Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.02.2013, 22:07   #1
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Guten Abend

Vor zwei Tagen hat auf meinem Computer Avira Free Antivirus Alarm geschlagen und den folgenden Virus gemeldet:
HTML/ScrInjec.BW.50
gefunden wurde er in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b

Ich verwende Windows 8. Auf meinem Computer ist aber auch noch Windows 7 installiert (auf einer anderen Festplatte). Meine eigenen Dateien sind auch noch auf zwei Partitionen aufgeteilt (Dateien und Videos/Fotos).

Per Google habe ich zu HTML/ScrInjec.BW.50 nichts brauchbares gefunden. Den Virus habe ich danach mit Avira in die Quarantäne verschoben. Danach habe ich ihn noch bei virustotal.com hochgeladen und dann wieder in die Quarantäne versetzt. Bei virustotal haben 4 der 43 Virenscanner angeschlagen. Den Link zum Resultat habe ich leider nicht mehr.

Jetzt bin ich mir sehr unsicher, ob der Computer noch infiziertes ist oder nicht. Deshalb habe ich dann einen Fullscan mit Malwarebytes gemacht. Er hat ein infiziertes Objekt gefunden. Soll ich die Log Datei anhängen?


Desweiteren habe ich wie gefordert den Scan mit OTL durchgeführt, hier die Resultate:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 19.02.2013 21:32:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\** **\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.92 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.11% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 157.47 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.22 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 111.34 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive M: | 1.82 Gb Total Space | 1.79 Gb Free Space | 98.01% Space Free | Partition Type: NTFS
 
Computer Name: **S-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
PRC - [2013.02.13 14:22:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.13 14:21:35 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.13 14:21:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.07 22:30:02 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\** **\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.01 09:26:44 | 002,024,960 | ---- | M] (Michel Krämer) -- C:\Program Files (x86)\Spamihilator\spamihilator.exe
PRC - [2012.12.20 20:31:04 | 000,373,760 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.19 00:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010.08.24 09:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.01 09:26:45 | 000,279,040 | ---- | M] () -- C:\Program Files (x86)\Spamihilator\sqlite3.dll
MOD - [2013.01.01 09:26:45 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Spamihilator\zlib1.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.05.21 18:14:50 | 000,149,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe -- (msvsmon110)
SRV - [2013.02.13 14:22:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.13 14:21:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.09 10:38:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.10.19 00:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.10.08 19:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.06.07 16:24:23 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.01.05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.03.11 20:18:02 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2009.03.11 20:16:38 | 000,656,896 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2012.07.26 14:38:00 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2012.07.24 10:39:42 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 B7 BC A2 60 EA CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\** **\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 10:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 10:38:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.11.11 14:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.ch/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\** **\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\** **\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Session Manager = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: Turn Off the Lights = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: YouTube = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\
CHR - Extension: Download Master = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\2.0.2.0_0\
CHR - Extension: Google Reader = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\** **\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKCU..\Run: [Spotify] C:\Users\** **\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\** **\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\** **\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E636EAB-DEAB-47B8-9E5D-203EA345D793}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE13D9F8-7CC3-4B02-B657-E6D38F5AAB4F}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.19 21:29:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2013.02.19 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\MigWiz
[2013.02.17 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Malwarebytes
[2013.02.17 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.17 18:42:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.17 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Nuance
[2013.02.17 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.16 22:42:20 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Internet Explorer
[2013.02.15 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\** **\Valley
[2013.02.15 15:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2013.02.15 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2013.02.13 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Avira
[2013.02.13 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.13 14:25:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 14:25:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 14:25:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.12 14:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2013.02.12 14:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.02.12 14:33:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013.02.12 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Canon
[2013.02.08 11:13:41 | 045,673,536 | ---- | C] (Information Factory AG) -- C:\Users\** **\ptw12.exe
[2013.02.07 22:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.01.24 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2013.01.24 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013.01.24 21:07:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.01.24 21:07:29 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.01.24 21:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6100 series
[2013.01.24 19:59:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.01.24 19:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013.01.24 19:54:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013.01.24 19:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.24 14:35:15 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Private Tax
[2013.01.24 14:34:16 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Information Factory
[2013.01.24 14:34:16 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\Information Factory
[2013.01.24 14:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Tax
[2013.01.24 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Private Tax 2012
[2013.01.22 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Batch PDF Decrypt
[2013.01.22 22:29:31 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Local\IsolatedStorage
[2013.01.22 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SysTools PDF Unlocker
[4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.19 21:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.19 21:30:41 | 000,000,000 | ---- | M] () -- C:\Users\** **\defogger_reenable
[2013.02.19 21:28:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.02.19 21:28:56 | 2507,448,319 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 21:25:34 | 000,374,784 | ---- | M] () -- C:\Users\** **\Desktop\GMER_2.1.18952.exe
[2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe
[2013.02.19 21:22:42 | 000,050,477 | ---- | M] () -- C:\Users\** **\Desktop\Defogger.exe
[2013.02.19 20:35:00 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001UA.job
[2013.02.19 18:44:48 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.19 18:44:48 | 000,828,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.19 18:44:48 | 000,774,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.19 18:44:48 | 000,188,018 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.19 18:44:48 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.18 22:35:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001Core.job
[2013.02.17 18:42:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 09:42:24 | 000,319,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 15:58:32 | 001,065,984 | ---- | M] () -- C:\Users\** **\AppData\Local\file__0.localstorage
[2013.02.15 15:48:33 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.13 14:25:17 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.08 13:04:25 | 000,089,969 | ---- | M] () -- G:\Eigene Dokumente\tausendfüssler.html
[2013.02.08 11:28:48 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk
[2013.02.08 11:14:15 | 045,673,536 | ---- | M] (Information Factory AG) -- C:\Users\** **\ptw12.exe
[2013.01.29 21:19:56 | 000,004,472 | ---- | M] () -- G:\Eigene Dokumente\testdatabase.odb
[2013.01.29 18:31:37 | 000,002,937 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.html
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif
[2013.01.29 18:31:36 | 000,000,905 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif
[2013.01.29 18:18:36 | 000,030,720 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.pdf
[2013.01.24 17:51:41 | 000,001,058 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.22 22:29:24 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Batch PDF Decrypt.lnk
[4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.19 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\** **\defogger_reenable
[2013.02.19 21:29:37 | 000,374,784 | ---- | C] () -- C:\Users\** **\Desktop\GMER_2.1.18952.exe
[2013.02.19 21:29:37 | 000,050,477 | ---- | C] () -- C:\Users\** **\Desktop\Defogger.exe
[2013.02.17 18:42:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 09:42:21 | 000,319,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 20:29:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.15 15:49:11 | 001,065,984 | ---- | C] () -- C:\Users\** **\AppData\Local\file__0.localstorage
[2013.02.15 15:48:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.13 14:25:17 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.08 13:04:25 | 000,089,969 | ---- | C] () -- G:\Eigene Dokumente\tausendfüssler.html
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif
[2013.01.29 18:31:36 | 000,000,905 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif
[2013.01.29 18:31:35 | 000,002,937 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.html
[2013.01.29 18:18:35 | 000,030,720 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.pdf
[2013.01.29 17:59:11 | 000,004,472 | ---- | C] () -- G:\Eigene Dokumente\testdatabase.odb
[2013.01.24 21:08:26 | 000,013,056 | ---- | C] () -- C:\Windows\SysWow64\CNC174AD.TBL
[2013.01.24 15:39:14 | 000,000,818 | ---- | C] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saison 2013.lnk
[2013.01.24 14:27:35 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk
[2013.01.22 22:29:24 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Batch PDF Decrypt.lnk
[2012.12.22 16:46:13 | 001,882,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.05 16:04:12 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.11.13 17:49:35 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.11 14:06:43 | 000,007,605 | ---- | C] () -- C:\Users\** **\AppData\Local\Resmon.ResmonCfg
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013.01.19 13:42:42 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.05 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Apowersoft
[2013.01.22 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Batch PDF Decrypt
[2013.02.12 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Canon
[2013.02.19 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Dropbox
[2012.12.19 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\e-academy Inc
[2013.01.24 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Information Factory
[2013.01.13 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\LyX2.0
[2012.11.20 21:38:42 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Notepad++
[2013.02.17 16:11:21 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Nuance
[2012.11.11 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\OpenOffice.org
[2013.01.19 12:11:30 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Origin
[2013.02.19 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Spamihilator
[2013.02.19 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Spotify
[2012.12.03 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Steganos
[2012.12.21 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Stellarium
[2012.11.17 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\TeamViewer
[2012.11.11 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 19.02.2013 21:32:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\** **\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.92 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.11% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 157.47 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.22 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 111.34 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive M: | 1.82 Gb Total Space | 1.79 Gb Free Space | 98.01% Space Free | Partition Type: NTFS
 
