	--------	d-----w-	c:\programdata\VisualBee
2012-12-07 19:49 . 2012-12-18 21:46	--------	d-----w-	c:\windows\WindowsMobile
2012-12-06 15:54 . 2012-12-06 15:54	--------	d-----w-	c:\programdata\Applications
2012-11-29 16:07 . 2012-11-29 16:07	--------	d-----w-	c:\program files (x86)\Renesas Electronics
2012-11-29 16:06 . 2012-11-29 16:06	--------	d-----w-	c:\programdata\Downloaded Installations
2012-11-29 16:05 . 2012-11-29 16:06	--------	d-----w-	c:\users\Schüle\Hama
2012-11-28 08:02 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-28 08:02 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-28 08:02 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-28 08:02 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-28 08:02 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-28 08:02 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-28 08:02 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-28 08:02 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-28 08:02 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-11-27 13:13 . 2012-12-20 11:00	--------	d-----w-	c:\users\Schüle\AppData\Local\VMware
2012-11-27 13:13 . 2012-12-20 10:54	--------	d-----w-	c:\users\Schüle\AppData\Roaming\VMware
2012-11-27 13:13 . 2012-10-24 13:17	67224	----a-w-	c:\windows\system32\vsocklib.dll
2012-11-27 13:13 . 2012-10-24 13:17	63128	----a-w-	c:\windows\SysWow64\vsocklib.dll
2012-11-27 13:13 . 2012-10-24 13:17	70296	----a-w-	c:\windows\system32\drivers\vsock.sys
2012-11-27 13:13 . 2012-11-01 01:34	67224	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-11-27 13:13 . 2012-11-01 01:34	32920	----a-w-	c:\windows\system32\drivers\VMkbd.sys
2012-11-27 13:12 . 2012-11-01 01:35	357016	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2012-11-27 13:12 . 2012-11-01 01:34	435864	----a-w-	c:\windows\SysWow64\vmnat.exe
2012-11-27 13:12 . 2012-11-01 01:34	30360	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-11-27 13:12 . 2012-11-01 01:35	933528	----a-w-	c:\windows\system32\vnetlib64.dll
2012-11-27 13:12 . 2012-10-11 16:15	52376	----a-w-	c:\windows\system32\drivers\hcmon.sys
2012-11-27 13:12 . 2012-11-27 13:12	--------	d-----w-	c:\program files\Common Files\VMware
2012-11-27 13:12 . 2012-12-20 20:08	--------	d-----w-	c:\programdata\VMware
2012-11-27 13:12 . 2012-11-27 13:12	--------	d-----w-	c:\program files (x86)\Common Files\VMware
2012-11-26 10:23 . 2012-11-26 10:23	--------	d-----w-	c:\users\Schüle\AppData\Roaming\Canneverbe Limited
2012-11-26 10:23 . 2012-11-26 10:23	--------	d-----w-	c:\programdata\Canneverbe Limited
2012-11-26 10:22 . 2012-12-18 21:46	--------	d-----w-	c:\program files (x86)\CDBurnerXP
2012-11-26 09:54 . 2012-11-26 09:55	--------	d-----w-	C:\$WINDOWS.~BT
2012-11-26 07:59 . 2012-11-26 07:59	--------	d-----r-	C:\ESD
2012-11-25 17:36 . 2012-11-25 17:36	--------	d-----w-	c:\users\MCP6
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 11:31 . 2012-09-15 08:52	261056	----a-w-	c:\windows\system32\drivers\avchv.sys
2012-12-12 07:44 . 2009-12-19 17:56	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 20:08 . 2012-04-15 21:50	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 20:08 . 2011-05-15 08:30	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-29 21:55 . 2012-10-23 17:29	350160	----a-w-	c:\windows\system32\drivers\trufos.sys
2012-11-14 08:32 . 2012-11-14 08:32	97280	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 08:32 . 2012-11-14 08:32	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-11-14 08:32 . 2012-11-14 08:32	905216	----a-w-	c:\windows\system32\mshtmlmedia.dll
2012-11-14 08:32 . 2012-11-14 08:32	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-11-14 08:32 . 2012-11-14 08:32	854528	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 08:32 . 2012-11-14 08:32	81408	----a-w-	c:\windows\system32\icardie.dll
2012-11-14 08:32 . 2012-11-14 08:32	77312	----a-w-	c:\windows\system32\tdc.ocx
2012-11-14 08:32 . 2012-11-14 08:32	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2012-11-14 08:32 . 2012-11-14 08:32	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-14 08:32 . 2012-11-14 08:32	718336	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2012-11-14 08:32 . 2012-11-14 08:32	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-14 08:32 . 2012-11-14 08:32	67072	----a-w-	c:\windows\system32\iesetup.dll
2012-11-14 08:32 . 2012-11-14 08:32	62976	----a-w-	c:\windows\system32\pngfilt.dll
2012-11-14 08:32 . 2012-11-14 08:32	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-11-14 08:32 . 2012-11-14 08:32	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-11-14 08:32 . 2012-11-14 08:32	603136	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 08:32 . 2012-11-14 08:32	593408	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 08:32 . 2012-11-14 08:32	53760	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 08:32 . 2012-11-14 08:32	531456	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 08:32 . 2012-11-14 08:32	525312	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 08:32 . 2012-11-14 08:32	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-11-14 08:32 . 2012-11-14 08:32	51200	----a-w-	c:\windows\system32\imgutil.dll
2012-11-14 08:32 . 2012-11-14 08:32	50688	----a-w-	c:\windows\system32\ie4uinit.exe
2012-11-14 08:32 . 2012-11-14 08:32	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-11-14 08:32 . 2012-11-14 08:32	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-11-14 08:32 . 2012-11-14 08:32	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2012-11-14 08:32 . 2012-11-14 08:32	441856	----a-w-	c:\windows\system32\html.iec
