Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: WLan Unterbrechung bei "hervorragenden" Empfang

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.03.2013, 15:49   #1
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Hallo liebe Community

mich hat es wohl auch mal erwischt

Eigentlich hatte ich nie Probleme mit meiner WLan Verbindung doch nun plötzlich.... Verbinden und surfen funktioniert wunderbar doch in einem unbestimmten Intervall verliert er die Verbindung und reconnect auch direkt , aber dies ist echt nervig und nicht der Sinn der Sache
€dit: Ich vergass zu sagen meine Wlan Verbindung ist immer laut Windows hervorragenden


Ich kann mir selber leider nicht erklären was ich in der letzten Zeit installiert habe, da es auf Grund von Python und C++ einige Dinge waren... unteranderem Boost,... etc.

Naja nun zu meinen Daten:
Router:
Systemname:
ZyNOS Firmware-Version: V3.40(SQ.0) | 09/09/2004
DSL Firmware-Version:TI AR7 01.01.08.00
Standard:ADSL_G.dmt
Marke ZyXel
Verschlüsselung: keine
Mac Filter: Aktiviert

Mein Laptop:
Win Vista Home Premium
Service Pack2

Was habe ich bereits getan?
Dieses Tutorial habe ich bereits durchgeführt.http://www.trojaner-board.de/94344-p...n-pruefen.html
Des weiteren habe ich dieses Tutorial(http://www.trojaner-board.de/69886-a...-beachten.html) durchgearbeitet. Dabei muss ich erwähnen, dass es keine Fehlermeldungen oder sonst was gab. ABER Gmer stürzt bei mir ab und hat sogar schon einen Blue Screen verursacht (Wenn ich das so sagen kann)
Leider habe ich meine log files alle bearbeitet und meinen Namen ersetzt und dann gelesen das wenn da steht Basti ich es doch lieber drinne lassen soll :/ Jetzt habe ich die Scans neu gemacht und er erstellt mir die Extra.txt von OTL leider nicht mehr

Ich habe des weiteren schon SpyBot Search und Lavasoft Ad aware und TDSS Kaspersky Rootkit Scanner laufen lassen - alle haben nichts dramatisches bis auf ein paar Cookies gefunden - Konnten aber alle ohne Fehlermeldung entfernt/behoben werden.
Ich hab selber schon befürchtet, dass Dinge wie Dropbox oder GitHub da im Hintergrund irgendwas abziehen und Dropbox erstmal deinstalliert. Hat jedoch nicht geholfen :=P


Tut mir eine Bitte - den Satz "Bitte neu aufsetzen" gibt es nicht ... Es muss eine andere Lösung geben


€dit: Gestern habe ich schon mit einem TcpViewer (name fällt mir gerade nicht ein) geschaut welche Prozesse auf das Internet zugreifen und da ist mir nur aufgefallen, dass ich massig svchost.exe Prozesse habe :/ konnte aber nicht ausmachen ob irgendwas immer wieder mene Internetverbindung überlastet.
Gerade läuft malwarebytes-anti-malware von euch - mal sehen ob das vielleicht auch noch was findet....
FUND: Der Scan läuft noch aber AntiVir springt gerade auf und meldet: In der Datei C:\Windows\Installer\...\syshost.exe einen TR/Necurs.A.57 gefunden .... klingt sympathisch
Scann fertig -> log Datei unten angehängt

Vielen Dank für jedliche Hilfe !
Angehängte Dateien
Dateityp: txt MBAM-log-2013-03-14 (16-12-30).txt (5,7 KB, 162x aufgerufen)

Geändert von BoBoB (14.03.2013 um 16:13 Uhr)

Alt 17.03.2013, 16:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 17.03.2013, 17:10   #3
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Hey

vielen dank dass du dir meines problem antust!

ich habe auf eigener faust in den letzten beiden tagen einige scans durchgeführt werd aber ab jetzt jedes eigenständiges handeln einstellen und deinen anweisungen folgen ! (Problem besteht)

Gmer hat eine Fehlermeldung gegeben. "Gmer funktioniert nicht mehr " Debuggen, schliessen und noch eine möglichkeit konnte ich nur drücken - habe mich für schließen entschieden

Malwarebytes Log
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.17.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: BASTI-PC [administrator]

17.03.2013 17:01:57
mbar-log-2013-03-17 (17-01-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 35352
Time elapsed: 14 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
__________________

Geändert von BoBoB (17.03.2013 um 17:15 Uhr)

Alt 17.03.2013, 17:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Bitte GMER nochmal probieren, es ist doch beschrieben was du machen sollst wenn es Probleme gibt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.03.2013, 19:57   #5
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Sooo ich habe zu erst in den Abgesicherten Modus gewechselt und den Scan begonnen aber auch hier kam der Fehler: Gmer funktioniert nicht mehr - Debuggen , Schliessen und noch was

Dann habe ich den Haken bei Devices rausgenommen und der Scan funktionierte! Hat ewig gedauert ~1h trotz wie von dir gesagt Quickscan. Am Ende konnnte ich weder Copy noch save drücken da jedesmal die Meldung kam nicht genügend Speicher zur Verfügung. Da ich mich per Handy hier nicht einloggen konnte musste ich den Pc neustarten um diesen Beitrag zu posten.

Zur Information meine C Platte hat 49 GB freien Speicher !


Alt 17.03.2013, 20:52   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> WLan Unterbrechung bei "hervorragenden" Empfang

Alt 17.03.2013, 21:19   #7
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Zitat:
Bei Problemen bei Ausführung von aswMBR melde dies in deinem Thread!
Das tue ich hiermit - Auch hier wieder kam die Meldung - aswMBR funktioniert nicht mehr