Computer Name: **S-PC | User Name: ** ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0156CC-1BD5-4338-8F5C-C469531C072E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0EF64744-4ECA-401B-B42A-20D951EDFE60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1CFC6199-04DC-4E26-BFD5-F9A451454C35}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1FFCFFFA-B51B-4E47-9143-310E543479B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21AF5A53-AED0-4465-995A-E85BF2CEEF49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E730B60-5FA6-4C84-9435-AD59CC1905EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3415F9CA-F65A-4BF8-8B44-A1C6F0CD78C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{386F563D-83A2-4CEE-8E16-848222850A73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DEC5D15-A115-4008-B985-0440CA21843F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4A75EC33-9AAC-4EAE-B7E1-E96F2F30D9EE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5555CAC0-C4A8-4DB0-A0E3-67354B86B1F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79A1A42E-24A4-43EC-9E72-FC627758E1AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{88BAE950-47A4-499C-9171-5C55044665C0}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | 
"{8B42C9CD-8B93-4D84-AE02-1B6E30924D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90152997-E307-43FF-BB7C-FDD4430138AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{970FB209-4424-4484-8CB0-BE5C8950F8E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A34B0D0C-5D39-4899-B33E-42B9CFC665CD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C370217D-7437-453A-9812-8ACC2FA91CC6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB7633F0-BCF9-49E4-A831-152DF9F80AF4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F6383789-04EB-41E1-A1FA-FCC5F0D26CC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F750C3F1-ACCF-4184-9AE8-CCC75B30C080}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFB8DC12-2194-4F4E-A4AC-6DC77A451390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0400CD16-0A01-408D-B0AA-12C7C1A0CCBA}" = dir=out | name=search.ch | 
"{06F404EB-463A-4A33-AB1D-DCE2FD53BDE6}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{0A99520E-DA62-4515-BA1B-B43ED06DC302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F656C5A-7536-479C-9A6E-61F03C17579B}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{14256438-6A95-4382-B3CF-AF2273C11C98}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{165147DB-B144-4EBE-BA4B-DCC746632824}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{168A0286-B960-4CE8-AC60-5BA19DD6ACB7}" = dir=out | name=onenote | 
"{16D13CFD-DFFC-4C5B-8E5A-6EAC118E33AE}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{17E14C19-F914-4DE2-9393-E3A586C36341}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1DD746C2-7DCA-40AD-ADCC-F81AE3CA643E}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{2088B70E-3BDA-4D43-816C-5607B36A9C51}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe | 
"{28ECFE5F-687C-4591-B47D-6AD1D53BD583}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{2A888A1D-A5D0-4C97-AF38-C233AC1D6884}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2BF66853-9ED6-40BE-A564-5F9CE0700420}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe | 
"{2D26DAF6-9A8A-4CDB-B018-FF56D8DD98F0}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{2E1CC82F-E270-4DD3-8C92-0A7BA64367CA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3056B10A-76B4-4AC4-91BE-B5AD3CBF293A}" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\dropbox\bin\dropbox.exe | 
"{30E6473C-1B7D-48F2-9CA7-E91D1FEAEB5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{314BB11D-8144-4CB6-9D4C-D33877D72EAA}" = dir=out | name=@{pons.wrterbuch_1.4.0.39_neutral__sj9sp7dbkxx8m?ms-resource://pons.wrterbuch/resources/display_name} | 
"{320DC909-24AA-4551-A3D5-E8EC55B78374}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"{35CEA768-DE42-48E3-BA87-247CC0B31BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{387E2009-B01D-4452-B935-C7D289C277A3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{3C5240AD-5811-410C-B1A6-2AA9415E994B}" = dir=out | name=lightning timer | 
"{3FF31916-DAC9-4888-86D7-E9E4DE8CB359}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{446B51CA-7D4E-4A0A-A46B-60CB1FD84DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{44C5BCD1-B306-45FA-A961-69FBF4E185B8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{48F9BDBF-5FC1-4D8C-9B04-7C1E4F7E0E71}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{49808C1C-1829-4E4E-9A62-4CA5C1F6D6F7}" = dir=in | name=onenote | 
"{49CD620D-C63F-4038-B5AF-771AA94F78B8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{4E6BC844-3A54-4A78-AE69-309588223886}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{517E1212-2CF4-47A2-A83C-5160AD6D871A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{5875A9A6-7EC0-4B5C-A18F-BDD7E9BEBD73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F4CC1A3-D854-4250-B919-A952256EDAB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5FA00D3E-1CDF-4E06-ABFA-A2E5AFA49612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{634247FB-1EC8-48E5-B0B6-33327573F68A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{659B81FA-3A44-4FD3-ABFF-0598D8F36E27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65AAA41C-097A-418B-8A69-6534837FA1AD}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{6D83B832-1F0F-4C71-9279-A974EBCAC090}" = dir=out | name=tagi-news | 
"{6FE701B5-A4B4-450C-BDAE-C897CE641593}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe | 
"{7189BFF9-F7AE-4333-A629-64536842024F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D6A703E-A22A-432C-B20F-381C615419CC}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{7DDC3E75-AFFF-4CBE-806A-0164FA589AE4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{7FB905C2-5F4C-46BD-8029-7A3609D79027}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{81F52B9D-1BEB-4042-BFCF-88BD6A7F4095}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8824C4B1-5428-4E01-91E9-BF81C754A718}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8B5F35D9-608F-4E7A-9430-CDDDC58B8AAA}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{8C0377A9-66D9-4A42-92D1-F7AB5050E569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E0D2484-391F-4A89-B6E2-0875E5758334}" = dir=out | name=canon inkjet print utility | 
"{92F75B6D-62FF-4324-A93C-6CE3FA7587D9}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe | 
"{9D14D3DF-C15A-4464-9849-6BC8280442D0}" = dir=out | name=wikipedia | 
"{A36B9A79-6E03-45DD-9427-2501A81DF464}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{AB0F63B6-8F3C-4EE8-B83F-F0B867BF56DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{AFDEC594-1189-4BA6-8E06-BAE4CB1B0A49}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{B08F5149-5703-44E8-ADD3-A827CD5109BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B3012288-6DD3-4461-A5E2-6FA2D8ED4123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B47B43B6-7A04-4B31-B0BF-3F4EEFC215A8}" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C4DC9694-3E66-4BB4-9346-B74712554E66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CBC25E8D-8CD4-436E-A092-E7A2C0D16297}" = protocol=6 | dir=out | app=system | 
"{CBD8AB40-B882-4569-9380-32288A1EBA70}" = dir=out | name=zattoo live tv | 
"{CF6655A1-A111-459D-A416-DAB5161D39BB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{DBA526E9-8CFA-4BB8-BB40-1AC639239BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD9569C1-84CA-403F-AD90-523303C4B042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E02041B5-E708-480A-9F78-087623E07D99}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{E32543DF-DB41-4373-B396-FEBE391D0388}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EFA5CAB9-F92B-4762-8460-DD2E57AFF7FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F4B50D65-9E75-471D-9BC6-27352A3B1C29}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"{FA78BCFA-AD28-4BCE-873E-16408A168043}" = dir=out | name=swiss phone book | 
"{FD62C578-04BE-45C9-8FD7-DCC9D1F4F15F}" = dir=out | name=cut the rope | 
"{FF51A4FD-51A6-4A9E-8993-902212BEE34B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFC0BEF7-CB3C-4995-83FD-556C27828141}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"TCP Query User{0B02FC0E-D50F-4D2B-84F0-7D107CF8147B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1D4FBF0C-19D2-4678-AFF3-1668D38656CE}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{294DCE27-7DE2-4077-93F5-55C96F53C455}D:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{323CC57D-7D93-45C6-880E-503C60E5D4BC}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"TCP Query User{51A64849-E672-4A7A-8B54-9F57AADE27CB}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C766B9F0-754D-48E3-950F-885ECB377E87}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
"UDP Query User{14339A0C-C842-4264-A19F-656479B72EFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{1452CF19-620F-4C7C-B532-457371C4EB47}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{33B95583-DBCD-4CD4-B3EC-1ED7A7568654}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"UDP Query User{404C5273-7161-4575-B48C-A336697E4E84}D:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{82E71039-E722-430E-AF4A-0191F7EB5FA5}C:\users\** **\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\** **\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{DD548ADC-FDCC-4C0A-A9FE-F9217A8D17C9}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}" = PlayReady PC Runtime amd64
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64)
"{4DD6FB52-0704-4B46-B74E-8010084F33FC}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client 
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU 
"{988D34CA-25EC-3FDD-95E9-04EE09BC2C85}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A0D450C6-07C4-40C7-8D2B-840565E91987}" = Spamihilator 1.5.0 (64-Bit)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AB980FC0-2070-43DC-A985-2B1F8F7852F1}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC- DEU
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities 
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BF58CE95-2DDC-3EE3-A538-71A7646B0EBE}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{ED1EBD88-D341-321A-BB22-52D7E703E316}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB 
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Stellarium_is1" = Stellarium 0.11.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{094D6E27-97CC-447E-8660-56F75CFC1E00}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" =  Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{247a1070-c6e4-426b-af1d-5c7942d3ee06}" = Remotetools für Visual Studio 2012 RC
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}" = Spamihilator 1.5.0 (32-Bit)
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2ED1FE3E-B0C5-3990-A966-3B3999F63B38}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66efbe1c-fcf5-4623-93f6-1ae2445aff93}" = Microsoft Visual Studio Professional 2012
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT 
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A79E320-5BCA-4A0F-A83B-D2D9783C7D53}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E8AC67A8-BC7D-4541-A13E-88F6DD2AB3DB}" = Microsoft Visual Studio 2012-Vorbereitung
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"6753-7911-9438-6061" = Private Tax 2012 2.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"FreePDF_XP" = FreePDF (Remove only)
"LyX2051" = LyX 2.0.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Star Trek Online" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.02.2013 09:38:11 | Computer Name = **s-PC | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.9.136.9 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 944    Startzeit: 
01ce092596f71553    Endzeit: 6    Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Berichts-ID:
 6f650958-7519-11e2-be79-50e5494291c5    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 12.02.2013 09:41:21 | Computer Name = **s-PC | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.9.136.9 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 99c    Startzeit: 
01ce0926362b3117    Endzeit: 4    Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Berichts-ID:
 dff4cde0-7519-11e2-be79-50e5494291c5    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 12.02.2013 11:51:58 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
 Zeitstempel: 0x5028bfc0  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108b02  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00010137  ID des fehlerhaften
 Prozesses: 0xbc4  Startzeit der fehlerhaften Anwendung: 0x01ce092ba5db1112  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\RPCRT4.dll  Berichtskennung: 21c2e626-752c-11e2-be79-50e5494291c5
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 14.02.2013 04:36:28 | Computer Name = **s-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ wurde nicht innerhalb
 der vorgesehenen Zeit gestartet.
 
Error - 15.02.2013 08:27:39 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
 Zeitstempel: 0x5028bfc0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004f44d  ID des fehlerhaften
 Prozesses: 0xd0c  Startzeit der fehlerhaften Anwendung: 0x01ce0b5b40d12560  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 15831ca8-776b-11e2-be79-50e5494291c5
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 17.02.2013 05:04:14 | Computer Name = **s-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 17.02.2013 08:56:12 | Computer Name = **s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$ROFOSPA.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.02.2013 08:56:13 | Computer Name = **s-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$RR4UA00.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 17.02.2013 08:56:13 | Computer Name = **s-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1418571125-3010777540-2957968792-1001\$RO4ZCDP.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 17.02.2013 11:11:27 | Computer Name = **s-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: natspeak.exe, Version: 11.50.100.39,
 Zeitstempel: 0x4dea2dff  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871,
 Zeitstempel: 0x4fee6073  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005beae  ID des fehlerhaften
 Prozesses: 0xfd8  Startzeit der fehlerhaften Anwendung: 0x01ce0d2109fc584b  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Nuance\NaturallySpeaking11\Program\natspeak.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll
Berichtskennung:
 4c70e97d-7914-11e2-be7b-50e5494291c5  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
 101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
 
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return 
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 19.02.2013 11:24:44 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 959 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 19.02.2013 11:41:52 | Computer Name = **s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 19.02.2013 11:42:43 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 19.02.2013 16:28:16 | Computer Name = **s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 19.02.2013 16:29:15 | Computer Name = **s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ System Events ]
Error - 12.02.2013 10:10:56 | Computer Name = **s-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "G:" wurde eine Beschädigung
 erkannt.    Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
 Die Dateireferenznummer ist 0x200000000898c. Der Name der Datei ist "\.Trash-999".

 
Error - 12.02.2013 10:10:56 | Computer Name = **s-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "G:" wurde eine Beschädigung
 erkannt.    Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
 Die Dateireferenznummer ist 0x200000000898e. Der Name der Datei ist "\.Trash-999\files".

 
Error - 13.02.2013 16:56:29 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 40.
 
Error - 13.02.2013 16:56:30 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 40.
 
Error - 13.02.2013 16:56:33 | Computer Name = **s-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 40.
 
Error - 15.02.2013 13:54:19 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 17.02.2013 04:42:29 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 19.02.2013 03:54:27 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 19.02.2013 11:42:36 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 19.02.2013 16:29:04 | Computer Name = **s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >
         
und danach auch noch den Scan mit GMER. Dort habe ich allerdings rechts nur C:\, also die Systemplatte von Windows 8 angekreuzt. Bei Avira habe ich den Echtzeitscanner deaktiviert, vollständig ausschalten habe ich nicht hinbekommen (Ich habe es über den Taskmanager probiert, aber es hat nicht geklappt.) Ich habe das anonymisierte Resultat als Datei angehängt, weil der Beitrag sonst zu lange ist.


Mit freundlichen Grüssen

Edit: Ich habe die Datei auch noch an Avira eingesendet, das Resultat ist hier zu finden:
https://analysis.avira.com/en/status?uniqueid=NY1XbWJ7I14gdD1QbJ9dxF8GtCKfC2OW&incidentid=1373002

Geändert von pst (19.02.2013 um 22:38 Uhr)

Alt 21.02.2013, 21:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo und

Zitat:
Er hat ein infiziertes Objekt gefunden. Soll ich die Log Datei anhängen?
Ja die Logs bitte immer vollständig alle posten

Bitte auch MBAR ausführen:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 22.02.2013, 15:17   #3
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo Cosinus

Vielen Dank, dass du dich meines Falls annimmst.
Die angesprochene Log-Datei von Malwarebytes habe ich im Anhang angehängt.

Danach habe ich wie empfohlen das Malwarebytes Anti-Rootkit heruntergeladen und die mbar.exe gestartet. Dann erscheint aber eine Fehlermeldung, welche ich im Anhang angefügt habe. Muss ich Ja oder Nein drücken?

Eine andere Frage: Ich verwende Dropbox, um meine wichtigen Daten zwischen meinem Computer und Laptop aktuall zu halten, könnte sich die Malware über diese auch auf meinen Laptop ausgebreitet haben?

Mit freundlichen Grüssen
__________________
Angehängte Grafiken
Dateityp: png Fehlermeldung.PNG (11,7 KB, 286x aufgerufen)

Alt 22.02.2013, 21:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Die Logs bitte immer in CODE-Tags posten

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.02.2013, 22:28   #5
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Gutenabend Cosinus

Entschuldige bitte, dass ich die Logs nicht in CODE Tags gepackt hatte, ich hatte es vergessen.

aswMBR stürzte leider während dem Scan ab (der Scan Button konnte ich drücken, danach kam aber die Fehlermeldung, welche unten im Bild zu sehen ist). Ich habe den Test noch 3 mal wiederholt, aber er blieb immer wieder hängen.