2012-11-14 08:32 . 2012-11-14 08:32	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-11-14 08:32 . 2012-11-14 08:32	3966976	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 08:32 . 2012-11-14 08:32	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-11-14 08:32 . 2012-11-14 08:32	361984	----a-w-	c:\windows\SysWow64\html.iec
2012-11-14 08:32 . 2012-11-14 08:32	2882048	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 08:32 . 2012-11-14 08:32	281600	----a-w-	c:\windows\system32\dxtrans.dll
2012-11-14 08:32 . 2012-11-14 08:32	27648	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-14 08:32 . 2012-11-14 08:32	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2012-11-14 08:32 . 2012-11-14 08:32	2670080	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 08:32 . 2012-11-14 08:32	247296	----a-w-	c:\windows\system32\webcheck.dll
2012-11-14 08:32 . 2012-11-14 08:32	235008	----a-w-	c:\windows\system32\url.dll
2012-11-14 08:32 . 2012-11-14 08:32	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-11-14 08:32 . 2012-11-14 08:32	226304	----a-w-	c:\windows\system32\elshyph.dll
2012-11-14 08:32 . 2012-11-14 08:32	2245120	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 08:32 . 2012-11-14 08:32	216576	----a-w-	c:\windows\system32\msls31.dll
2012-11-14 08:32 . 2012-11-14 08:32	197120	----a-w-	c:\windows\system32\msrating.dll
2012-11-14 08:32 . 2012-11-14 08:32	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2012-11-14 08:32 . 2012-11-14 08:32	1772032	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 08:32 . 2012-11-14 08:32	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 08:32 . 2012-11-14 08:32	167424	----a-w-	c:\windows\system32\iexpress.exe
2012-11-14 08:32 . 2012-11-14 08:32	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2012-11-14 08:32 . 2012-11-14 08:32	15418368	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 08:32 . 2012-11-14 08:32	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 08:32 . 2012-11-14 08:32	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-11-14 08:32 . 2012-11-14 08:32	149504	----a-w-	c:\windows\system32\occache.dll
2012-11-14 08:32 . 2012-11-14 08:32	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 08:32 . 2012-11-14 08:32	142848	----a-w-	c:\windows\system32\wextract.exe
2012-11-14 08:32 . 2012-11-14 08:32	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-11-14 08:32 . 2012-11-14 08:32	13824	----a-w-	c:\windows\system32\mshta.exe
2012-11-14 08:32 . 2012-11-14 08:32	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 08:32 . 2012-11-14 08:32	136704	----a-w-	c:\windows\system32\iesysprep.dll
2012-11-14 08:32 . 2012-11-14 08:32	136192	----a-w-	c:\windows\system32\iepeers.dll
2012-11-14 08:32 . 2012-11-14 08:32	136192	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-11-14 08:32 . 2012-11-14 08:32	135680	----a-w-	c:\windows\SysWow64\wextract.exe
2012-11-14 08:32 . 2012-11-14 08:32	1352192	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 08:32 . 2012-11-14 08:32	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2012-11-14 08:32 . 2012-11-14 08:32	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2012-11-14 08:32 . 2012-11-14 08:32	111104	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-11-14 08:32 . 2012-11-14 08:32	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-11-14 08:32 . 2012-11-14 08:32	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2012-11-14 08:32 . 2012-11-14 08:32	102912	----a-w-	c:\windows\system32\inseng.dll
2012-11-14 08:31 . 2012-11-14 08:31	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2012-11-14 08:31 . 2012-11-14 08:31	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-11-14 08:31 . 2012-11-14 08:31	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2012-11-14 08:31 . 2012-11-14 08:31	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2012-11-14 08:31 . 2012-11-14 08:31	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-11-14 08:31 . 2012-11-14 08:31	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2012-11-14 08:31 . 2012-11-14 08:31	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2012-11-14 08:31 . 2012-11-14 08:31	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2012-11-14 08:31 . 2012-11-14 08:31	3928064	----a-w-	c:\windows\system32\d2d1.dll
2012-11-14 08:31 . 2012-11-14 08:31	363008	----a-w-	c:\windows\system32\dxgi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="c:\users\Schüle\Programme\PDF24\pdf24.exe" [2012-10-25 162408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-10-31 587024]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-10-31 82384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-12-19 68440]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-10-31 705552]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 SetClockService;Set Clock Service 2.0;c:\program files (x86)\Aqua Computer\aquasuite\SetClockService.exe [2008-09-19 241152]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-19 68416]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-12-19 261056]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-12-19 1571656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\Schüle\Programme\vmware-authd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-20  21:12:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-20 20:12
.
Vor Suchlauf: 9 Verzeichnis(se), 280.428.814.336 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 282.391.547.904 Bytes frei
.
- - End Of File - - 2313E63DAB66E6955062FF1C7276F8F1
         