TDSKiller hat 5 Threads gefunden - tschuldigung - aus reflex habe ich es in Quarantäne verschoben
Code:
ATTFilter
21:13:17.0961 3836  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:13:18.0226 3836  ============================================================
21:13:18.0226 3836  Current date / time: 2013/03/17 21:13:18.0226
21:13:18.0226 3836  SystemInfo:
21:13:18.0226 3836  
21:13:18.0226 3836  OS Version: 6.0.6002 ServicePack: 2.0
21:13:18.0226 3836  Product type: Workstation
21:13:18.0226 3836  ComputerName: BASTI-PC
21:13:18.0226 3836  UserName: Basti
21:13:18.0226 3836  Windows directory: C:\Windows
21:13:18.0226 3836  System windows directory: C:\Windows
21:13:18.0226 3836  Processor architecture: Intel x86
21:13:18.0226 3836  Number of processors: 2
21:13:18.0226 3836  Page size: 0x1000
21:13:18.0226 3836  Boot type: Normal boot
21:13:18.0226 3836  ============================================================
21:13:18.0741 3836  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:13:18.0756 3836  ============================================================
21:13:18.0756 3836  \Device\Harddisk0\DR0:
21:13:18.0756 3836  MBR partitions:
21:13:18.0756 3836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17EEEFC0
21:13:18.0756 3836  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17EEF000, BlocksNum 0xC34F800
21:13:18.0756 3836  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2423F000, BlocksNum 0x11EE000
21:13:18.0756 3836  ============================================================
21:13:18.0787 3836  C: <-> \Device\Harddisk0\DR0\Partition1
21:13:18.0850 3836  D: <-> \Device\Harddisk0\DR0\Partition3
21:13:18.0897 3836  P: <-> \Device\Harddisk0\DR0\Partition2
21:13:18.0897 3836  ============================================================
21:13:18.0897 3836  Initialize success
21:13:18.0897 3836  ============================================================
21:14:02.0991 2072  ============================================================
21:14:02.0991 2072  Scan started
21:14:02.0991 2072  Mode: Manual; SigCheck; TDLFS; 
21:14:02.0991 2072  ============================================================
21:14:03.0210 2072  ================ Scan system memory ========================
21:14:03.0210 2072  System memory - ok
21:14:03.0210 2072  ================ Scan services =============================
21:14:03.0325 2072  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:14:03.0405 2072  !SASCORE - ok
21:14:03.0596 2072  [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
21:14:03.0606 2072  Accelerometer - ok
21:14:03.0662 2072  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:14:03.0680 2072  ACPI - ok
21:14:03.0796 2072  [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
21:14:03.0898 2072  Ad-Aware Service - ok
21:14:04.0042 2072  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:14:04.0059 2072  AdobeARMservice - ok
21:14:04.0132 2072  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:04.0146 2072  AdobeFlashPlayerUpdateSvc - ok
21:14:04.0207 2072  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:14:04.0230 2072  adp94xx - ok
21:14:04.0237 2072  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:14:04.0253 2072  adpahci - ok
21:14:04.0271 2072  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:14:04.0284 2072  adpu160m - ok
21:14:04.0302 2072  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:14:04.0315 2072  adpu320 - ok
21:14:04.0364 2072  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:14:04.0422 2072  AeLookupSvc - ok
21:14:04.0527 2072  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
21:14:04.0576 2072  AESTFilters - ok
21:14:04.0635 2072  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
21:14:04.0683 2072  AFD - ok
21:14:04.0741 2072  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:14:04.0753 2072  agp440 - ok
21:14:04.0990 2072  ahaaha1 - ok
21:14:05.0018 2072  AhnRptTfFRegFNT - ok
21:14:05.0049 2072  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:14:05.0062 2072  aic78xx - ok
21:14:05.0223 2072  [ DBC02508535BA87E422CC59561224D8D ] Akamai          c:\program files\common files\akamai\netsession_win_dbc0250.dll
21:14:05.0438 2072  Akamai - ok
21:14:05.0457 2072  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:14:05.0513 2072  ALG - ok
21:14:05.0551 2072  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:14:05.0562 2072  aliide - ok
21:14:05.0604 2072  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:14:05.0616 2072  amdagp - ok
21:14:05.0620 2072  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:14:05.0632 2072  amdide - ok
21:14:05.0672 2072  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:14:05.0717 2072  AmdK7 - ok
21:14:05.0745 2072  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:14:05.0804 2072  AmdK8 - ok
21:14:05.0861 2072  ampro - ok
21:14:05.0968 2072  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:14:05.0998 2072  AntiVirSchedulerService - ok
21:14:06.0049 2072  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:14:06.0059 2072  AntiVirService - ok
21:14:06.0102 2072  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:14:06.0165 2072  Appinfo - ok
21:14:06.0230 2072  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:14:06.0243 2072  Apple Mobile Device - ok
21:14:06.0287 2072  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:14:06.0299 2072  arc - ok
21:14:06.0323 2072  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:14:06.0335 2072  arcsas - ok
21:14:06.0449 2072  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:14:06.0465 2072  aspnet_state - ok
21:14:06.0491 2072  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:06.0543 2072  AsyncMac - ok
21:14:06.0575 2072  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:14:06.0587 2072  atapi - ok
21:14:06.0653 2072  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
21:14:06.0671 2072  atksgt - ok
21:14:06.0737 2072  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:14:06.0760 2072  AudioEndpointBuilder - ok
21:14:06.0781 2072  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:14:06.0802 2072  Audiosrv - ok
21:14:06.0870 2072  [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
21:14:06.0886 2072  Autodesk Content Service - ok
21:14:06.0936 2072  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:14:06.0947 2072  avgntflt - ok
21:14:06.0983 2072  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:14:06.0995 2072  avipbb - ok
21:14:07.0038 2072  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:14:07.0048 2072  avkmgr - ok
21:14:07.0117 2072  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
21:14:07.0192 2072  BCM43XV - ok
21:14:07.0227 2072  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:14:07.0307 2072  Beep - ok
21:14:07.0335 2072  BeSk81 - ok
21:14:07.0400 2072  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
21:14:07.0439 2072  BFE - ok
21:14:07.0511 2072  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
21:14:07.0593 2072  BITS - ok
21:14:07.0655 2072  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:14:07.0698 2072  blbdrive - ok
21:14:07.0781 2072  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:14:07.0796 2072  Bonjour Service - ok
21:14:07.0845 2072  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:14:07.0858 2072  bowser - ok
21:14:07.0903 2072  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:14:07.0937 2072  BrFiltLo - ok
21:14:07.0956 2072  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:14:08.0000 2072  BrFiltUp - ok
21:14:08.0037 2072  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:14:08.0083 2072  Browser - ok
21:14:08.0118 2072  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:14:08.0175 2072  Brserid - ok
21:14:08.0202 2072  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:14:08.0264 2072  BrSerWdm - ok
21:14:08.0287 2072  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:14:08.0357 2072  BrUsbMdm - ok
21:14:08.0384 2072  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:14:08.0441 2072  BrUsbSer - ok
21:14:08.0481 2072  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:14:08.0508 2072  BthEnum - ok
21:14:08.0558 2072  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:14:08.0600 2072  BTHMODEM - ok
21:14:08.0634 2072  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:14:08.0674 2072  BthPan - ok
21:14:08.0739 2072  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:14:08.0778 2072  BTHPORT - ok
21:14:08.0825 2072  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
21:14:08.0868 2072  BthServ - ok
21:14:08.0904 2072  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:14:08.0920 2072  BTHUSB - ok
21:14:08.0983 2072  [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:14:08.0993 2072  btwaudio - ok
21:14:09.0029 2072  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:14:09.0037 2072  btwavdt - ok
21:14:09.0080 2072  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:14:09.0088 2072  btwrchid - ok
21:14:09.0131 2072  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:14:09.0175 2072  cdfs - ok
21:14:09.0223 2072  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:14:09.0256 2072  cdrom - ok
21:14:09.0300 2072  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:14:09.0352 2072  CertPropSvc - ok
21:14:09.0372 2072  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:14:09.0414 2072  circlass - ok
21:14:09.0458 2072  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
21:14:09.0473 2072  CLFS - ok
21:14:09.0521 2072  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:14:09.0540 2072  clr_optimization_v2.0.50727_32 - ok
21:14:09.0578 2072  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:14:09.0589 2072  clr_optimization_v4.0.30319_32 - ok
21:14:09.0634 2072  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:14:09.0657 2072  CmBatt - ok
21:14:09.0666 2072  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:14:09.0676 2072  cmdide - ok
21:14:09.0740 2072  [ A94146208170D78906C93EE39CEBDD9F ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:14:09.0761 2072  Com4QLBEx - ok
21:14:09.0766 2072  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:14:09.0777 2072  Compbatt - ok
21:14:09.0781 2072  COMSysApp - ok
21:14:09.0797 2072  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:14:09.0808 2072  crcdisk - ok
21:14:09.0821 2072  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:14:09.0882 2072  Crusoe - ok
21:14:09.0935 2072  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:14:09.0982 2072  CryptSvc - ok
21:14:10.0038 2072  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
21:14:10.0064 2072  CVirtA - ok
21:14:10.0160 2072  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:14:10.0300 2072  CVPND - ok
21:14:10.0337 2072  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:14:10.0363 2072  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:14:10.0363 2072  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:14:10.0476 2072  [ 8AAEEE8E59A70F37579993D118A34EE0 ] d3d9            C:\Windows\System32\d3d9.dll
21:14:10.0596 2072  d3d9 - ok
21:14:10.0599 2072  DBKDRVR54 - ok
21:14:10.0638 2072  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:14:10.0667 2072  DcomLaunch - ok
21:14:10.0707 2072  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:14:10.0734 2072  DfsC - ok
21:14:10.0820 2072  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
21:14:10.0973 2072  DFSR - ok
21:14:11.0018 2072  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:14:11.0060 2072  Dhcp - ok
21:14:11.0104 2072  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
21:14:11.0116 2072  disk - ok
21:14:11.0170 2072  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
21:14:11.0180 2072  DNE - ok
21:14:11.0233 2072  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:14:11.0262 2072  Dnscache - ok
21:14:11.0297 2072  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:14:11.0332 2072  dot3svc - ok
21:14:11.0418 2072  [ DB162274197796AC5B3D54DA7ECA1909 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
21:14:11.0468 2072  DpHost ( UnsignedFile.Multi.Generic ) - warning
21:14:11.0468 2072  DpHost - detected UnsignedFile.Multi.Generic (1)
21:14:11.0528 2072  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:14:11.0572 2072  DPS - ok
21:14:11.0618 2072  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:14:11.0659 2072  drmkaud - ok
21:14:11.0701 2072  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:14:11.0728 2072  DXGKrnl - ok
21:14:11.0758 2072  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:14:11.0782 2072  E1G60 - ok
21:14:11.0810 2072  EagleNT - ok
21:14:11.0838 2072  EagleXNt - ok
21:14:11.0872 2072  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:14:11.0908 2072  EapHost - ok
21:14:11.0956 2072  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:14:11.0969 2072  Ecache - ok
21:14:11.0998 2072  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:14:12.0051 2072  ehRecvr - ok
21:14:12.0070 2072  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
21:14:12.0128 2072  ehSched - ok
21:14:12.0144 2072  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
21:14:12.0175 2072  ehstart - ok
21:14:12.0201 2072  [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
21:14:12.0211 2072  ElbyCDFL - ok