TDSSKiller funktioniert wie erhofft, hier die Log-Datei:
Code:
ATTFilter
22:11:59.0598 4320  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:11:59.0833 4320  ============================================================
22:11:59.0833 4320  Current date / time: 2013/02/22 22:11:59.0833
22:11:59.0833 4320  SystemInfo:
22:11:59.0833 4320  
22:11:59.0833 4320  OS Version: 6.2.9200 ServicePack: 0.0
22:11:59.0833 4320  Product type: Workstation
22:11:59.0833 4320  ComputerName: ***-PC
22:11:59.0833 4320  UserName: *** ***
22:11:59.0833 4320  Windows directory: C:\Windows
22:11:59.0833 4320  System windows directory: C:\Windows
22:11:59.0833 4320  Running under WOW64
22:11:59.0833 4320  Processor architecture: Intel x64
22:11:59.0833 4320  Number of processors: 4
22:11:59.0833 4320  Page size: 0x1000
22:11:59.0833 4320  Boot type: Normal boot
22:11:59.0833 4320  ============================================================
22:12:00.0052 4320  Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:12:00.0067 4320  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:12:00.0067 4320  Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:12:00.0098 4320  ============================================================
22:12:00.0098 4320  \Device\Harddisk2\DR2:
22:12:00.0098 4320  MBR partitions:
22:12:00.0098 4320  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:12:00.0098 4320  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23FFA000
22:12:00.0098 4320  \Device\Harddisk0\DR0:
22:12:00.0098 4320  MBR partitions:
22:12:00.0098 4320  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEA60000
22:12:00.0098 4320  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60800, BlocksNum 0xE764800
22:12:00.0098 4320  \Device\Harddisk1\DR1:
22:12:00.0098 4320  MBR partitions:
22:12:00.0098 4320  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1C942800
22:12:00.0098 4320  ============================================================
22:12:00.0114 4320  C: <-> \Device\Harddisk1\DR1\Partition1
22:12:00.0114 4320  D: <-> \Device\Harddisk0\DR0\Partition1
22:12:00.0161 4320  F: <-> \Device\Harddisk2\DR2\Partition2
22:12:00.0255 4320  G: <-> \Device\Harddisk0\DR0\Partition2
22:12:00.0255 4320  ============================================================
22:12:00.0255 4320  Initialize success
22:12:00.0255 4320  ============================================================
22:13:52.0979 0556  ============================================================
22:13:52.0979 0556  Scan started
22:13:52.0979 0556  Mode: Manual; SigCheck; TDLFS; 
22:13:52.0979 0556  ============================================================
22:13:53.0167 0556  ================ Scan system memory ========================
22:13:53.0167 0556  System memory - ok
22:13:53.0167 0556  ================ Scan services =============================
22:13:53.0198 0556  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
22:13:53.0229 0556  1394ohci - ok
22:13:53.0229 0556  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
22:13:53.0229 0556  3ware - ok
22:13:53.0245 0556  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:13:53.0260 0556  ACPI - ok
22:13:53.0260 0556  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
22:13:53.0260 0556  acpiex - ok
22:13:53.0260 0556  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
22:13:53.0276 0556  acpipagr - ok
22:13:53.0276 0556  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
22:13:53.0276 0556  AcpiPmi - ok
22:13:53.0276 0556  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
22:13:53.0292 0556  acpitime - ok
22:13:53.0292 0556  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
22:13:53.0307 0556  acsock - ok
22:13:53.0307 0556  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:13:53.0323 0556  adp94xx - ok
22:13:53.0323 0556  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:13:53.0339 0556  adpahci - ok
22:13:53.0339 0556  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:13:53.0354 0556  adpu320 - ok
22:13:53.0354 0556  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:13:53.0370 0556  AeLookupSvc - ok
22:13:53.0370 0556  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
22:13:53.0385 0556  AFD - ok
22:13:53.0385 0556  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:13:53.0401 0556  agp440 - ok
22:13:53.0401 0556  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
22:13:53.0417 0556  ALG - ok
22:13:53.0417 0556  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
22:13:53.0417 0556  AllUserInstallAgent - ok
22:13:53.0417 0556  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
22:13:53.0432 0556  AmdK8 - ok
22:13:53.0432 0556  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
22:13:53.0432 0556  AmdPPM - ok
22:13:53.0448 0556  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:13:53.0448 0556  amdsata - ok
22:13:53.0448 0556  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:13:53.0464 0556  amdsbs - ok
22:13:53.0464 0556  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:13:53.0479 0556  amdxata - ok
22:13:53.0479 0556  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:13:53.0479 0556  AntiVirSchedulerService - ok
22:13:53.0479 0556  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:13:53.0495 0556  AntiVirService - ok
22:13:53.0495 0556  [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
22:13:53.0495 0556  Apowersoft_AudioDevice - ok
22:13:53.0495 0556  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
22:13:53.0510 0556  AppID - ok
22:13:53.0510 0556  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:13:53.0526 0556  AppIDSvc - ok
22:13:53.0526 0556  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
22:13:53.0526 0556  Appinfo - ok
22:13:53.0542 0556  [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:13:53.0542 0556  AppMgmt - ok
22:13:53.0542 0556  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
22:13:53.0557 0556  arc - ok
22:13:53.0557 0556  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:13:53.0573 0556  arcsas - ok
22:13:53.0573 0556  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:13:53.0589 0556  aspnet_state - ok
22:13:53.0589 0556  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:13:53.0589 0556  AsyncMac - ok
22:13:53.0589 0556  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:13:53.0604 0556  atapi - ok
22:13:53.0620 0556  [ 36322190763845975E0D001E90687BF2 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
22:13:53.0651 0556  athur - ok
22:13:53.0651 0556  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:13:53.0651 0556  AudioEndpointBuilder - ok
22:13:53.0667 0556  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:13:53.0682 0556  Audiosrv - ok
22:13:53.0682 0556  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:13:53.0698 0556  avgntflt - ok
22:13:53.0698 0556  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:13:53.0698 0556  avipbb - ok
22:13:53.0698 0556  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:13:53.0714 0556  avkmgr - ok
22:13:53.0714 0556  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:13:53.0714 0556  AxInstSV - ok
22:13:53.0729 0556  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:13:53.0745 0556  b06bdrv - ok
22:13:53.0745 0556  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
22:13:53.0745 0556  BasicDisplay - ok
22:13:53.0760 0556  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
22:13:53.0760 0556  BasicRender - ok
22:13:53.0760 0556  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:13:53.0776 0556  BDESVC - ok
22:13:53.0776 0556  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:13:53.0776 0556  Beep - ok
22:13:53.0792 0556  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
22:13:53.0807 0556  BFE - ok
22:13:53.0823 0556  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
22:13:53.0839 0556  BITS - ok
22:13:53.0839 0556  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:13:53.0839 0556  bowser - ok
22:13:53.0854 0556  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:13:53.0854 0556  BrokerInfrastructure - ok
22:13:53.0854 0556  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
22:13:53.0870 0556  Browser - ok
22:13:53.0870 0556  [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
22:13:53.0870 0556  BthAvrcpTg - ok
22:13:53.0885 0556  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
22:13:53.0901 0556  BthHFEnum - ok
22:13:53.0901 0556  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
22:13:53.0901 0556  bthhfhid - ok
22:13:53.0901 0556  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
22:13:53.0917 0556  BTHMODEM - ok
22:13:53.0917 0556  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
22:13:53.0932 0556  bthserv - ok
22:13:53.0948 0556  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:13:53.0948 0556  cdfs - ok
22:13:53.0964 0556  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
22:13:53.0964 0556  cdrom - ok
22:13:53.0964 0556  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:13:53.0979 0556  CertPropSvc - ok
22:13:53.0979 0556  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
22:13:53.0995 0556  circlass - ok
22:13:54.0010 0556  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
22:13:54.0010 0556  CLFS - ok
22:13:54.0026 0556  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
22:13:54.0026 0556  CmBatt - ok
22:13:54.0042 0556  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:13:54.0057 0556  CNG - ok
22:13:54.0057 0556  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
22:13:54.0073 0556  CompositeBus - ok
22:13:54.0073 0556  COMSysApp - ok
22:13:54.0073 0556  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
22:13:54.0073 0556  condrv - ok
22:13:54.0104 0556  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:13:54.0104 0556  cphs - ok
22:13:54.0104 0556  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:13:54.0167 0556  CryptSvc - ok
22:13:54.0167 0556  [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC             C:\Windows\system32\drivers\csc.sys
22:13:54.0182 0556  CSC - ok
22:13:54.0198 0556  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService      C:\Windows\System32\cscsvc.dll
22:13:54.0214 0556  CscService - ok
22:13:54.0214 0556  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
22:13:54.0214 0556  dam - ok
22:13:54.0229 0556  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:13:54.0245 0556  DcomLaunch - ok
22:13:54.0245 0556  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:13:54.0276 0556  defragsvc - ok
22:13:54.0276 0556  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
22:13:54.0292 0556  DeviceAssociationService - ok
22:13:54.0307 0556  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
22:13:54.0307 0556  DeviceInstall - ok
22:13:54.0307 0556  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
22:13:54.0323 0556  Dfsc - ok
22:13:54.0323 0556  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:13:54.0339 0556  Dhcp - ok
22:13:54.0339 0556  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
22:13:54.0354 0556  discache - ok
22:13:54.0354 0556  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
22:13:54.0354 0556  disk - ok
22:13:54.0354 0556  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
22:13:54.0370 0556  dmvsc - ok
22:13:54.0370 0556  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:13:54.0385 0556  Dnscache - ok
22:13:54.0385 0556  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
22:13:54.0401 0556  dot3svc - ok
22:13:54.0401 0556  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
22:13:54.0417 0556  DPS - ok
22:13:54.0417 0556  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:13:54.0417 0556  drmkaud - ok
22:13:54.0432 0556  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
22:13:54.0432 0556  DsmSvc - ok
22:13:54.0448 0556  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:13:54.0479 0556  DXGKrnl - ok
22:13:54.0479 0556  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
22:13:54.0495 0556  Eaphost - ok
22:13:54.0526 0556  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:13:54.0589 0556  ebdrv - ok
22:13:54.0589 0556  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
22:13:54.0604 0556  EFS - ok
22:13:54.0604 0556  [ 4B84E647C934EDFF7F28C4B91A5C0864 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:13:54.0620 0556  ehRecvr - ok
22:13:54.0620 0556  [ 72781EC7A97E44B9651550D7A83D1B96 ] ehSched         C:\Windows\ehome\ehsched.exe
22:13:54.0635 0556  ehSched - ok
22:13:54.0635 0556  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
22:13:54.0635 0556  EhStorClass - ok
22:13:54.0651 0556  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:13:54.0651 0556  EhStorTcgDrv - ok
22:13:54.0651 0556  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
22:13:54.0667 0556  ErrDev - ok
22:13:54.0667 0556  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
22:13:54.0682 0556  EventSystem - ok
22:13:54.0682 0556  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:13:54.0698 0556  exfat - ok
22:13:54.0698 0556  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:13:54.0714 0556  fastfat - ok
22:13:54.0714 0556  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
22:13:54.0729 0556  Fax - ok
22:13:54.0745 0556  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
22:13:54.0745 0556  fdc - ok
22:13:54.0745 0556  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:13:54.0760 0556  fdPHost - ok
22:13:54.0760 0556  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
22:13:54.0776 0556  FDResPub - ok
22:13:54.0776 0556  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
22:13:54.0776 0556  fhsvc - ok
22:13:54.0776 0556  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:13:54.0792 0556  FileInfo - ok
22:13:54.0792 0556  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:13:54.0807 0556  Filetrace - ok
22:13:54.0807 0556  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
22:13:54.0807 0556  flpydisk - ok
22:13:54.0823 0556  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:13:54.0823 0556  FltMgr - ok
22:13:54.0839 0556  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
22:13:54.0870 0556  FontCache - ok
22:13:54.0870 0556  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:13:54.0870 0556  FontCache3.0.0.0 - ok
22:13:54.0885 0556  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:13:54.0885 0556  FsDepends - ok
22:13:54.0885 0556  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:13:54.0901 0556  Fs_Rec - ok
22:13:54.0901 0556  [ 895BA1CFF25E867CE5A52073E905C93B ] fussvc          C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe
22:13:54.0901 0556  fussvc ( UnsignedFile.Multi.Generic ) - warning
22:13:54.0901 0556  fussvc - detected UnsignedFile.Multi.Generic (1)
22:13:54.0917 0556  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:13:54.0917 0556  fvevol - ok
22:13:54.0932 0556  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
22:13:54.0932 0556  FxPPM - ok
22:13:54.0932 0556  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:13:54.0948 0556  gagp30kx - ok
22:13:54.0948 0556  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
22:13:54.0948 0556  gencounter - ok
22:13:54.0948 0556  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
22:13:54.0964 0556  GPIOClx0101 - ok
22:13:54.0979 0556  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:13:54.0995 0556  gpsvc - ok
22:13:55.0011 0556  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:13:55.0011 0556  gusvc - ok
22:13:55.0026 0556  [ CF990269828B4602718813F9F72B85E0 ] hcw95bda        C:\Windows\System32\Drivers\hcw95bda.sys
22:13:55.0026 0556  hcw95bda - ok
22:13:55.0026 0556  [ DE702FE348F7076788084D40D7BA9C27 ] hcw95rc         C:\Windows\system32\DRIVERS\hcw95rc.sys
22:13:55.0042 0556  hcw95rc - ok
22:13:55.0042 0556  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:13:55.0057 0556  HdAudAddService - ok
22:13:55.0057 0556  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
22:13:55.0057 0556  HDAudBus - ok
22:13:55.0073 0556  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
22:13:55.0073 0556  HidBatt - ok
22:13:55.0073 0556  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
22:13:55.0089 0556  HidBth - ok
22:13:55.0089 0556  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
22:13:55.0104 0556  hidi2c - ok
22:13:55.0104 0556  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
22:13:55.0120 0556  HidIr - ok
22:13:55.0120 0556  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
22:13:55.0120 0556  hidserv - ok
22:13:55.0120 0556  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
22:13:55.0136 0556  HidUsb - ok
22:13:55.0136 0556  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:13:55.0151 0556  hkmsvc - ok
22:13:55.0151 0556  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:13:55.0167 0556  HomeGroupListener - ok
22:13:55.0167 0556  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:13:55.0182 0556  HomeGroupProvider - ok
22:13:55.0182 0556  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:13:55.0182 0556  HpSAMD - ok
22:13:55.0198 0556  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:13:55.0214 0556  HTTP - ok
22:13:55.0214 0556  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:13:55.0229 0556  hwpolicy - ok
22:13:55.0229 0556  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
22:13:55.0229 0556  hyperkbd - ok
22:13:55.0229 0556  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
22:13:55.0245 0556  HyperVideo - ok
22:13:55.0245 0556  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
22:13:55.0245 0556  i8042prt - ok
22:13:55.0261 0556  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:13:55.0261 0556  iaStorV - ok
22:13:55.0307 0556  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:13:55.0386 0556  igfx - ok
22:13:55.0386 0556  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:13:55.0386 0556  iirsp - ok