Alt 20.12.2012, 21:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2012, 21:37   #14
WeSch
 
Lufthansamail - Standard

Lufthansamail



Hallo Cosinus,
hier die Logdatei:
Werner
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 20/12/2012 um 21:34:49 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Schüle - I7
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16438

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.43] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gefunden [l.46] : keyword = "babylon.com",
Gefunden [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758",

*************************

AdwCleaner[R1].txt - [2661 octets] - [19/12/2012 08:41:49]
AdwCleaner[R2].txt - [958 octets] - [19/12/2012 11:52:58]
AdwCleaner[R3].txt - [1106 octets] - [20/12/2012 21:34:49]
AdwCleaner[S1].txt - [2618 octets] - [19/12/2012 08:44:20]

########## EOF - C:\AdwCleaner[R3].txt - [1226 octets] ##########
         

Alt 20.12.2012, 22:29   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lufthansamail - Standard

Lufthansamail



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Lufthansamail
abgebrochen, anhang, appdata, avast, bitdefender, datei, datum, defender, durchgeführt, festgestellt, gen, gestartet, heute, lufthansa, manager, neu, nicht mehr, runctf.lnk, schutz, starten, startet, system, system neu, systemwiederherstellung, taskmanager, temp, windows, windows 7



Zum Thema Lufthansamail - Hallo, ich habe gestern auch die Lufthansamail bekommen. Ich habe auf den Anhang geklickt und wurde gefragt, ob ich die Datei ausführen möchte. Ich habe dann den Vorgang abgebrochen und - Lufthansamail...
Archiv
Du betrachtest: Lufthansamail auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.