21:14:12.0245 2072  [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
21:14:12.0256 2072  ElbyCDIO - ok
21:14:12.0313 2072  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:14:12.0332 2072  elxstor - ok
21:14:12.0374 2072  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:14:12.0422 2072  EMDMgmt - ok
21:14:12.0456 2072  [ 4CD6B056C5FD9E97C06FE74C81479517 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
21:14:12.0491 2072  enecir - ok
21:14:12.0529 2072  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:14:12.0572 2072  ErrDev - ok
21:14:12.0633 2072  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
21:14:12.0668 2072  EventSystem - ok
21:14:12.0699 2072  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
21:14:12.0742 2072  exfat - ok
21:14:12.0774 2072  [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc     C:\Windows\System32\ezsvc7.dll
21:14:12.0804 2072  ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
21:14:12.0804 2072  ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
21:14:12.0844 2072  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:14:12.0862 2072  fastfat - ok
21:14:12.0891 2072  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:14:12.0933 2072  fdc - ok
21:14:12.0958 2072  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:14:12.0981 2072  fdPHost - ok
21:14:12.0985 2072  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:14:13.0046 2072  FDResPub - ok
21:14:13.0083 2072  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:14:13.0095 2072  FileInfo - ok
21:14:13.0114 2072  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:14:13.0156 2072  Filetrace - ok
21:14:13.0236 2072  [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:14:13.0309 2072  FLEXnet Licensing Service - ok
21:14:13.0320 2072  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:13.0366 2072  flpydisk - ok
21:14:13.0408 2072  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:14:13.0422 2072  FltMgr - ok
21:14:13.0497 2072  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
21:14:13.0559 2072  FontCache - ok
21:14:13.0632 2072  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:14:13.0647 2072  FontCache3.0.0.0 - ok
21:14:13.0686 2072  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:14:13.0716 2072  Fs_Rec - ok
21:14:13.0745 2072  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:14:13.0757 2072  gagp30kx - ok
21:14:13.0786 2072  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:14:13.0794 2072  GEARAspiWDM - ok
21:14:13.0836 2072  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\Windows\system32\drivers\gfibto.sys
21:14:13.0845 2072  gfibto - ok
21:14:13.0870 2072  GGSAFERDriver - ok
21:14:13.0912 2072  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:14:13.0980 2072  gpsvc - ok
21:14:14.0023 2072  [ 7929A161F9951D173CA9900FE7067391 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
21:14:14.0032 2072  hamachi - ok
21:14:14.0058 2072  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:14:14.0116 2072  HdAudAddService - ok
21:14:14.0152 2072  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:14:14.0196 2072  HDAudBus - ok
21:14:14.0249 2072  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:14:14.0286 2072  HidBth - ok
21:14:14.0323 2072  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:14:14.0341 2072  HidIr - ok
21:14:14.0374 2072  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
21:14:14.0405 2072  hidserv - ok
21:14:14.0441 2072  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:14:14.0459 2072  HidUsb - ok
21:14:14.0477 2072  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:14:14.0525 2072  hkmsvc - ok
21:14:14.0573 2072  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:14:14.0599 2072  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:14:14.0599 2072  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:14:14.0636 2072  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:14:14.0647 2072  HpCISSs - ok
21:14:14.0671 2072  [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
21:14:14.0679 2072  hpdskflt - ok
21:14:14.0741 2072  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:14:14.0765 2072  HpqKbFiltr - ok
21:14:14.0813 2072  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:14:14.0862 2072  HpqRemHid - ok
21:14:14.0892 2072  [ D50FDAD1E57AA60F1973CFC77D905F0E ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:14:14.0901 2072  hpqwmiex - ok
21:14:14.0931 2072  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv           C:\Windows\system32\Hpservice.exe
21:14:14.0940 2072  hpsrv - ok
21:14:14.0992 2072  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\Windows\system32\DRIVERS\HPZius12.sys
21:14:15.0052 2072  HPZius12 - ok
21:14:15.0113 2072  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:14:15.0137 2072  HSFHWAZL - ok
21:14:15.0176 2072  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:14:15.0263 2072  HSF_DPV - ok
21:14:15.0305 2072  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:14:15.0339 2072  HTTP - ok
21:14:15.0365 2072  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:14:15.0376 2072  i2omp - ok
21:14:15.0436 2072  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:14:15.0470 2072  i8042prt - ok
21:14:15.0557 2072  [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:14:15.0572 2072  IAANTMON - ok
21:14:15.0645 2072  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:14:15.0658 2072  iaStor - ok
21:14:15.0664 2072  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:14:15.0678 2072  iaStorV - ok
21:14:15.0719 2072  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:14:15.0752 2072  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:14:15.0752 2072  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:14:15.0811 2072  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:14:15.0882 2072  idsvc - ok
21:14:15.0905 2072  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:14:15.0915 2072  iirsp - ok
21:14:15.0990 2072  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:14:16.0034 2072  IKEEXT - ok
21:14:16.0122 2072  IlvMoneyDRIVER53 - ok
21:14:16.0158 2072  injectDLL - ok
21:14:16.0199 2072  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:14:16.0210 2072  intelide - ok
21:14:16.0253 2072  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:14:16.0296 2072  intelppm - ok
21:14:16.0319 2072  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:14:16.0342 2072  IPBusEnum - ok
21:14:16.0352 2072  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:14:16.0395 2072  IpFilterDriver - ok
21:14:16.0399 2072  IpInIp - ok
21:14:16.0420 2072  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:14:16.0442 2072  IPMIDRV - ok
21:14:16.0460 2072  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:14:16.0501 2072  IPNAT - ok
21:14:16.0616 2072  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:14:16.0671 2072  iPod Service - ok
21:14:16.0721 2072  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:14:16.0743 2072  IRENUM - ok
21:14:16.0760 2072  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:14:16.0772 2072  isapnp - ok
21:14:16.0818 2072  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:14:16.0831 2072  iScsiPrt - ok
21:14:16.0839 2072  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:14:16.0850 2072  iteatapi - ok
21:14:16.0859 2072  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:14:16.0869 2072  iteraid - ok
21:14:16.0918 2072  [ 858C550EBBD243826A2193262C1B54A3 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
21:14:16.0966 2072  JMCR - ok
21:14:16.0992 2072  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:14:17.0003 2072  kbdclass - ok
21:14:17.0035 2072  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:14:17.0067 2072  kbdhid - ok
21:14:17.0098 2072  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
21:14:17.0154 2072  KeyIso - ok
21:14:17.0156 2072  KIKIDRIVER - ok
21:14:17.0189 2072  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:14:17.0210 2072  KSecDD - ok
21:14:17.0271 2072  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:14:17.0317 2072  KtmRm - ok
21:14:17.0390 2072  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:14:17.0429 2072  LanmanServer - ok
21:14:17.0486 2072  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:14:17.0544 2072  LanmanWorkstation - ok
21:14:17.0615 2072  Lavasoft Kernexplorer - ok
21:14:17.0639 2072  Lbd - ok
21:14:17.0698 2072  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
21:14:17.0708 2072  lirsgt - ok
21:14:17.0736 2072  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:14:17.0779 2072  lltdio - ok
21:14:17.0806 2072  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:14:17.0852 2072  lltdsvc - ok
21:14:17.0876 2072  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:14:17.0915 2072  lmhosts - ok
21:14:17.0934 2072  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:14:17.0947 2072  LSI_FC - ok
21:14:17.0951 2072  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:14:17.0964 2072  LSI_SAS - ok
21:14:17.0998 2072  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:14:18.0011 2072  LSI_SCSI - ok
21:14:18.0018 2072  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:14:18.0083 2072  luafv - ok
21:14:18.0132 2072  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:14:18.0141 2072  MBAMProtector - ok
21:14:18.0186 2072  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:14:18.0201 2072  MBAMScheduler - ok
21:14:18.0238 2072  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:14:18.0267 2072  MBAMService - ok
21:14:18.0314 2072  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:14:18.0346 2072  Mcx2Svc - ok
21:14:18.0376 2072  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:14:18.0388 2072  megasas - ok
21:14:18.0426 2072  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:14:18.0447 2072  MegaSR - ok
21:14:18.0543 2072  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:14:18.0560 2072  Microsoft Office Groove Audit Service - ok
21:14:18.0611 2072  [ D96EA49AB9A9174331BC023FD0CADC18 ] mirrorv3        C:\Windows\system32\DRIVERS\rminiv3.sys
21:14:18.0661 2072  mirrorv3 - ok
21:14:18.0678 2072  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:14:18.0719 2072  MMCSS - ok
21:14:18.0743 2072  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:14:18.0780 2072  Modem - ok
21:14:18.0814 2072  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:14:18.0860 2072  monitor - ok
21:14:18.0887 2072  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:14:18.0898 2072  mouclass - ok
21:14:18.0914 2072  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:14:18.0936 2072  mouhid - ok
21:14:18.0948 2072  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:14:18.0960 2072  MountMgr - ok
21:14:19.0021 2072  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:14:19.0040 2072  MozillaMaintenance - ok
21:14:19.0062 2072  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:14:19.0074 2072  mpio - ok
21:14:19.0098 2072  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:14:19.0116 2072  mpsdrv - ok
21:14:19.0183 2072  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:14:19.0210 2072  MpsSvc - ok
21:14:19.0261 2072  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:14:19.0271 2072  Mraid35x - ok
21:14:19.0306 2072  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:14:19.0319 2072  MRxDAV - ok
21:14:19.0354 2072  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:14:19.0367 2072  mrxsmb - ok
21:14:19.0396 2072  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:14:19.0432 2072  mrxsmb10 - ok
21:14:19.0437 2072  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:14:19.0451 2072  mrxsmb20 - ok
21:14:19.0456 2072  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
21:14:19.0467 2072  msahci - ok
21:14:19.0487 2072  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:14:19.0499 2072  msdsm - ok
21:14:19.0521 2072  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:14:19.0545 2072  MSDTC - ok
21:14:19.0560 2072  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:14:19.0598 2072  Msfs - ok
21:14:19.0625 2072  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:14:19.0636 2072  msisadrv - ok
21:14:19.0662 2072  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:14:19.0702 2072  MSiSCSI - ok
21:14:19.0706 2072  msiserver - ok
21:14:19.0733 2072  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:14:19.0777 2072  MSKSSRV - ok
21:14:19.0819 2072  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:14:19.0841 2072  MSPCLOCK - ok
21:14:19.0859 2072  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:14:19.0882 2072  MSPQM - ok
21:14:19.0928 2072  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:14:19.0942 2072  MsRPC - ok
21:14:19.0953 2072  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:14:19.0965 2072  mssmbios - ok
21:14:20.0048 2072  MSSQL$ACCUCHEK360 - ok
21:14:20.0086 2072  MSSQL$SQLEXPRESS - ok
21:14:20.0111 2072  [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:14:20.0128 2072  MSSQLServerADHelper - ok
21:14:20.0145 2072  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:14:20.0167 2072  MSTEE - ok
21:14:20.0197 2072  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:14:20.0209 2072  Mup - ok
21:14:20.0245 2072  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