22:13:55.0401 0556  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:13:55.0417 0556  IKEEXT - ok
22:13:55.0417 0556  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:13:55.0432 0556  intelide - ok
22:13:55.0432 0556  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
22:13:55.0432 0556  intelppm - ok
22:13:55.0448 0556  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:13:55.0448 0556  IpFilterDriver - ok
22:13:55.0464 0556  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:13:55.0479 0556  iphlpsvc - ok
22:13:55.0479 0556  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
22:13:55.0495 0556  IPMIDRV - ok
22:13:55.0495 0556  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:13:55.0495 0556  IPNAT - ok
22:13:55.0511 0556  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:13:55.0511 0556  IRENUM - ok
22:13:55.0511 0556  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:13:55.0526 0556  isapnp - ok
22:13:55.0526 0556  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
22:13:55.0542 0556  iScsiPrt - ok
22:13:55.0542 0556  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
22:13:55.0542 0556  kbdclass - ok
22:13:55.0542 0556  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
22:13:55.0557 0556  kbdhid - ok
22:13:55.0557 0556  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
22:13:55.0557 0556  kdnic - ok
22:13:55.0557 0556  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
22:13:55.0573 0556  KeyIso - ok
22:13:55.0573 0556  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:13:55.0573 0556  KSecDD - ok
22:13:55.0589 0556  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:13:55.0589 0556  KSecPkg - ok
22:13:55.0589 0556  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:13:55.0604 0556  ksthunk - ok
22:13:55.0604 0556  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:13:55.0620 0556  KtmRm - ok
22:13:55.0620 0556  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:13:55.0636 0556  LanmanServer - ok
22:13:55.0636 0556  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:13:55.0651 0556  LanmanWorkstation - ok
22:13:55.0651 0556  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:13:55.0651 0556  lltdio - ok
22:13:55.0667 0556  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:13:55.0682 0556  lltdsvc - ok
22:13:55.0682 0556  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:13:55.0682 0556  lmhosts - ok
22:13:55.0682 0556  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:13:55.0698 0556  LSI_SAS - ok
22:13:55.0698 0556  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:13:55.0714 0556  LSI_SAS2 - ok
22:13:55.0714 0556  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:13:55.0729 0556  LSI_SCSI - ok
22:13:55.0729 0556  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
22:13:55.0729 0556  LSI_SSS - ok
22:13:55.0745 0556  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
22:13:55.0745 0556  LSM - ok
22:13:55.0761 0556  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:13:55.0761 0556  luafv - ok
22:13:55.0761 0556  [ 4448CCEA974F0B15A00EA33FCEDFC062 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:13:55.0776 0556  Mcx2Svc - ok
22:13:55.0776 0556  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
22:13:55.0792 0556  megasas - ok
22:13:55.0792 0556  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:13:55.0807 0556  MegaSR - ok
22:13:55.0807 0556  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
22:13:55.0807 0556  MEIx64 - ok
22:13:55.0807 0556  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
22:13:55.0823 0556  MMCSS - ok
22:13:55.0823 0556  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
22:13:55.0823 0556  Modem - ok
22:13:55.0839 0556  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:13:55.0839 0556  monitor - ok
22:13:55.0839 0556  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
22:13:55.0839 0556  mouclass - ok
22:13:55.0854 0556  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
22:13:55.0854 0556  mouhid - ok
22:13:55.0854 0556  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:13:55.0870 0556  mountmgr - ok
22:13:55.0870 0556  [ ECE7906E074FA5AAC14AF711F65AC979 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:13:55.0870 0556  MozillaMaintenance - ok
22:13:55.0870 0556  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:13:55.0886 0556  mpsdrv - ok
22:13:55.0901 0556  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:13:55.0917 0556  MpsSvc - ok
22:13:55.0917 0556  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:13:55.0932 0556  MRxDAV - ok
22:13:55.0932 0556  [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:13:55.0948 0556  mrxsmb - ok
22:13:55.0948 0556  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:13:55.0948 0556  mrxsmb10 - ok
22:13:55.0964 0556  [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:13:55.0964 0556  mrxsmb20 - ok
22:13:55.0964 0556  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
22:13:55.0979 0556  MsBridge - ok
22:13:55.0979 0556  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
22:13:55.0995 0556  MSDTC - ok
22:13:55.0995 0556  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:13:56.0011 0556  Msfs - ok
22:13:56.0011 0556  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
22:13:56.0011 0556  msgpiowin32 - ok
22:13:56.0011 0556  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:13:56.0026 0556  mshidkmdf - ok
22:13:56.0026 0556  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
22:13:56.0026 0556  mshidumdf - ok
22:13:56.0026 0556  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:13:56.0042 0556  msisadrv - ok
22:13:56.0042 0556  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:13:56.0042 0556  MSiSCSI - ok
22:13:56.0057 0556  msiserver - ok
22:13:56.0057 0556  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:13:56.0057 0556  MSKSSRV - ok
22:13:56.0057 0556  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
22:13:56.0073 0556  MsLldp - ok
22:13:56.0073 0556  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:13:56.0073 0556  MSPCLOCK - ok
22:13:56.0073 0556  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:13:56.0089 0556  MSPQM - ok
22:13:56.0089 0556  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:13:56.0104 0556  MsRPC - ok
22:13:56.0104 0556  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
22:13:56.0120 0556  mssmbios - ok
22:13:56.0120 0556  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:13:56.0120 0556  MSTEE - ok
22:13:56.0120 0556  [ 10BCBE20D06E718A32888DEEF36D5867 ] msvsmon110      C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe
22:13:56.0136 0556  msvsmon110 - ok
22:13:56.0136 0556  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
22:13:56.0151 0556  MTConfig - ok
22:13:56.0151 0556  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:13:56.0151 0556  Mup - ok
22:13:56.0151 0556  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
22:13:56.0167 0556  mvumis - ok
22:13:56.0167 0556  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
22:13:56.0182 0556  napagent - ok
22:13:56.0182 0556  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:13:56.0198 0556  NativeWifiP - ok
22:13:56.0198 0556  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
22:13:56.0214 0556  NcaSvc - ok
22:13:56.0214 0556  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
22:13:56.0229 0556  NcdAutoSetup - ok
22:13:56.0229 0556  [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:13:56.0261 0556  NDIS - ok
22:13:56.0261 0556  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:13:56.0276 0556  NdisCap - ok
22:13:56.0276 0556  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:13:56.0276 0556  NdisImPlatform - ok
22:13:56.0292 0556  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:13:56.0292 0556  NdisTapi - ok
22:13:56.0292 0556  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:13:56.0307 0556  Ndisuio - ok
22:13:56.0307 0556  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:13:56.0307 0556  NdisWan - ok
22:13:56.0323 0556  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
22:13:56.0323 0556  NDISWANLEGACY - ok
22:13:56.0323 0556  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:13:56.0339 0556  NDProxy - ok
22:13:56.0339 0556  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
22:13:56.0339 0556  Ndu - ok
22:13:56.0354 0556  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:13:56.0354 0556  NetBIOS - ok
22:13:56.0370 0556  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:13:56.0370 0556  NetBT - ok
22:13:56.0370 0556  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
22:13:56.0386 0556  Netlogon - ok
22:13:56.0386 0556  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
22:13:56.0401 0556  Netman - ok
22:13:56.0401 0556  [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm        C:\Windows\System32\netprofmsvc.dll
22:13:56.0417 0556  netprofm - ok
22:13:56.0417 0556  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:13:56.0432 0556  NetTcpPortSharing - ok
22:13:56.0432 0556  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:13:56.0432 0556  nfrd960 - ok
22:13:56.0448 0556  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:13:56.0448 0556  NlaSvc - ok
22:13:56.0464 0556  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:13:56.0464 0556  Npfs - ok
22:13:56.0464 0556  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
22:13:56.0479 0556  npsvctrig - ok
22:13:56.0479 0556  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
22:13:56.0479 0556  nsi - ok
22:13:56.0495 0556  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:13:56.0495 0556  nsiproxy - ok
22:13:56.0511 0556  [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:13:56.0557 0556  Ntfs - ok
22:13:56.0557 0556  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
22:13:56.0573 0556  Null - ok
22:13:56.0682 0556  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:13:56.0901 0556  nvlddmkm - ok
22:13:56.0901 0556  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:13:56.0917 0556  nvraid - ok
22:13:56.0917 0556  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:13:56.0917 0556  nvstor - ok
22:13:56.0932 0556  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:13:56.0948 0556  nvsvc - ok
22:13:56.0964 0556  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:13:56.0995 0556  nvUpdatusService - ok
22:13:56.0995 0556  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:13:56.0995 0556  nv_agp - ok
22:13:57.0011 0556  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:13:57.0011 0556  p2pimsvc - ok
22:13:57.0026 0556  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:13:57.0026 0556  p2psvc - ok
22:13:57.0042 0556  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
22:13:57.0042 0556  Parport - ok
22:13:57.0042 0556  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:13:57.0057 0556  partmgr - ok
22:13:57.0057 0556  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:13:57.0073 0556  PcaSvc - ok
22:13:57.0073 0556  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
22:13:57.0089 0556  pci - ok
22:13:57.0089 0556  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:13:57.0089 0556  pciide - ok
22:13:57.0104 0556  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:13:57.0104 0556  pcmcia - ok
22:13:57.0104 0556  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:13:57.0120 0556  pcw - ok
22:13:57.0120 0556  [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc             C:\Windows\system32\drivers\pdc.sys
22:13:57.0120 0556  pdc - ok
22:13:57.0136 0556  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:13:57.0151 0556  PEAUTH - ok
22:13:57.0182 0556  [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:13:57.0214 0556  PeerDistSvc - ok
22:13:57.0229 0556  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:13:57.0229 0556  PerfHost - ok
22:13:57.0245 0556  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
22:13:57.0276 0556  pla - ok
22:13:57.0276 0556  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:13:57.0292 0556  PlugPlay - ok
22:13:57.0292 0556  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:13:57.0307 0556  PNRPAutoReg - ok
22:13:57.0307 0556  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:13:57.0307 0556  PNRPsvc - ok
22:13:57.0323 0556  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:13:57.0339 0556  PolicyAgent - ok
22:13:57.0339 0556  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
22:13:57.0339 0556  Power - ok
22:13:57.0354 0556  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:13:57.0354 0556  PptpMiniport - ok
22:13:57.0386 0556  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
22:13:57.0432 0556  PrintNotify - ok
22:13:57.0432 0556  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
22:13:57.0448 0556  Processor - ok
22:13:57.0448 0556  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:13:57.0464 0556  ProfSvc - ok
22:13:57.0464 0556  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:13:57.0464 0556  Psched - ok
22:13:57.0479 0556  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
22:13:57.0479 0556  QWAVE - ok
22:13:57.0495 0556  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:13:57.0495 0556  QWAVEdrv - ok
22:13:57.0495 0556  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:13:57.0511 0556  RasAcd - ok
22:13:57.0511 0556  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:13:57.0511 0556  RasAgileVpn - ok
22:13:57.0526 0556  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
22:13:57.0526 0556  RasAuto - ok
22:13:57.0526 0556  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:13:57.0542 0556  Rasl2tp - ok
22:13:57.0542 0556  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
22:13:57.0558 0556  RasMan - ok
22:13:57.0558 0556  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:13:57.0573 0556  RasPppoe - ok
22:13:57.0573 0556  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:13:57.0589 0556  RasSstp - ok
22:13:57.0589 0556  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:13:57.0604 0556  rdbss - ok
22:13:57.0604 0556  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
22:13:57.0604 0556  rdpbus - ok
22:13:57.0620 0556  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:13:57.0620 0556  RDPDR - ok
22:13:57.0620 0556  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:13:57.0636 0556  RdpVideoMiniport - ok
22:13:57.0636 0556  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:13:57.0636 0556  RDPWD - ok
22:13:57.0651 0556  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:13:57.0651 0556  rdyboost - ok
22:13:57.0667 0556  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:13:57.0667 0556  RemoteAccess - ok
22:13:57.0667 0556  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:13:57.0683 0556  RemoteRegistry - ok
22:13:57.0683 0556  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:13:57.0698 0556  RpcEptMapper - ok
22:13:57.0698 0556  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
22:13:57.0698 0556  RpcLocator - ok
22:13:57.0714 0556  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
22:13:57.0729 0556  RpcSs - ok
22:13:57.0729 0556  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:13:57.0745 0556  rspndr - ok
22:13:57.0745 0556  [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
22:13:57.0761 0556  RTL8168 - ok
22:13:57.0761 0556  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
22:13:57.0776 0556  s3cap - ok
22:13:57.0776 0556  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
22:13:57.0776 0556  SamSs - ok
22:13:57.0776 0556  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:13:57.0792 0556  sbp2port - ok
22:13:57.0792 0556  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:13:57.0808 0556  SCardSvr - ok
22:13:57.0808 0556  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:13:57.0808 0556  scfilter - ok
22:13:57.0823 0556  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
22:13:57.0854 0556  Schedule - ok
22:13:57.0854 0556  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:13:57.0870 0556  SCPolicySvc - ok
22:13:57.0870 0556  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
22:13:57.0870 0556  sdbus - ok
22:13:57.0886 0556  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:13:57.0886 0556  SDRSVC - ok
22:13:57.0886 0556  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
22:13:57.0901 0556  sdstor - ok
22:13:57.0901 0556  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:13:57.0901 0556  secdrv - ok
22:13:57.0901 0556  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
22:13:57.0917 0556  seclogon - ok
22:13:57.0917 0556  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
22:13:57.0933 0556  SENS - ok
22:13:57.0933 0556  [ DDA4CAF29D8C0A297F886BFE561E6659 ] SensorsSimulatorDriver C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:57.0948 0556  SensorsSimulatorDriver - ok
22:13:57.0948 0556  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:13:57.0948 0556  SensrSvc - ok
22:13:57.0964 0556  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
22:13:57.0964 0556  SerCx - ok
22:13:57.0964 0556  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
22:13:57.0979 0556  Serenum - ok
22:13:57.0979 0556  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
22:13:57.0979 0556  Serial - ok
22:13:57.0979 0556  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
22:13:57.0995 0556  sermouse - ok
22:13:57.0995 0556  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
22:13:58.0011 0556  SessionEnv - ok
22:13:58.0011 0556  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
22:13:58.0026 0556  sfloppy - ok
22:13:58.0026 0556  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:13:58.0042 0556  SharedAccess - ok
22:13:58.0042 0556  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:13:58.0073 0556  ShellHWDetection - ok