21:14:20.0287 2072  napagent - ok
21:14:20.0327 2072  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:14:20.0341 2072  NativeWifiP - ok
21:14:20.0385 2072  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:14:20.0407 2072  NDIS - ok
21:14:20.0425 2072  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:14:20.0460 2072  NdisTapi - ok
21:14:20.0479 2072  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:14:20.0502 2072  Ndisuio - ok
21:14:20.0557 2072  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:14:20.0575 2072  NdisWan - ok
21:14:20.0594 2072  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:14:20.0612 2072  NDProxy - ok
21:14:20.0622 2072  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:14:20.0659 2072  NetBIOS - ok
21:14:20.0697 2072  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:14:20.0732 2072  netbt - ok
21:14:20.0756 2072  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
21:14:20.0769 2072  Netlogon - ok
21:14:20.0800 2072  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:14:20.0844 2072  Netman - ok
21:14:20.0918 2072  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:20.0939 2072  NetMsmqActivator - ok
21:14:20.0943 2072  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:20.0954 2072  NetPipeActivator - ok
21:14:20.0988 2072  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:14:21.0015 2072  netprofm - ok
21:14:21.0020 2072  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:21.0031 2072  NetTcpActivator - ok
21:14:21.0035 2072  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:21.0046 2072  NetTcpPortSharing - ok
21:14:21.0148 2072  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
21:14:21.0350 2072  NETw5v32 - ok
21:14:21.0379 2072  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:14:21.0390 2072  nfrd960 - ok
21:14:21.0410 2072  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:14:21.0435 2072  NlaSvc - ok
21:14:21.0453 2072  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:14:21.0486 2072  Npfs - ok
21:14:21.0504 2072  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:14:21.0551 2072  nsi - ok
21:14:21.0574 2072  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:14:21.0615 2072  nsiproxy - ok
21:14:21.0673 2072  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:14:21.0735 2072  Ntfs - ok
21:14:21.0756 2072  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:14:21.0795 2072  ntrigdigi - ok
21:14:21.0812 2072  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:14:21.0834 2072  Null - ok
21:14:21.0888 2072  [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm60x32.sys
21:14:21.0957 2072  NVENETFD - ok
21:14:22.0019 2072  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
21:14:22.0030 2072  NVHDA - ok
21:14:22.0278 2072  [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:14:22.0761 2072  nvlddmkm - ok
21:14:22.0790 2072  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:14:22.0802 2072  nvraid - ok
21:14:22.0806 2072  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:14:22.0818 2072  nvstor - ok
21:14:22.0862 2072  [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:14:22.0874 2072  nvsvc - ok
21:14:22.0901 2072  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:14:22.0913 2072  nv_agp - ok
21:14:22.0917 2072  NwlnkFlt - ok
21:14:22.0923 2072  NwlnkFwd - ok
21:14:23.0005 2072  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:14:23.0051 2072  odserv - ok
21:14:23.0135 2072  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:14:23.0171 2072  ohci1394 - ok
21:14:23.0242 2072  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:14:23.0261 2072  ose - ok
21:14:23.0324 2072  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:14:23.0426 2072  p2pimsvc - ok
21:14:23.0442 2072  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:14:23.0465 2072  p2psvc - ok
21:14:23.0510 2072  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:14:23.0568 2072  Parport - ok
21:14:23.0601 2072  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:14:23.0613 2072  partmgr - ok
21:14:23.0632 2072  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:14:23.0670 2072  Parvdm - ok
21:14:23.0691 2072  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:14:23.0716 2072  PcaSvc - ok
21:14:23.0759 2072  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
21:14:23.0773 2072  pci - ok
21:14:23.0817 2072  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:14:23.0828 2072  pciide - ok
21:14:23.0844 2072  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:14:23.0857 2072  pcmcia - ok
21:14:23.0916 2072  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:14:24.0002 2072  PEAUTH - ok
21:14:24.0061 2072  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:14:24.0175 2072  pla - ok
21:14:24.0222 2072  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:14:24.0261 2072  PlugPlay - ok
21:14:24.0291 2072  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:14:24.0315 2072  PNRPAutoReg - ok
21:14:24.0358 2072  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:14:24.0382 2072  PNRPsvc - ok
21:14:24.0430 2072  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:14:24.0478 2072  PolicyAgent - ok
21:14:24.0526 2072  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:14:24.0570 2072  PptpMiniport - ok
21:14:24.0598 2072  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:14:24.0641 2072  Processor - ok
21:14:24.0680 2072  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:14:24.0701 2072  ProfSvc - ok
21:14:24.0714 2072  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:14:24.0727 2072  ProtectedStorage - ok
21:14:24.0755 2072  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:14:24.0774 2072  PSched - ok
21:14:24.0839 2072  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:14:24.0922 2072  ql2300 - ok
21:14:24.0939 2072  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:14:24.0950 2072  ql40xx - ok
21:14:25.0035 2072  [ 6803B69C14696CC4907C5F77FBB04A14 ] QPCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
21:14:25.0062 2072  QPCapSvc - ok
21:14:25.0073 2072  [ 95A0B86B9F1D27B613830864341A8252 ] QPSched         C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
21:14:25.0091 2072  QPSched - ok
21:14:25.0115 2072  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:14:25.0131 2072  QWAVE - ok
21:14:25.0154 2072  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:14:25.0165 2072  QWAVEdrv - ok
21:14:25.0180 2072  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:14:25.0222 2072  RasAcd - ok
21:14:25.0247 2072  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:14:25.0296 2072  RasAuto - ok
21:14:25.0318 2072  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:14:25.0358 2072  Rasl2tp - ok
21:14:25.0400 2072  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
21:14:25.0444 2072  RasMan - ok
21:14:25.0484 2072  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:14:25.0526 2072  RasPppoe - ok
21:14:25.0564 2072  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:14:25.0576 2072  RasSstp - ok
21:14:25.0636 2072  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:14:25.0679 2072  rdbss - ok
21:14:25.0706 2072  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:14:25.0746 2072  RDPCDD - ok
21:14:25.0774 2072  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:14:25.0800 2072  rdpdr - ok
21:14:25.0805 2072  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:14:25.0828 2072  RDPENCDD - ok
21:14:25.0861 2072  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:14:25.0908 2072  RDPWD - ok
21:14:25.0940 2072  [ B9570481A1BABCC4A9E941C553596077 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
21:14:25.0970 2072  Recovery Service for Windows - ok
21:14:26.0005 2072  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:14:26.0041 2072  RemoteAccess - ok
21:14:26.0081 2072  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:14:26.0119 2072  RemoteRegistry - ok
21:14:26.0177 2072  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:14:26.0214 2072  RFCOMM - ok
21:14:26.0283 2072  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:14:26.0314 2072  RichVideo - ok
21:14:26.0330 2072  ROCKSTAR - ok
21:14:26.0362 2072  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:14:26.0421 2072  RpcLocator - ok
21:14:26.0470 2072  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
21:14:26.0498 2072  RpcSs - ok
21:14:26.0529 2072  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:14:26.0552 2072  rspndr - ok
21:14:26.0622 2072  [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
21:14:26.0642 2072  RTL8169 - ok
21:14:26.0659 2072  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
21:14:26.0673 2072  SamSs - ok
21:14:26.0731 2072  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:14:26.0740 2072  SASDIFSV - ok
21:14:26.0758 2072  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:14:26.0769 2072  SASKUTIL - ok
21:14:26.0911 2072  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
21:14:27.0222 2072  SBAMSvc - ok
21:14:27.0269 2072  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:14:27.0281 2072  sbp2port - ok
21:14:27.0397 2072  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  P:\Programme\Spybot - Search & Destroy\SDWinSec.exe
21:14:27.0493 2072  SBSDWSCService - ok
21:14:27.0523 2072  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:14:27.0558 2072  SCardSvr - ok
21:14:27.0600 2072  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
21:14:27.0684 2072  Schedule - ok
21:14:27.0710 2072  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:14:27.0729 2072  SCPolicySvc - ok
21:14:27.0790 2072  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:14:27.0834 2072  sdbus - ok
21:14:27.0874 2072  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:14:27.0921 2072  SDRSVC - ok
21:14:27.0943 2072  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:14:28.0003 2072  secdrv - ok
21:14:28.0032 2072  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:14:28.0058 2072  seclogon - ok
21:14:28.0086 2072  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
21:14:28.0135 2072  SENS - ok
21:14:28.0204 2072  [ B3C1B187FEFC941F63CE0DF93D02EB9F ] Sentinel        C:\Windows\System32\Drivers\SENTINEL.SYS
21:14:28.0214 2072  Sentinel - ok
21:14:28.0259 2072  [ ACCDF944417FCE3B9BDDFC197C704A27 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
21:14:28.0270 2072  SentinelProtectionServer - ok
21:14:28.0319 2072  [ 6CE397C482BEDE91A38E56A8C4A0DC6D ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
21:14:28.0361 2072  Ser2pl - ok
21:14:28.0372 2072  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:14:28.0411 2072  Serenum - ok
21:14:28.0432 2072  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:14:28.0489 2072  Serial - ok
21:14:28.0507 2072  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:14:28.0530 2072  sermouse - ok
21:14:28.0551 2072  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:14:28.0576 2072  SessionEnv - ok
21:14:28.0587 2072  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:14:28.0606 2072  sffdisk - ok
21:14:28.0612 2072  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:14:28.0641 2072  sffp_mmc - ok
21:14:28.0655 2072  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:14:28.0678 2072  sffp_sd - ok
21:14:28.0713 2072  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:14:28.0751 2072  sfloppy - ok
21:14:28.0791 2072  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:14:28.0843 2072  ShellHWDetection - ok
21:14:28.0866 2072  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:14:28.0878 2072  sisagp - ok
21:14:28.0891 2072  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:14:28.0902 2072  SiSRaid2 - ok
21:14:28.0910 2072  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:14:28.0922 2072  SiSRaid4 - ok
21:14:28.0984 2072  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:14:29.0040 2072  SkypeUpdate - ok
21:14:29.0148 2072  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
21:14:29.0338 2072  slsvc - ok
21:14:29.0367 2072  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:14:29.0387 2072  SLUINotify - ok
21:14:29.0415 2072  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:14:29.0458 2072  Smb - ok
21:14:29.0491 2072  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:14:29.0519 2072  SNMPTRAP - ok
21:14:29.0539 2072  spd3ssl - ok
21:14:29.0568 2072  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:14:29.0579 2072  spldr - ok
21:14:29.0608 2072  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
21:14:29.0664 2072  Spooler - ok
21:14:29.0748 2072  [ 71E276F6D189413266EA22171806597B ] sptd            C:\Windows\System32\Drivers\sptd.sys
21:14:29.0782 2072  sptd - ok
21:14:29.0823 2072  [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:14:29.0856 2072  SQLBrowser - ok
21:14:29.0909 2072  [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:14:29.0926 2072  SQLWriter - ok
21:14:29.0962 2072  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:14:29.0996 2072  srv - ok
21:14:30.0033 2072  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:14:30.0073 2072  srv2 - ok
21:14:30.0106 2072  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:14:30.0134 2072  srvnet - ok
21:14:30.0160 2072  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:14:30.0187 2072  SSDPSRV - ok
21:14:30.0220 2072  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:14:30.0228 2072  ssmdrv - ok
21:14:30.0272 2072  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:14:30.0288 2072  SstpSvc - ok
21:14:30.0425 2072  [ 05AE358CD777BF8857F512A18E1DE7AA ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
21:14:30.0437 2072  STacSV - ok
21:14:30.0453 2072  Steam Client Service - ok
21:14:30.0518 2072  [ E69A606872650B46DE54EC15DCC93529 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
21:14:30.0554 2072  STHDA - ok
21:14:30.0597 2072  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:14:30.0634 2072  stisvc - ok
21:14:30.0664 2072  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:14:30.0675 2072  swenum - ok
21:14:30.0746 2072  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
21:14:30.0769 2072  swprv - ok
21:14:30.0779 2072  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:14:30.0790 2072  Symc8xx - ok
21:14:30.0804 2072  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:14:30.0815 2072  Sym_hi - ok
21:14:30.0823 2072  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:14:30.0833 2072  Sym_u3 - ok
21:14:30.0890 2072  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:14:30.0904 2072  SynTP - ok
21:14:30.0930 2072  SysCom1 - ok
21:14:30.0971 2072  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
21:14:31.0017 2072  SysMain - ok
21:14:31.0063 2072  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:14:31.0102 2072  TabletInputService - ok
21:14:31.0143 2072  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:14:31.0182 2072  TapiSrv - ok
21:14:31.0237 2072  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
21:14:31.0246 2072  tbhsd - ok
21:14:31.0254 2072  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:14:31.0301 2072  TBS - ok
21:14:31.0349 2072  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:14:31.0404 2072  Tcpip - ok
21:14:31.0431 2072  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:14:31.0507 2072  Tcpip6 - ok
21:14:31.0562 2072  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:14:31.0593 2072  tcpipreg - ok
21:14:31.0623 2072  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:14:31.0661 2072  TDPIPE - ok
21:14:31.0698 2072  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:14:31.0721 2072  TDTCP - ok
21:14:31.0755 2072  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:14:31.0778 2072  tdx - ok
21:14:31.0814 2072  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:14:31.0827 2072  TermDD - ok
21:14:31.0876 2072  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
21:14:31.0904 2072  TermService - ok
21:14:31.0926 2072  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:14:31.0943 2072  Themes - ok
21:14:31.0997 2072  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:14:32.0022 2072  THREADORDER - ok
21:14:32.0062 2072  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:14:32.0108 2072  TrkWks - ok
21:14:32.0183 2072  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:14:32.0201 2072  TrustedInstaller - ok
21:14:32.0224 2072  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:14:32.0270 2072  tssecsrv - ok
21:14:32.0302 2072  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:14:32.0328 2072  tunmp - ok
21:14:32.0364 2072  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:14:32.0376 2072  tunnel - ok
21:14:32.0394 2072  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:14:32.0406 2072  uagp35 - ok
21:14:32.0441 2072  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:14:32.0461 2072  udfs - ok
21:14:32.0484 2072  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:14:32.0508 2072  UI0Detect - ok
21:14:32.0524 2072  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:14:32.0536 2072  uliagpkx - ok
21:14:32.0557 2072  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:14:32.0571 2072  uliahci - ok
21:14:32.0576 2072  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:14:32.0589 2072  UlSata - ok
21:14:32.0594 2072  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:14:32.0606 2072  ulsata2 - ok
21:14:32.0614 2072  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:14:32.0662 2072  umbus - ok
21:14:32.0696 2072  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:14:32.0738 2072  upnphost - ok
21:14:32.0776 2072  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:14:32.0823 2072  USBAAPL - ok
21:14:32.0851 2072  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:14:32.0882 2072  usbccgp - ok
21:14:32.0896 2072  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:14:32.0950 2072  usbcir - ok
21:14:32.0991 2072  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:14:33.0031 2072  usbehci - ok
21:14:33.0068 2072  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:14:33.0104 2072  usbhub - ok
21:14:33.0143 2072  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:14:33.0183 2072  usbohci - ok
21:14:33.0221 2072  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:14:33.0280 2072  usbprint - ok
21:14:33.0333 2072  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:14:33.0364 2072  usbscan - ok
21:14:33.0386 2072  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:14:33.0405 2072  USBSTOR - ok
21:14:33.0419 2072  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:14:33.0451 2072  usbuhci - ok
21:14:33.0477 2072  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:14:33.0526 2072  usbvideo - ok
21:14:33.0554 2072  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
21:14:33.0574 2072  UxSms - ok
21:14:33.0621 2072  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
21:14:33.0662 2072  vds - ok
21:14:33.0707 2072  [ 4D45A93A7DD638CA2DB0A86FBFBF42D1 ] vfs101x         C:\Windows\system32\drivers\vfs101x.sys
21:14:33.0715 2072  vfs101x - ok
21:14:33.0746 2072  [ 7ED51043FED8FFD9577B4B74779D9AF0 ] vfsFPService    C:\Windows\system32\vfsFPService.exe
21:14:33.0767 2072  vfsFPService - ok
21:14:33.0843 2072  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:14:33.0884 2072  vga - ok
21:14:33.0915 2072  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:14:33.0937 2072  VgaSave - ok
21:14:33.0947 2072  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:14:33.0959 2072  viaagp - ok
21:14:33.0976 2072  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:14:33.0998 2072  ViaC7 - ok
21:14:34.0025 2072  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:14:34.0036 2072  viaide - ok
21:14:34.0049 2072  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:14:34.0061 2072  volmgr - ok
21:14:34.0101 2072  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:14:34.0117 2072  volmgrx - ok
21:14:34.0153 2072  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:14:34.0168 2072  volsnap - ok
21:14:34.0253 2072  [ 3730B7B03E2FD363D63E9327E0E1EBEA ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:14:34.0299 2072  vpnagent - ok
21:14:34.0328 2072  [ 1B7C80C66742DAFAA31F98AF4C3A5BC2 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
21:14:34.0336 2072  vpnva - ok
21:14:34.0382 2072  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:14:34.0395 2072  vsmraid - ok
21:14:34.0447 2072  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
21:14:34.0508 2072  VSS - ok
21:14:34.0550 2072  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
21:14:34.0574 2072  W32Time - ok
21:14:34.0585 2072  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:14:34.0624 2072  WacomPen - ok
21:14:34.0638 2072  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:14:34.0671 2072  Wanarp - ok
21:14:34.0675 2072  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:14:34.0695 2072  Wanarpv6 - ok
21:14:34.0724 2072  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:14:34.0747 2072  wcncsvc - ok
21:14:34.0801 2072  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:14:34.0845 2072  WcsPlugInService - ok
21:14:34.0872 2072  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:14:34.0883 2072  Wd - ok
21:14:34.0920 2072  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:14:34.0944 2072  Wdf01000 - ok
21:14:34.0970 2072  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:14:34.0996 2072  WdiServiceHost - ok
21:14:35.0001 2072  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:14:35.0028 2072  WdiSystemHost - ok
21:14:35.0067 2072  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
21:14:35.0107 2072  WebClient - ok
21:14:35.0147 2072  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:14:35.0205 2072  Wecsvc - ok
21:14:35.0210 2072  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:14:35.0231 2072  wercplsupport - ok
21:14:35.0264 2072  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:14:35.0286 2072  WerSvc - ok
21:14:35.0320 2072  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:14:35.0355 2072  winachsf - ok
21:14:35.0419 2072  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:14:35.0433 2072  WinDefend - ok
21:14:35.0440 2072  WinHttpAutoProxySvc - ok
21:14:35.0494 2072  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:14:35.0513 2072  Winmgmt - ok
21:14:35.0567 2072  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:14:35.0666 2072  WinRM - ok
21:14:35.0722 2072  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:14:35.0781 2072  Wlansvc - ok
21:14:35.0955 2072  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:14:36.0043 2072  wlidsvc - ok
21:14:36.0086 2072  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:14:36.0118 2072  WmiAcpi - ok
21:14:36.0159 2072  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:14:36.0193 2072  wmiApSrv - ok
21:14:36.0258 2072  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:14:36.0323 2072  WMPNetworkSvc - ok
21:14:36.0343 2072  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:14:36.0364 2072  WPCSvc - ok
21:14:36.0390 2072  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:14:36.0443 2072  WPDBusEnum - ok
21:14:36.0489 2072  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:14:36.0501 2072  WpdUsb - ok
21:14:36.0647 2072  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:14:36.0683 2072  WPFFontCache_v0400 - ok
21:14:36.0726 2072  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:14:36.0770 2072  ws2ifsl - ok
21:14:36.0775 2072  WSearch - ok
21:14:36.0864 2072  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:14:37.0005 2072  wuauserv - ok
21:14:37.0057 2072  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:14:37.0082 2072  WudfPf - ok
21:14:37.0132 2072  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:14:37.0155 2072  WUDFRd - ok
21:14:37.0258 2072  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:14:37.0273 2072  wudfsvc - ok
21:14:37.0310 2072  XDva346 - ok
21:14:37.0326 2072  XDva347 - ok
21:14:37.0337 2072  XDva349 - ok
21:14:37.0402 2072  [ 8903C6979EA677A9AF3D36E0D3709203 ] {22D78859-9CE9-4B77-BF18-AC83E81A9263} C:\Program Files\HP\QuickPlay\000.fcl
21:14:37.0410 2072  {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
21:14:37.0417 2072  ================ Scan global ===============================
21:14:37.0435 2072  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:14:37.0463 2072  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:14:37.0486 2072  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:14:37.0526 2072  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:14:37.0529 2072  [Global] - ok
21:14:37.0529 2072  ================ Scan MBR ==================================
21:14:37.0536 2072  [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
21:14:37.0995 2072  \Device\Harddisk0\DR0 - ok
21:14:37.0995 2072  ================ Scan VBR ==================================
21:14:37.0997 2072  [ A0EBCB7DEB2BE24A931F74D927CF0651 ] \Device\Harddisk0\DR0\Partition1
21:14:37.0999 2072  \Device\Harddisk0\DR0\Partition1 - ok
21:14:38.0005 2072  [ 0441368A0438C29CBE5277BC5FC3C538 ] \Device\Harddisk0\DR0\Partition2
21:14:38.0006 2072  \Device\Harddisk0\DR0\Partition2 - ok
21:14:38.0016 2072  [ 70EFE2A9B0E6E70B3B293B2D258261F2 ] \Device\Harddisk0\DR0\Partition3
21:14:38.0018 2072  \Device\Harddisk0\DR0\Partition3 - ok
21:14:38.0018 2072  ============================================================
21:14:38.0018 2072  Scan finished
21:14:38.0018 2072  ============================================================
21:14:38.0027 2856  Detected object count: 5
21:14:38.0027 2856  Actual detected object count: 5
21:15:27.0453 2856  C:\Windows\system32\Drivers\CVPNDRVA.sys - copied to quarantine
21:15:27.0454 2856  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:15:27.0522 2856  C:\Program Files\DigitalPersona\Bin\DpHostW.exe - copied to quarantine
21:15:27.0522 2856  DpHost ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:15:27.0544 2856  C:\Windows\System32\ezsvc7.dll - copied to quarantine
21:15:27.0545 2856  ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:15:27.0597 2856  c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe - copied to quarantine
21:15:27.0597 2856  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:15:27.0619 2856  C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe - copied to quarantine
21:15:27.0620 2856  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:16:27.0204 3064  Deinitialize success
         