22:13:58.0073 0556  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:13:58.0073 0556  SiSRaid2 - ok
22:13:58.0073 0556  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:13:58.0089 0556  SiSRaid4 - ok
22:13:58.0089 0556  [ A42C09C8E60FCDCCE04B722FDD4E8694 ] SLEE_18_DRIVER  C:\Windows\Sleen1864.sys
22:13:58.0089 0556  SLEE_18_DRIVER - ok
22:13:58.0104 0556  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:13:58.0104 0556  SNMPTRAP - ok
22:13:58.0104 0556  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
22:13:58.0120 0556  spaceport - ok
22:13:58.0120 0556  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
22:13:58.0136 0556  SpbCx - ok
22:13:58.0136 0556  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
22:13:58.0151 0556  Spooler - ok
22:13:58.0198 0556  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:13:58.0261 0556  sppsvc - ok
22:13:58.0261 0556  [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:13:58.0276 0556  SQLWriter - ok
22:13:58.0276 0556  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:13:58.0292 0556  srv - ok
22:13:58.0292 0556  [ C2106BB710AA34A046126AED7BCA6964 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:13:58.0308 0556  srv2 - ok
22:13:58.0323 0556  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:13:58.0323 0556  srvnet - ok
22:13:58.0323 0556  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:13:58.0339 0556  SSDPSRV - ok
22:13:58.0339 0556  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:13:58.0354 0556  SstpSvc - ok
22:13:58.0354 0556  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:13:58.0370 0556  Stereo Service - ok
22:13:58.0370 0556  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:13:58.0386 0556  stexstor - ok
22:13:58.0386 0556  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
22:13:58.0401 0556  stisvc - ok
22:13:58.0401 0556  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
22:13:58.0417 0556  storahci - ok
22:13:58.0417 0556  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
22:13:58.0417 0556  storflt - ok
22:13:58.0417 0556  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
22:13:58.0433 0556  StorSvc - ok
22:13:58.0433 0556  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:13:58.0433 0556  storvsc - ok
22:13:58.0433 0556  [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp         C:\Windows\System32\drivers\storvsp.sys
22:13:58.0448 0556  storvsp - ok
22:13:58.0448 0556  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
22:13:58.0464 0556  svsvc - ok
22:13:58.0464 0556  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
22:13:58.0464 0556  swenum - ok
22:13:58.0479 0556  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
22:13:58.0495 0556  swprv - ok
22:13:58.0511 0556  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
22:13:58.0526 0556  SysMain - ok
22:13:58.0542 0556  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:13:58.0542 0556  SystemEventsBroker - ok
22:13:58.0542 0556  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
22:13:58.0558 0556  TabletInputService - ok
22:13:58.0558 0556  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:13:58.0573 0556  TapiSrv - ok
22:13:58.0589 0556  [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:13:58.0636 0556  Tcpip - ok
22:13:58.0651 0556  [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:13:58.0698 0556  TCPIP6 - ok
22:13:58.0698 0556  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:13:58.0698 0556  tcpipreg - ok
22:13:58.0714 0556  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:13:58.0714 0556  tdx - ok
22:13:58.0714 0556  [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
22:13:58.0729 0556  Te.Service ( UnsignedFile.Multi.Generic ) - warning
22:13:58.0729 0556  Te.Service - detected UnsignedFile.Multi.Generic (1)
22:13:58.0745 0556  [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:13:58.0792 0556  TeamViewer7 - ok
22:13:58.0792 0556  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
22:13:58.0808 0556  terminpt - ok
22:13:58.0823 0556  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
22:13:58.0839 0556  TermService - ok
22:13:58.0839 0556  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
22:13:58.0854 0556  Themes - ok
22:13:58.0854 0556  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:13:58.0854 0556  THREADORDER - ok
22:13:58.0870 0556  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
22:13:58.0870 0556  TimeBroker - ok
22:13:58.0870 0556  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
22:13:58.0886 0556  TPM - ok
22:13:58.0886 0556  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
22:13:58.0901 0556  TrkWks - ok
22:13:58.0901 0556  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:13:58.0901 0556  TrustedInstaller - ok
22:13:58.0917 0556  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:13:58.0917 0556  TsUsbFlt - ok
22:13:58.0917 0556  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
22:13:58.0917 0556  TsUsbGD - ok
22:13:58.0933 0556  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:13:58.0933 0556  tunnel - ok
22:13:58.0933 0556  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:13:58.0948 0556  uagp35 - ok
22:13:58.0948 0556  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
22:13:58.0948 0556  UASPStor - ok
22:13:58.0964 0556  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
22:13:58.0964 0556  UCX01000 - ok
22:13:58.0979 0556  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:13:58.0995 0556  udfs - ok
22:13:58.0995 0556  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:13:58.0995 0556  UI0Detect - ok
22:13:59.0011 0556  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:13:59.0011 0556  uliagpkx - ok
22:13:59.0011 0556  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
22:13:59.0026 0556  umbus - ok
22:13:59.0026 0556  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
22:13:59.0026 0556  UmPass - ok
22:13:59.0026 0556  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
22:13:59.0042 0556  UmRdpService - ok
22:13:59.0058 0556  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
22:13:59.0058 0556  upnphost - ok
22:13:59.0073 0556  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
22:13:59.0073 0556  usbccgp - ok
22:13:59.0073 0556  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
22:13:59.0089 0556  usbcir - ok
22:13:59.0089 0556  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
22:13:59.0104 0556  usbehci - ok
22:13:59.0104 0556  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
22:13:59.0120 0556  usbhub - ok
22:13:59.0136 0556  [ B7A948501424805571BF562BB0BFE31D ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
22:13:59.0136 0556  USBHUB3 - ok
22:13:59.0151 0556  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
22:13:59.0151 0556  usbohci - ok
22:13:59.0151 0556  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
22:13:59.0167 0556  usbprint - ok
22:13:59.0167 0556  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
22:13:59.0167 0556  USBSTOR - ok
22:13:59.0167 0556  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
22:13:59.0183 0556  usbuhci - ok
22:13:59.0183 0556  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
22:13:59.0198 0556  USBXHCI - ok
22:13:59.0198 0556  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
22:13:59.0198 0556  VaultSvc - ok
22:13:59.0214 0556  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:13:59.0214 0556  vdrvroot - ok
22:13:59.0229 0556  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
22:13:59.0245 0556  vds - ok
22:13:59.0245 0556  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
22:13:59.0245 0556  VerifierExt - ok
22:13:59.0261 0556  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
22:13:59.0276 0556  vhdmp - ok
22:13:59.0276 0556  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
22:13:59.0276 0556  viaide - ok
22:13:59.0276 0556  [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid             C:\Windows\System32\drivers\Vid.sys
22:13:59.0292 0556  Vid - ok
22:13:59.0292 0556  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:13:59.0292 0556  vmbus - ok
22:13:59.0308 0556  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
22:13:59.0308 0556  VMBusHID - ok
22:13:59.0308 0556  [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
22:13:59.0323 0556  vmbusr - ok
22:13:59.0323 0556  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
22:13:59.0339 0556  vmicheartbeat - ok
22:13:59.0339 0556  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:13:59.0339 0556  vmickvpexchange - ok
22:13:59.0354 0556  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
22:13:59.0354 0556  vmicrdv - ok
22:13:59.0354 0556  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
22:13:59.0370 0556  vmicshutdown - ok
22:13:59.0370 0556  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
22:13:59.0386 0556  vmictimesync - ok
22:13:59.0386 0556  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
22:13:59.0386 0556  vmicvss - ok
22:13:59.0401 0556  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:13:59.0401 0556  volmgr - ok
22:13:59.0401 0556  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:13:59.0417 0556  volmgrx - ok
22:13:59.0433 0556  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:13:59.0433 0556  volsnap - ok
22:13:59.0448 0556  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
22:13:59.0448 0556  vpci - ok
22:13:59.0448 0556  [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp         C:\Windows\System32\drivers\vpcivsp.sys
22:13:59.0464 0556  vpcivsp - ok
22:13:59.0464 0556  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:13:59.0479 0556  vpnagent - ok
22:13:59.0479 0556  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
22:13:59.0479 0556  vpnva - ok
22:13:59.0479 0556  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:13:59.0495 0556  vsmraid - ok
22:13:59.0495 0556  [ F972436B5ED08069A1E7D623B77C226A ] VSPerfDrv110    C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
22:13:59.0495 0556  VSPerfDrv110 - ok
22:13:59.0511 0556  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
22:13:59.0542 0556  VSS - ok
22:13:59.0558 0556  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
22:13:59.0558 0556  VSTXRAID - ok
22:13:59.0573 0556  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:13:59.0573 0556  vwifibus - ok
22:13:59.0573 0556  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:13:59.0573 0556  vwififlt - ok
22:13:59.0589 0556  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:13:59.0589 0556  vwifimp - ok
22:13:59.0589 0556  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
22:13:59.0604 0556  W32Time - ok
22:13:59.0604 0556  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
22:13:59.0620 0556  WacomPen - ok
22:13:59.0620 0556  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:13:59.0620 0556  Wanarp - ok
22:13:59.0636 0556  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:13:59.0636 0556  Wanarpv6 - ok
22:13:59.0651 0556  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
22:13:59.0683 0556  wbengine - ok
22:13:59.0683 0556  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:13:59.0698 0556  WbioSrvc - ok
22:13:59.0698 0556  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
22:13:59.0714 0556  Wcmsvc - ok
22:13:59.0714 0556  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:13:59.0729 0556  wcncsvc - ok
22:13:59.0729 0556  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:13:59.0729 0556  WcsPlugInService - ok
22:13:59.0729 0556  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
22:13:59.0745 0556  Wd - ok
22:13:59.0745 0556  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
22:13:59.0745 0556  WdBoot - ok
22:13:59.0761 0556  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:13:59.0776 0556  Wdf01000 - ok
22:13:59.0792 0556  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
22:13:59.0792 0556  WdFilter - ok
22:13:59.0792 0556  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:13:59.0808 0556  WdiServiceHost - ok
22:13:59.0808 0556  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:13:59.0823 0556  WdiSystemHost - ok
22:13:59.0823 0556  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
22:13:59.0839 0556  WebClient - ok
22:13:59.0839 0556  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:13:59.0854 0556  Wecsvc - ok
22:13:59.0854 0556  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:13:59.0870 0556  wercplsupport - ok
22:13:59.0870 0556  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:13:59.0886 0556  WerSvc - ok
22:13:59.0886 0556  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
22:13:59.0901 0556  WFPLWFS - ok
22:13:59.0901 0556  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
22:13:59.0917 0556  WiaRpc - ok
22:13:59.0917 0556  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:13:59.0917 0556  WIMMount - ok
22:13:59.0917 0556  WinDefend - ok
22:13:59.0933 0556  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:13:59.0948 0556  WinHttpAutoProxySvc - ok
22:13:59.0948 0556  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:13:59.0964 0556  Winmgmt - ok
22:13:59.0995 0556  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:14:00.0026 0556  WinRM - ok
22:14:00.0042 0556  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
22:14:00.0073 0556  WlanSvc - ok
22:14:00.0089 0556  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
22:14:00.0120 0556  wlidsvc - ok
22:14:00.0120 0556  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
22:14:00.0120 0556  WmiAcpi - ok
22:14:00.0136 0556  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:14:00.0136 0556  wmiApSrv - ok
22:14:00.0136 0556  WMPNetworkSvc - ok
22:14:00.0151 0556  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
22:14:00.0151 0556  wpcfltr - ok
22:14:00.0151 0556  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:14:00.0167 0556  WPCSvc - ok
22:14:00.0167 0556  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:14:00.0167 0556  WPDBusEnum - ok
22:14:00.0183 0556  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
22:14:00.0183 0556  WpdUpFltr - ok
22:14:00.0183 0556  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:14:00.0183 0556  ws2ifsl - ok
22:14:00.0198 0556  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:14:00.0198 0556  wscsvc - ok
22:14:00.0198 0556  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
22:14:00.0214 0556  WSDPrintDevice - ok
22:14:00.0214 0556  [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan         C:\Windows\System32\drivers\WSDScan.sys
22:14:00.0214 0556  WSDScan - ok
22:14:00.0214 0556  WSearch - ok
22:14:00.0245 0556  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
22:14:00.0292 0556  WSService - ok
22:14:00.0323 0556  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
22:14:00.0386 0556  wuauserv - ok
22:14:00.0386 0556  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:14:00.0401 0556  WudfPf - ok
22:14:00.0401 0556  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
22:14:00.0401 0556  WUDFRd - ok
22:14:00.0417 0556  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:00.0417 0556  WUDFSensorLP - ok
22:14:00.0417 0556  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:14:00.0433 0556  wudfsvc - ok
22:14:00.0433 0556  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:00.0448 0556  WUDFWpdFs - ok
22:14:00.0448 0556  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:14:00.0464 0556  WwanSvc - ok
22:14:00.0464 0556  ================ Scan global ===============================
22:14:00.0464 0556  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
22:14:00.0480 0556  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
22:14:00.0480 0556  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
22:14:00.0480 0556  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
22:14:00.0480 0556  [Global] - ok
22:14:00.0480 0556  ================ Scan MBR ==================================
22:14:00.0495 0556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
22:14:00.0683 0556  \Device\Harddisk2\DR2 - ok
22:14:00.0698 0556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:14:00.0776 0556  \Device\Harddisk0\DR0 - ok
22:14:00.0776 0556  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:14:00.0792 0556  \Device\Harddisk1\DR1 - ok
22:14:00.0792 0556  ================ Scan VBR ==================================
22:14:00.0792 0556  [ F67AC60B9DE1D55668B0F0452CA9E8FD ] \Device\Harddisk2\DR2\Partition1
22:14:00.0823 0556  \Device\Harddisk2\DR2\Partition1 - ok
22:14:00.0823 0556  [ 0618B62B4BDA0C655CFA0F648C8F87BF ] \Device\Harddisk2\DR2\Partition2
22:14:00.0823 0556  \Device\Harddisk2\DR2\Partition2 - ok
22:14:00.0823 0556  [ 6AB52494C53FB622FA928F03E994C688 ] \Device\Harddisk0\DR0\Partition1
22:14:00.0839 0556  \Device\Harddisk0\DR0\Partition1 - ok
22:14:00.0839 0556  [ 204D3062303C51BAB8C73072603E9A64 ] \Device\Harddisk0\DR0\Partition2
22:14:00.0839 0556  \Device\Harddisk0\DR0\Partition2 - ok
22:14:00.0839 0556  [ 000386B5E9B7E0523C5EB31B424D5487 ] \Device\Harddisk1\DR1\Partition1
22:14:00.0839 0556  \Device\Harddisk1\DR1\Partition1 - ok
22:14:00.0839 0556  ============================================================
22:14:00.0839 0556  Scan finished
22:14:00.0839 0556  ============================================================
22:14:00.0839 5796  Detected object count: 2
22:14:00.0839 5796  Actual detected object count: 2
22:14:28.0372 5796  fussvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:28.0372 5796  fussvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:14:28.0372 5796  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:28.0372 5796  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Falls ich mbar noch ausführen sollte, müsste ich wissen, welche Antwort ich bei der Nachfrage von mbar anklicken soll? (Siehe Bild im vorherigen Post von mir).