@Edit ich konnte feststellen, dass die Fehlermeldung aswMBR funktioniert nicht mehr immer dann kommt wenn er folgendes Verzeichnis gerade scannt (ich kann leider nicht kompletten erkennen da ich das fenster nicht vergrößern kann) :
C:\Windows\assembly\GAC_MSIL\Microsoft.TeamFoundation.WorkItemTracking

Da ich weiss wo er crasht habe ich vorher eine Log gespeichert
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 21:29:17
-----------------------------
21:29:17.292    OS Version: Windows 6.0.6002 Service Pack 2
21:29:17.292    Number of processors: 2 586 0x1706
21:29:17.307    ComputerName: BASTI-PC  UserName: Basti
21:29:18.384    Initialize success
21:29:26.356    The log file has been saved successfully to "C:\Users\Basti\Desktop\aswMBR.txt"
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 21:29:17
-----------------------------
21:29:17.292    OS Version: Windows 6.0.6002 Service Pack 2
21:29:17.292    Number of processors: 2 586 0x1706
21:29:17.307    ComputerName: BASTI-PC  UserName: Basti
21:29:18.384    Initialize success
21:29:26.356    The log file has been saved successfully to "C:\Users\Basti\Desktop\aswMBR.txt"
21:29:27.106    AVAST engine defs: 13031700
21:29:30.472    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:29:30.488    Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
21:29:30.566    Disk 0 MBR read successfully
21:29:30.566    Disk 0 MBR scan
21:29:30.581    Disk 0 unknown MBR code
21:29:30.581    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       196061 MB offset 63
21:29:30.612    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99999 MB offset 401534976
21:29:30.628    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS         9180 MB offset 606334976
21:29:30.675    Disk 0 scanning sectors +625135616
21:29:30.753    Disk 0 scanning C:\Windows\system32\drivers
21:29:46.369    Service scanning
21:30:18.677    Modules scanning
21:30:32.467    Disk 0 trace - called modules:
21:30:32.561    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll iaStor.sys 
21:30:32.561    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87ee66f0]
21:30:32.561    3 CLASSPNP.SYS[82e0b8b3] -> nt!IofCallDriver -> [0x87ee6c48]
21:30:32.561    5 hpdskflt.sys[8bfb4f92] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x869b9028]
21:30:34.090    AVAST engine scan C:\Windows
21:30:44.963    AVAST engine scan C:\Windows\system32
21:30:49.097    Disk 0 MBR has been saved successfully to "C:\Users\Basti\Desktop\MBR.dat"
21:30:49.097    The log file has been saved successfully to "C:\Users\Basti\Desktop\aswMBR.txt"
         

Geändert von BoBoB (17.03.2013 um 21:46 Uhr)

Alt 18.03.2013, 09:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 10:55   #9
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Moin Moin

ich habe ComboFix gestartet und vorher mein AntiVir Avira deaktiviert und meine Internetverbindung auch gekappt. Dennoch kam die Warnung, dass mein AntiVir noch aktiv ist. Habe es wie in der Anleitung beschrieben ist ignoriert und Scan gestartet. Durchzufall sah ich dass mein Pc einen Neustart gemacht hat, danach ging der Scan weiter jedoch mit laufenden AntiVir Scanner - laut Anleitung sollte ich ja keine Bewegung mit der Maus machen. Nachdem der Scan fertig war erschien die Log.txt und Windows meldetete neue Updates installiert. (wo auch immer er die erlaubnis dafür hatte diese zu installieren)


ComboFix.txt
Code:
ATTFilter
ComboFix 13-03-17.01 - Basti 18.03.2013  10:22:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.2004 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\CFLog
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Win1970.Conf.Collection.sys
c:\users\Basti\Documents\~2dZeichnung_neuee1.dwg.tmp
c:\users\Basti\Documents\~FERTIG.dwg.tmp
c:\users\Basti\Documents\~nummern.dwg.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\IsUn0407.exe
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\ijl11.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\regobj.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-18 bis 2013-03-18  ))))))))))))))))))))))))))))))
.
.
2013-03-15 12:03 . 2013-03-15 12:03	--------	d-----w-	c:\windows\ERUNT
2013-03-15 12:02 . 2013-03-15 12:03	--------	d-----w-	C:\JRT
2013-03-14 15:02 . 2013-03-14 15:02	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-14 15:02 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-13 20:45 . 2013-03-13 20:45	--------	d-----w-	c:\users\Basti\AppData\Roaming\LavasoftStatistics
2013-03-13 20:41 . 2013-03-13 20:48	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-03-13 20:36 . 2013-03-13 20:45	--------	d-----w-	c:\program files\Ad-Aware Antivirus
2013-03-13 20:33 . 2013-03-13 20:33	--------	d-----w-	c:\programdata\Downloaded Installations
2013-03-13 20:33 . 2013-03-13 20:33	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2013-03-13 20:33 . 2013-03-13 20:33	--------	d-----w-	c:\program files\Toolbar Cleaner
2013-03-13 20:31 . 2013-03-13 23:01	--------	d-----w-	c:\users\Basti\AppData\Roaming\Ad-Aware Antivirus
2013-03-13 20:31 . 2013-03-13 20:31	44424	----a-w-	c:\windows\system32\sbbd.exe
2013-03-13 20:31 . 2013-03-13 20:31	13560	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-03-12 21:02 . 2013-03-12 21:02	--------	d-----w-	c:\program files\NVIDIA Corporation
2013-03-11 10:17 . 2013-03-11 10:18	--------	d-----w-	C:\RegioprojektCheck
2013-03-02 20:42 . 2013-03-02 20:42	--------	d-----w-	c:\users\Basti\AppData\Roaming\Easy2Convert
2013-02-28 12:22 . 2013-02-28 12:22	--------	d-----w-	c:\users\Basti\DropBox_Hcu
2013-02-24 19:24 . 2013-02-24 19:24	--------	d-----w-	c:\program files\iPod
2013-02-24 19:24 . 2013-02-24 19:24	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-24 19:24 . 2013-02-24 19:24	--------	d-----w-	c:\program files\iTunes
2013-02-21 15:15 . 2013-02-21 15:15	--------	d-----w-	c:\program files\Common Files\Java
2013-02-21 15:14 . 2013-02-21 15:14	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 08:22 . 2013-02-18 08:22	884072	----a-w-	c:\windows\system32\nvhdagenco3220103.dll
2013-02-18 08:22 . 2013-02-18 08:22	67432	----a-w-	c:\windows\system32\nvapo32v.dll
2013-02-18 08:22 . 2013-02-18 08:22	28008	----a-w-	c:\windows\system32\nvhdap32.dll
2013-02-18 08:22 . 2013-02-18 08:22	149352	----a-w-	c:\windows\system32\drivers\nvhda32v.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 18:25 . 2013-01-19 19:36	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 18:25 . 2013-01-19 19:36	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-21 15:14 . 2012-05-19 09:00	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-21 15:14 . 2010-10-19 16:55	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-08 00:45 . 2013-03-12 10:27	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{78D98F9F-A449-41FC-B35F-BAF97D4D0E02}\mpengine.dll
2013-01-17 00:28 . 2009-10-02 23:40	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-11 10:39 . 2013-01-19 11:45	88576	----a-w-	c:\windows\system32\pdfcmon.dll
2013-01-09 13:52 . 2012-02-07 09:02	1070152	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2013-01-05 05:26 . 2013-02-15 17:59	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:26 . 2013-02-15 17:59	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 11:28 . 2013-02-15 17:59	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-15 17:59	2048512	----a-w-	c:\windows\system32\win32k.sys
2008-08-16 16:42 . 2013-03-08 11:19	13112	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2013-03-08 11:19	70456	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2013-03-08 11:19	91448	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2013-03-08 11:19	20800	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2013-03-08 11:19	206136	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2013-03-08 11:19	31032	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2013-03-08 11:19	40248	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2013-03-08 11:19	479232	----a-w-	c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2013-03-08 11:19	548864	----a-w-	c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2013-03-08 11:19	626688	----a-w-	c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 12:58 . 2013-03-08 11:19	648504	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2013-03-08 11:19	23864	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-03-08 11:19 . 2013-03-08 11:19	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"razertra"="p:\programme\Razer\razertra.exe" [2004-10-10 208896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCU-CHEK® 360° – Automatische Erkennung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ACCU-CHEK® 360° – Automatische Erkennung.lnk
backup=c:\windows\pss\ACCU-CHEK® 360° – Automatische Erkennung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZyAIR USB Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZyAIR USB Utility.lnk
backup=c:\windows\pss\ZyAIR USB Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-01-31 15:11	542632	----a-w-	c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20	57344	----a-w-	p:\programme\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 05:58	75008	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28	124480	----a-w-	c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 10:43	226904	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-01 16:42	554288	----a-w-	c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45	202032	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-23 21:51	468264	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 13:55	222504	------w-	c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:48	1595520	----a-w-	p:\programme\Winamp\winamp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 10:55	7680	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 18:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\aukokvmq.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/#hl=de&tbo=d&sclient=psy-ab&q=
FF - prefs.js: network.proxy.ftp - 64.34.197.103
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - 194.152.42.153
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 64.79.72.50
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 64.34.197.103
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - 64.34.197.103
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
SafeBoot-02124864.sys
SafeBoot-29535554.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-OdTray - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-SP_d201b363 - c:\program files\SaveByClick\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-18 10:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(908)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-18  10:48:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-18 09:48
.
Vor Suchlauf: 14 Verzeichnis(se), 52.352.000.000 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 51.867.566.080 Bytes frei
.
- - End Of File - - 4F37EDAF40C037E45D32B43A8568AFDA
         