Vielen Dank für deine Bemühungen und mit freundlichen Grüssen

PST

Angehängte Grafiken
Dateityp: png Fehlermeldung aswMBR.PNG (241,5 KB, 490x aufgerufen)

Alt 23.02.2013, 00:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
--> HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b

Alt 23.02.2013, 11:53   #7
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo Cosinus

Vielen Dank für deine Antwort.
Ich habe das versucht, leider ist das Programm erneut abgestürzt. Danach habe ich einige Hintergrundprozesse (Java-Update, OpenOffice, Avira Antivirus) geschlossen, doch auch hier wieder das gleiche Resultat. Danach habe die .exe Datei vom Desktop auf die Partition D:\ verschoben. Von dort hat es dann zumindest mit AV-Scan auf No funktioniert. Hier das Log-File:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 11:45:10
-----------------------------
11:45:10.244    OS Version: Windows x64 6.2.9200 
11:45:10.244    Number of processors: 4 586 0x2A07
11:45:10.245    ComputerName: PASCALS-PC  UserName: 
11:45:10.520    Initialize success
11:45:15.716    AVAST engine defs: 13022200
11:45:31.644    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
11:45:31.644    Disk 0 Vendor: SAMSUNG_SP2504C VT100-41 Size: 238475MB BusType: 3
11:45:31.644    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
11:45:31.644    Disk 1 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 244198MB BusType: 3
11:45:31.644    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-7
11:45:31.644    Disk 2 Vendor: SAMSUNG_HD322HJ 1AC01112 Size: 305245MB BusType: 3
11:45:31.659    Disk 1 MBR read successfully
11:45:31.659    Disk 1 MBR scan
11:45:31.659    Disk 1 Windows 7 default MBR code
11:45:31.691    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       234117 MB offset 2048
11:45:31.753    Disk 1 scanning C:\Windows\system32\drivers
11:45:59.411    Service scanning
11:46:05.708    Modules scanning
11:46:05.708    Disk 1 trace - called modules:
11:46:05.739    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys 
11:46:05.739    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80078b7060]
11:46:05.739    3 CLASSPNP.SYS[fffff880013a78aa] -> nt!IofCallDriver -> [0xfffffa8006bff520]
11:46:05.739    5 ACPI.sys[fffff88000ed3a91] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8006e87600]
11:46:05.739    Scan finished successfully
11:46:16.005    Disk 1 MBR has been saved successfully to "G:\Eigene Dokumente\MBR.dat"
11:46:16.005    The log file has been saved successfully to "G:\Eigene Dokumente\aswMBR.txt"
         
Mit freundlichen Grüssen
PST

Alt 24.02.2013, 21:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.02.2013, 22:40   #9
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo Cosinus

Deine neuen Schritte habe ich ausgeführt. Bei allen Schritte habe ich den Echtzeitschutz von Avira deaktiviert. Hier die Log-Files:

1. JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by *** on 24.02.2013 at 22:13:18.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2013 at 22:16:20.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner[S1].txt
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 24/02/2013 um 22:19:30 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center  (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1153 octets] - [24/02/2013 22:19:30]

########## EOF - C:\AdwCleaner[S1].txt - [1213 octets] ##########
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 24.02.2013 22:24:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.92 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.77% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 153.76 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.21 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 110.75 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
 
Computer Name: ***S-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\***\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Spamihilator\sqlite3.dll ()
MOD - C:\Program Files (x86)\Spamihilator\zlib1.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon110) -- C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- C:\Programme\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\Drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\Drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\Drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\Drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\Drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\Drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (VSPerfDrv110) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)
DRV - (SLEE_18_DRIVER) -- C:\Windows\SleeN1864.sys (Softwareentwicklung Remus - ArchiCrypt - )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 B7 BC A2 60 EA CD 01  [binary data]
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1418571125-3010777540-2957968792-1002\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 19:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 19:45:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.11.11 14:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.ch/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Session Manager = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: Turn Off the Lights = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\
CHR - Extension: Download Master = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\2.0.2.0_0\
CHR - Extension: Google Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH)
O4 - HKLM..\Run: [SAFE2012 HotKeys] C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH)
O4 - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001..\Run: [Spotify] C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1418571125-3010777540-2957968792-1001..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe (Michel Krämer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E636EAB-DEAB-47B8-9E5D-203EA345D793}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE13D9F8-7CC3-4B02-B657-E6D38F5AAB4F}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.24 22:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.24 22:11:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.24 22:10:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.02.22 22:10:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.02.22 15:03:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.02.22 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.GeckoCIRCUITS
[2013.02.22 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeckoCircuits
[2013.02.21 19:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.21 09:12:35 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.21 09:12:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.21 09:12:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.21 09:12:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.21 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.19 21:29:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.19 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz
[2013.02.17 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.02.17 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.17 18:42:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.17 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.17 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance
[2013.02.17 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.16 22:42:20 | 000,000,000 | ---D | C] -- G:\Eigene Dokumente\Internet Explorer
[2013.02.16 22:11:24 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.02.16 22:11:24 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.02.16 20:29:41 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013.02.16 20:29:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013.02.16 20:29:40 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013.02.16 20:29:40 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013.02.16 20:29:40 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013.02.16 20:29:40 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2013.02.16 20:29:40 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.02.16 20:29:40 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
[2013.02.16 20:29:39 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2013.02.16 20:29:39 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013.02.16 20:29:39 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013.02.16 20:29:39 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.02.16 20:29:39 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
[2013.02.16 20:29:39 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013.02.16 20:29:39 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.02.16 20:29:39 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013.02.16 20:29:38 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013.02.16 20:29:38 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013.02.16 20:29:38 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.02.16 20:29:38 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013.02.16 20:29:38 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.02.16 20:29:38 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013.02.16 20:29:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.02.16 20:29:38 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.02.16 20:29:38 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013.02.16 20:29:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013.02.16 20:29:38 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013.02.16 20:29:38 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013.02.16 20:29:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013.02.16 20:29:37 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
[2013.02.16 20:29:37 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
[2013.02.16 20:29:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013.02.16 20:29:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013.02.16 20:29:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013.02.15 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\***\Valley
[2013.02.15 15:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2013.02.15 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2013.02.15 13:45:13 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 20:36:13 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 20:36:13 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.02.14 20:36:13 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 20:36:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 20:36:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 20:36:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.14 20:36:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.14 20:36:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.14 20:36:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.02.14 20:36:13 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.14 20:36:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.02.14 20:36:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.13 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.02.13 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.13 14:25:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 14:25:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 14:25:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.12 14:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2013.02.12 14:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.02.12 14:33:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013.02.12 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon
[2013.02.12 14:33:03 | 000,361,472 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMXLMAG.DLL
[2013.02.08 11:13:41 | 045,673,536 | ---- | C] (Information Factory AG) -- C:\Users\***\ptw12.exe
[4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.24 22:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.24 22:20:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.02.24 22:20:51 | 2507,448,319 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.24 22:18:29 | 000,594,019 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.02.24 22:10:56 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.02.24 21:35:00 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001UA.job
[2013.02.23 22:35:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418571125-3010777540-2957968792-1001Core.job
[2013.02.23 11:46:16 | 000,000,512 | ---- | M] () -- G:\Eigene Dokumente\MBR.dat
[2013.02.22 22:10:55 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.02.22 22:03:11 | 000,247,247 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung aswMBR.PNG
[2013.02.21 09:12:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.21 09:12:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.21 09:12:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.21 09:12:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.21 09:12:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.21 09:12:31 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.20 07:20:22 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 07:20:22 | 000,828,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 07:20:22 | 000,774,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 07:20:22 | 000,188,018 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 07:20:22 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.19 21:30:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.19 21:25:34 | 000,374,784 | ---- | M] () -- C:\Users\***\Desktop\GMER_2.1.18952.exe
[2013.02.19 21:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.19 21:22:42 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.17 18:42:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 09:42:24 | 000,319,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 15:58:32 | 001,065,984 | ---- | M] () -- C:\Users\***\AppData\Local\file__0.localstorage
[2013.02.15 15:48:33 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.13 14:25:17 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.13 14:22:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.13 14:22:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.13 14:22:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.08 13:04:25 | 000,089,969 | ---- | M] () -- G:\Eigene Dokumente\tausendfüssler.html
[2013.02.08 11:28:48 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Private Tax 2012.lnk
[2013.02.08 11:14:15 | 045,673,536 | ---- | M] (Information Factory AG) -- C:\Users\***\ptw12.exe
[2013.02.07 00:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.07 00:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.29 21:19:56 | 000,004,472 | ---- | M] () -- G:\Eigene Dokumente\testdatabase.odb
[2013.01.29 18:31:37 | 000,002,937 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.html
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif
[2013.01.29 18:31:36 | 000,000,905 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif
[2013.01.29 18:18:36 | 000,030,720 | ---- | M] () -- G:\Eigene Dokumente\Artisteninfos II.pdf
[4 G:\Eigene Dokumente\*.tmp files -> G:\Eigene Dokumente\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.24 22:18:28 | 000,594,019 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.02.23 11:46:16 | 000,000,512 | ---- | C] () -- G:\Eigene Dokumente\MBR.dat
[2013.02.22 22:03:11 | 000,247,247 | ---- | C] () -- C:\Users\***\Desktop\Fehlermeldung aswMBR.PNG
[2013.02.19 21:30:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.19 21:29:37 | 000,374,784 | ---- | C] () -- C:\Users\***\Desktop\GMER_2.1.18952.exe
[2013.02.19 21:29:37 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.02.17 18:42:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 09:42:21 | 000,319,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 20:29:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.15 15:49:11 | 001,065,984 | ---- | C] () -- C:\Users\***\AppData\Local\file__0.localstorage
[2013.02.15 15:48:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Valley Benchmark 1.0.lnk
[2013.02.13 14:25:17 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.08 13:04:25 | 000,089,969 | ---- | C] () -- G:\Eigene Dokumente\tausendfüssler.html
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m6997d5c5.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m62f470de.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3428dcbe.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_73370a2a.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_66a5fb37.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_57f49501.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_305a466b.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_21a9e378.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1b0f1cb.gif
[2013.01.29 18:31:37 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1517f0a6.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4c8ddb5.gif
[2013.01.29 18:31:36 | 000,001,012 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_732823d1.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_mac9e20a.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m9a90155.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m3a2f9283.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m1fd2dac0.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m115a95b8.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m105b2753.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_a0384b.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_718d4cb4.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_5a116ac.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3d24c938.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_3533661e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2f06abaf.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_1818ca1e.gif
[2013.01.29 18:31:36 | 000,001,011 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_16ed9b0f.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m7c22eb.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m76310da9.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m596b2f4a.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m4b1d74e5.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m18314a60.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_m182bab31.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_bef7d65.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_8369655.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_77bc8406.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_75068775.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_69a5fc69.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_4b6ceb94.gif
[2013.01.29 18:31:36 | 000,001,010 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_2b685522.gif
[2013.01.29 18:31:36 | 000,000,905 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II_html_53c72159.gif
[2013.01.29 18:31:35 | 000,002,937 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.html
[2013.01.29 18:18:35 | 000,030,720 | ---- | C] () -- G:\Eigene Dokumente\Artisteninfos II.pdf
[2013.01.29 17:59:11 | 000,004,472 | ---- | C] () -- G:\Eigene Dokumente\testdatabase.odb
[2012.12.22 16:46:13 | 001,882,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.05 16:04:12 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012.11.13 17:49:35 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.11 14:06:43 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013.01.19 13:42:42 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 24.02.2013 22:24:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.92 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.77% Memory free
9.11 Gb Paging File | 7.78 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.63 Gb Total Space | 153.76 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.21 Gb Free Space | 13.84% Space Free | Partition Type: NTFS
Drive F: | 287.99 Gb Total Space | 110.75 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
Drive G: | 115.70 Gb Total Space | 33.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
 
Computer Name: ***S-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0156CC-1BD5-4338-8F5C-C469531C072E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0EF64744-4ECA-401B-B42A-20D951EDFE60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1CFC6199-04DC-4E26-BFD5-F9A451454C35}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1FFCFFFA-B51B-4E47-9143-310E543479B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21AF5A53-AED0-4465-995A-E85BF2CEEF49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E730B60-5FA6-4C84-9435-AD59CC1905EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3415F9CA-F65A-4BF8-8B44-A1C6F0CD78C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{386F563D-83A2-4CEE-8E16-848222850A73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DEC5D15-A115-4008-B985-0440CA21843F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4A75EC33-9AAC-4EAE-B7E1-E96F2F30D9EE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5555CAC0-C4A8-4DB0-A0E3-67354B86B1F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79A1A42E-24A4-43EC-9E72-FC627758E1AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{88BAE950-47A4-499C-9171-5C55044665C0}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | 
"{8B42C9CD-8B93-4D84-AE02-1B6E30924D97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90152997-E307-43FF-BB7C-FDD4430138AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{970FB209-4424-4484-8CB0-BE5C8950F8E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A34B0D0C-5D39-4899-B33E-42B9CFC665CD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C370217D-7437-453A-9812-8ACC2FA91CC6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB7633F0-BCF9-49E4-A831-152DF9F80AF4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F6383789-04EB-41E1-A1FA-FCC5F0D26CC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F750C3F1-ACCF-4184-9AE8-CCC75B30C080}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFB8DC12-2194-4F4E-A4AC-6DC77A451390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0400CD16-0A01-408D-B0AA-12C7C1A0CCBA}" = dir=out | name=search.ch | 
"{06F404EB-463A-4A33-AB1D-DCE2FD53BDE6}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{0A99520E-DA62-4515-BA1B-B43ED06DC302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F656C5A-7536-479C-9A6E-61F03C17579B}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{14256438-6A95-4382-B3CF-AF2273C11C98}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{165147DB-B144-4EBE-BA4B-DCC746632824}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{168A0286-B960-4CE8-AC60-5BA19DD6ACB7}" = dir=out | name=onenote | 
"{16D13CFD-DFFC-4C5B-8E5A-6EAC118E33AE}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{17E14C19-F914-4DE2-9393-E3A586C36341}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1DD746C2-7DCA-40AD-ADCC-F81AE3CA643E}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{2088B70E-3BDA-4D43-816C-5607B36A9C51}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe | 
"{28ECFE5F-687C-4591-B47D-6AD1D53BD583}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{2A888A1D-A5D0-4C97-AF38-C233AC1D6884}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2BF66853-9ED6-40BE-A564-5F9CE0700420}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe | 
"{2D26DAF6-9A8A-4CDB-B018-FF56D8DD98F0}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{2E1CC82F-E270-4DD3-8C92-0A7BA64367CA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3056B10A-76B4-4AC4-91BE-B5AD3CBF293A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{30E6473C-1B7D-48F2-9CA7-E91D1FEAEB5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{314BB11D-8144-4CB6-9D4C-D33877D72EAA}" = dir=out | name=@{pons.wrterbuch_1.4.0.39_neutral__sj9sp7dbkxx8m?ms-resource://pons.wrterbuch/resources/display_name} | 
"{320DC909-24AA-4551-A3D5-E8EC55B78374}" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"{35CEA768-DE42-48E3-BA87-247CC0B31BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{387E2009-B01D-4452-B935-C7D289C277A3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{3C5240AD-5811-410C-B1A6-2AA9415E994B}" = dir=out | name=lightning timer | 
"{3FF31916-DAC9-4888-86D7-E9E4DE8CB359}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{446B51CA-7D4E-4A0A-A46B-60CB1FD84DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{44C5BCD1-B306-45FA-A961-69FBF4E185B8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{48F9BDBF-5FC1-4D8C-9B04-7C1E4F7E0E71}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{49808C1C-1829-4E4E-9A62-4CA5C1F6D6F7}" = dir=in | name=onenote | 
"{49CD620D-C63F-4038-B5AF-771AA94F78B8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{4E6BC844-3A54-4A78-AE69-309588223886}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{517E1212-2CF4-47A2-A83C-5160AD6D871A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{5875A9A6-7EC0-4B5C-A18F-BDD7E9BEBD73}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F4CC1A3-D854-4250-B919-A952256EDAB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5FA00D3E-1CDF-4E06-ABFA-A2E5AFA49612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{634247FB-1EC8-48E5-B0B6-33327573F68A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{659B81FA-3A44-4FD3-ABFF-0598D8F36E27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65AAA41C-097A-418B-8A69-6534837FA1AD}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{6D83B832-1F0F-4C71-9279-A974EBCAC090}" = dir=out | name=tagi-news | 
"{6FE701B5-A4B4-450C-BDAE-C897CE641593}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\cdcc.exe | 
"{7189BFF9-F7AE-4333-A629-64536842024F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D6A703E-A22A-432C-B20F-381C615419CC}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{7DDC3E75-AFFF-4CBE-806A-0164FA589AE4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{7FB905C2-5F4C-46BD-8029-7A3609D79027}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{81F52B9D-1BEB-4042-BFCF-88BD6A7F4095}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8824C4B1-5428-4E01-91E9-BF81C754A718}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8B5F35D9-608F-4E7A-9430-CDDDC58B8AAA}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{8C0377A9-66D9-4A42-92D1-F7AB5050E569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E0D2484-391F-4A89-B6E2-0875E5758334}" = dir=out | name=canon inkjet print utility | 
"{92F75B6D-62FF-4324-A93C-6CE3FA7587D9}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\spamihilator.exe | 
"{9D14D3DF-C15A-4464-9849-6BC8280442D0}" = dir=out | name=wikipedia | 
"{A36B9A79-6E03-45DD-9427-2501A81DF464}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{AB0F63B6-8F3C-4EE8-B83F-F0B867BF56DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{AFDEC594-1189-4BA6-8E06-BAE4CB1B0A49}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{B08F5149-5703-44E8-ADD3-A827CD5109BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B3012288-6DD3-4461-A5E2-6FA2D8ED4123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B47B43B6-7A04-4B31-B0BF-3F4EEFC215A8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C4DC9694-3E66-4BB4-9346-B74712554E66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CBC25E8D-8CD4-436E-A092-E7A2C0D16297}" = protocol=6 | dir=out | app=system | 
"{CBD8AB40-B882-4569-9380-32288A1EBA70}" = dir=out | name=zattoo live tv | 
"{CF6655A1-A111-459D-A416-DAB5161D39BB}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{DBA526E9-8CFA-4BB8-BB40-1AC639239BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD9569C1-84CA-403F-AD90-523303C4B042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E02041B5-E708-480A-9F78-087623E07D99}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{E32543DF-DB41-4373-B396-FEBE391D0388}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EFA5CAB9-F92B-4762-8460-DD2E57AFF7FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F4B50D65-9E75-471D-9BC6-27352A3B1C29}" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"{FA78BCFA-AD28-4BCE-873E-16408A168043}" = dir=out | name=swiss phone book | 
"{FD62C578-04BE-45C9-8FD7-DCC9D1F4F15F}" = dir=out | name=cut the rope | 
"{FF51A4FD-51A6-4A9E-8993-902212BEE34B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFC0BEF7-CB3C-4995-83FD-556C27828141}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"TCP Query User{0B02FC0E-D50F-4D2B-84F0-7D107CF8147B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1D4FBF0C-19D2-4678-AFF3-1668D38656CE}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{294DCE27-7DE2-4077-93F5-55C96F53C455}D:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{323CC57D-7D93-45C6-880E-503C60E5D4BC}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"TCP Query User{51A64849-E672-4A7A-8B54-9F57AADE27CB}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C766B9F0-754D-48E3-950F-885ECB377E87}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
"UDP Query User{14339A0C-C842-4264-A19F-656479B72EFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{1452CF19-620F-4C7C-B532-457371C4EB47}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{33B95583-DBCD-4CD4-B3EC-1ED7A7568654}C:\program files (x86)\spamihilator\dccproc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spamihilator\dccproc.exe | 
"UDP Query User{404C5273-7161-4575-B48C-A336697E4E84}D:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{82E71039-E722-430E-AF4A-0191F7EB5FA5}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{DD548ADC-FDCC-4C0A-A9FE-F9217A8D17C9}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}" = PlayReady PC Runtime amd64
"{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64)
"{4DD6FB52-0704-4B46-B74E-8010084F33FC}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client 
"{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU 
"{988D34CA-25EC-3FDD-95E9-04EE09BC2C85}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{9910B791-30D3-419C-B39E-4974206931A9}" = Microsoft Visual Studio 2012-Leistungserfassungstools - DEU
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A0D450C6-07C4-40C7-8D2B-840565E91987}" = Spamihilator 1.5.0 (64-Bit)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AB980FC0-2070-43DC-A985-2B1F8F7852F1}" = Microsoft Visual Studio 2012 VsGraphics Remote Dependencies RC- DEU
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities 
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BF58CE95-2DDC-3EE3-A538-71A7646B0EBE}" = Microsoft Visual Studio 2012 RC Remote Debugger
"{C77B266C-A228-3952-981A-3C23D7D614A5}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{C8400C5F-04A8-3B74-B247-B0F2CEA8A907}" = Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
"{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64)
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E890076A-6721-4145-B9C4-B4AACFDE6830}" = Microsoft Visual Studio 2012-Leistungserfassungstools
"{ED1EBD88-D341-321A-BB22-52D7E703E316}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU
"{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB 
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Stellarium_is1" = Stellarium 0.11.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{093C9565-E907-4ED8-8201-4C1DD25D34DF}" = Devenv-Ressourcen für Microsoft Visual Studio 2012
"{094D6E27-97CC-447E-8660-56F75CFC1E00}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0EEB6DAC-32D5-4D1A-B795-7023D6AB9F13}" = Blend for Visual Studio 2012 DEU resources
"{13BD574A-7F41-420A-B486-7A2D4CEB7F3B}" =  Tools for .Net 3.5 - DEU Lang Pack
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{247a1070-c6e4-426b-af1d-5c7942d3ee06}" = Remotetools für Visual Studio 2012 RC
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{2B231D3B-39B5-301A-9891-0847433885BC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack
"{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}" = Spamihilator 1.5.0 (32-Bit)
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack
"{2ED1FE3E-B0C5-3990-A966-3B3999F63B38}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3226C9CF-31C7-4FF4-8F41-D5A65795EE80}" = Microsoft ASP.NET MVC 4 Runtime - DEU
"{32AA0D69-0E45-4331-A435-74716E4EA0AC}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3E24A4D9-7CA0-378E-A9EB-74A20A496F6E}" = Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU
"{3FB583E8-0964-4421-847C-5FA285611C69}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66efbe1c-fcf5-4623-93f6-1ae2445aff93}" = Microsoft Visual Studio Professional 2012
"{6B5FEDC9-AC82-4F3F-AA55-F21881802F56}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT 
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{80054F6B-11DA-40F6-8306-F9AB2F9074EB}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A79E320-5BCA-4A0F-A83B-D2D9783C7D53}" = Microsoft Visual C++ 2012 Compilers - DEU Resources
"{8BAB88C4-5024-3236-84B5-115054CD32B3}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU
"{8BF20A72-0286-4E87-B071-E33D4B43DA97}" = Microsoft Report Viewer Add-On für Visual Studio 2012
"{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{965EC534-B751-46E2-BB44-4653A33DD5CC}" = Microsoft Web Developer Tools - Visual Studio 2012 - DEU
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE13D8B-6288-4A2C-99D2-414D77B9A830}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAC80D3B-9F42-4E52-8357-7CB4A3EC7B80}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU
"{AB639FD7-CC4E-E5BB-8951-D852ABB56D8E}" = LocalESPCui for de-de
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1AC00A6-43D2-4F06-92F3-9B01529E5AD5}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU
"{B33EA6ED-6F46-3BE1-98D2-F43D2A82EE39}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{BD87E147-2948-4E49-9FD9-890A4AE4300A}" = Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3F1C46B-4DAD-439D-B940-E8144DD9B69A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU
"{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC1078D-00E9-CB9D-EA5B-EE695A38D346}" = Windows Runtime Intellisense Content - de-de
"{E8AC67A8-BC7D-4541-A13E-88F6DD2AB3DB}" = Microsoft Visual Studio 2012-Vorbereitung
"{EA33215B-1391-314B-8752-C4C448304AC5}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU
"{F56A0341-F545-3EFB-A7B4-25CD67D04022}" = Microsoft Visual Studio Professional 2012 - DEU
"{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}" = Microsoft SQL Server Data Tools - DEU (11.1.20627.00)
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"6753-7911-9438-6061" = Private Tax 2012 2.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Celestia_is1" = Celestia 1.6.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"FreePDF_XP" = FreePDF (Remove only)
"LyX2051" = LyX 2.0.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Star Trek Online" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1418571125-3010777540-2957968792-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 24.02.2013 17:14:05 | Computer Name = ***s-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::OnTaskbarCreated File: .\mainfrm.cpp Line: 639
Invoked
 Function: redisplayIcon Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED

 
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 24.02.2013 17:19:44 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 24.02.2013 17:20:11 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 24.02.2013 17:21:01 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked
 Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009)
Description:
 CVCCONFIG_ERROR_UNEXPECTED 
 
Error - 24.02.2013 17:21:20 | Computer Name = ***s-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ System Events ]
Error - 24.02.2013 17:19:01 | Computer Name = ***s-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.02.2013 17:19:31 | Computer Name = ***s-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.02.2013 17:20:01 | Computer Name = ***s-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.02.2013 17:21:00 | Computer Name = ***s-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >
         
Vielen Dank und mit freundlichen Grüssen

PST

Geändert von pst (24.02.2013 um 22:54 Uhr)

Alt 24.02.2013, 22:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.02.2013, 20:38   #11
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo Cosinus

Hier die Resultate der Auswertungen:
1. Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.25.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
*** :: ***-PC [Administrator]

25.02.2013 14:10:43
mbam-log-2013-02-25 (14-10-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228202
Laufzeit: 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
2. ESET Online Scanner hat leider einige Sachen gefunden:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33d3a2ab9b90c740984bda2d44904195
# engine=13237
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-25 05:47:04
# local_time=2013-02-25 06:47:04 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 21418 1056430 14208 0
# compatibility_mode=5893 16776574 100 94 1114905 18544336 0 0
# scanned=783163
# found=5
# cleaned=0
# scan_time=16140
sh=52B652A736EB57AF2A265F20CD02E3F09C19DD02 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="D:\Users\*** ***\AppData\Local\Temp\OptimizerPro_new.zip"
sh=415788A0C3A0C0AEFFE5DC2707F00D56BC10FC86 ft=1 fh=9a01efc3b7a794b4 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="D:\Users\*** ***\AppData\Local\Temp\1606e1353324abdcd295dfd1d5956201\OptimizerPro.exe"
sh=F9AF9DCECF65A61C57BC093D7DD43FCA305940D4 ft=1 fh=3db5a627af2823b3 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="D:\Windows\Temp\RegistryOptimizer.exe"
sh=A55453E998802CAD1F5F12778F4F322078CA923C ft=0 fh=0000000000000000 vn="probably a variant of Win32/PSW.IM.FJHTMND trojan" ac=I fn="G:\Marketing\Affiliate\giveaway\47videos_resale (2).zip"
sh=A55453E998802CAD1F5F12778F4F322078CA923C ft=0 fh=0000000000000000 vn="probably a variant of Win32/PSW.IM.FJHTMND trojan" ac=I fn="G:\Marketing\Affiliate\giveaway\47videos_resale.zip"
         
Externe Festplatten/Wechseldatenträger habe ich nicht getestet. Diese werde ich sobald mein System wieder sauber ist unter Ubuntu formatieren, so das dort sicher nichts mehr festhängt.

Vielen Dank für die bisherige Unterstützung und mit freundlichen Grüssen

PST

Alt 26.02.2013, 00:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Nur Funde in Temp.
Außerdem in Laufwerk G, war das ne externe Platte zum Zeitpunkt des Scans mit ESET?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2013, 09:09   #13
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo Cosinus

Nein G:\ ist keine extra Platte. Die ist fix eingebaut und darauf sind meine Daten gespeichert (vom System getrennt). Beim Scan habe ich alle externen Platten entfernt, nur eine Speicherkarte bzw. ein USB Stick (da bin ich mir nicht mehr sicher) war kurzfristig eingesteckt (die wurde aber vom Scan nicht erfasst).
Was muss ich mit den Funden im Temp machen?

Mit freundlichen Grüssen

PST

Alt 26.02.2013, 11:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Naja im Prinzip ist es für das System auch völlig latte ob G ein Speicherort einer internen oder externen Platte ist.

Zu den Temps: Bitte TFC anwenden

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2013, 20:10   #15
pst
 
HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Standard

HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b



Hallo Cosinus

Soweit ich das beurteilen kann müsste jetzt alles sauber sein/habe ich keine Probleme mehr. Vielen Dank für deine Unterstützung und Tips.

mit freundlichen Grüssen

PST

Antwort

Themen zu HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b
adblock, antivirus, application/pdf:, autorun, avira, bho, canon, computer, datei anhängen, down, error, festplatte, firefox, google, helper, homepage, hängen, iexplore.exe, install.exe, lightning, logfile, mozilla, ntdll.dll, nvidia update, object, plug-in, realtek, recycle.bin, registry, richtlinie, scan, security, spotify web helper, svchost.exe, taskmanager, tracker, virustotal.com, visual studio, warnung, windows




Ähnliche Themen: HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b


  1. C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem
    Log-Analyse und Auswertung - 07.09.2014 (6)
  2. AppData\Local\Google\Chrome\User Data\Default\preferences Ist das noch sicherheitsrelevant?
    Log-Analyse und Auswertung - 18.03.2014 (7)
  3. Fehlermeldung. C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (11)
  4. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  5. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  6. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  7. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  8. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  9. 'EXP/Pidief.dld' in 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\xiejebkm.default\Cache\F\DF\62839d01'
    Log-Analyse und Auswertung - 04.11.2012 (6)
  10. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  11. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  12. JS/Expack.aeu in C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\lkt0e7uc.default\Cache\E\A6\14C54d01
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (15)
  13. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
  14. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  15. 'HTML/IFrame.aho' [virus] in Datei C:\Users\Nana\AppData\Local\Mozilla\Firefox\Profiles\twl50o4s.de
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (9)
  16. Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (18)
  17. Infected.WebPage.Gen3 in C:\Users\...\AppData\Local\Mozilla\Firefox\Profiles\m3ssewbw.default\Cache\
    Log-Analyse und Auswertung - 28.09.2011 (11)

Zum Thema HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b - Guten Abend Vor zwei Tagen hat auf meinem Computer Avira Free Antivirus Alarm geschlagen und den folgenden Virus gemeldet: HTML/ScrInjec.BW.50 gefunden wurde er in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b Ich verwende Windows 8. - HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b...
Archiv
Du betrachtest: HTML/ScrInjec.BW.50 in C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00965b auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.