Alt 18.03.2013, 12:08   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 12:43   #11
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Hatte keine Schwierigkeiten - anbei die Logs

JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Basti on 18.03.2013 at 12:13:00,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\aukokvmq.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2013 at 12:16:00,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner.txt
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 18/03/2013 um 12:20:08 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Basti - BASTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Basti\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Basti\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\aukokvmq.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\skcfyyzb.Basti\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4737 octets] - [15/03/2013 16:11:13]
AdwCleaner[S2].txt - [1428 octets] - [18/03/2013 12:20:08]

########## EOF - C:\AdwCleaner[S2].txt - [1488 octets] ##########
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 18.03.2013 12:26:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,25% Memory free
6,19 Gb Paging File | 5,37 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,47 Gb Total Space | 48,43 Gb Free Space | 25,29% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 8,59 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{388F357C-C2D6-4457-B2E5-ABE458BD4210}" = protocol=17 | dir=in | app=p:\programme\ida\idag.exe | 
"{55215E47-F444-44E2-AEA1-D43752E978AF}" = protocol=6 | dir=in | app=p:\programme\ida\idag.exe | 
"{A97FA77C-235C-41CA-BE94-9C501D8D8D75}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{AA715525-65CA-4CAA-B84C-954939C12DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{238051FC-D06F-460E-8716-2446051DCFAC}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2786935E-2636-4ACA-8B63-45F15CB9860D}P:\programme\kalonline2\engine.exe" = protocol=6 | dir=in | app=p:\programme\kalonline2\engine.exe | 
"TCP Query User{2D4E5B59-0E3E-4883-B742-D9B94B856342}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{3295D796-5FBB-45F9-A437-9A5E53929788}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"TCP Query User{362BBF82-FA1A-4D85-9152-49CD58C4490C}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{426D8183-0C06-4A66-A178-747D0FED5CD6}P:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=p:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe | 
"TCP Query User{7CE275E3-097A-4AA0-9EFF-5D27DEF2EE35}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{982AAACF-A03B-486A-913A-B66D16C97F55}P:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=p:\programme\winamp\winamp.exe | 
"TCP Query User{99A37927-1BB0-45E1-8C64-490F494983F1}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{A8149DC9-2465-4503-A443-0A42B97251DD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{AC086CF6-4D95-4B76-9A51-A2A3D4A390C4}P:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=p:\programme\winamp\winamp.exe | 
"TCP Query User{B7836EEA-149C-4877-9DBF-F86D547D1F83}C:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe" = protocol=6 | dir=in | app=c:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe | 
"TCP Query User{C1851ABE-661B-4101-97E8-E9E8399C8CBB}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{DA0D4A79-085D-45D9-AB29-2F0CB6D839EB}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"TCP Query User{E3336F3E-4682-4179-B323-EF4383741CB0}P:\programme\python26\arcgis10.0\pythonw.exe" = protocol=6 | dir=in | app=p:\programme\python26\arcgis10.0\pythonw.exe | 
"TCP Query User{E969CC9A-7A59-4C1B-85DA-B0AEAC794445}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{F76F3247-9A85-4359-BCD1-A0FA208FBD95}P:\programme\kalonline2\engine.exe" = protocol=6 | dir=in | app=p:\programme\kalonline2\engine.exe | 
"UDP Query User{1470591A-9EA0-4DCA-B867-8D9F66160E09}P:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=p:\programme\winamp\winamp.exe | 
"UDP Query User{238C5755-A80A-433F-A920-46EA995FD20E}P:\programme\kalonline2\engine.exe" = protocol=17 | dir=in | app=p:\programme\kalonline2\engine.exe | 
"UDP Query User{38E2204D-1156-4413-BB3C-F58B084DB254}P:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=p:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe | 
"UDP Query User{6BF3AAE1-A28F-4B44-A5F6-6E5B1260C5A9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{6D6D39FB-AFAC-44A3-A95C-53D8CE9D2DF2}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"UDP Query User{7E229C8C-491F-4112-8ABC-970244C1937C}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{82F12BC0-CC50-40A1-9F1C-F9FBC71E7E3A}P:\programme\kalonline2\engine.exe" = protocol=17 | dir=in | app=p:\programme\kalonline2\engine.exe | 
"UDP Query User{A7A0DE70-FBD8-40C3-891B-9CC80B9AD982}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{AACCC60A-5D0E-4723-84A9-77B818A012B7}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"UDP Query User{AD0F4155-B60A-4721-9DDD-F7FBC9900906}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"UDP Query User{B0880210-BCBB-4189-8C58-E93DEA7004A1}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"UDP Query User{C1F658E6-BBE7-4FF0-B293-0AB8F0C26CDF}P:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=p:\programme\winamp\winamp.exe | 
"UDP Query User{DBA72A8F-ED07-44F6-A8B0-FEBD4FD77A50}C:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe" = protocol=17 | dir=in | app=c:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe | 
"UDP Query User{DF6F7223-044F-4962-959A-11B440CC08D5}P:\programme\python26\arcgis10.0\pythonw.exe" = protocol=17 | dir=in | app=p:\programme\python26\arcgis10.0\pythonw.exe | 
"UDP Query User{F37ADE08-33E7-48FB-80B2-10B78CA9F529}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F0F4D26-B01D-4C13-AADB-CF1FB2D50C1E}" = Microsoft Windows Software Development Kit for Windows Vista Update Win32 Documentation (6000.16384.10)
"{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}" = Ad-Aware Antivirus
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1910DA3B-AC76-4902-8C5C-A4F75EB0961F}" = ACCU-CHEK 360°
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{216B2D77-E514-4D3E-9E03-E74D3E15D084}" = Microsoft Windows Software Development Kit for Windows Vista Update Utilities for .NET Development (6000.16384.10)
"{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK
"{22898134-089F-4751-A7DF-43E3F7FAE10F}" = Microsoft Windows Software Development Kit for Windows Vista Update Headers and Libraries (6000.16384.10)
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23EE5D9A-72D4-4529-9B8D-E1BB6B53F008}" = Microsoft Windows Software Development Kit for Windows Vista Update Debug Symbols for .NET Development (6000.16384.10)
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26016EAB-8C1B-4CF2-97E3-BDC943B2D8AF}" = Microsoft Windows Software Development Kit for Windows Vista Update Samples (6000.16384.10)
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACCUCHEK360)
"{2C0622F2-2E68-468C-AA43-0CF81D3ACF14}" = Detours Express 3.0
"{2D7F824B-6744-4C30-B78B-0966E9BD461D}" = KalOnlineEng
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{34C8D2D7-0C52-4D57-B774-959EF539F4C6}" = MySQL Connector C++ 1.1.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3729DED6-BAC0-4010-A3F1-FD72ED035C9D}" = MySQL Connector J
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AF6EF15-5841-4FF8-A3FC-5B2400AB9145}" = Borland Data Engine
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4C89A3C8-97E8-43A6-8DEC-5DE09098ACD0}" = Microsoft Windows Software Development Kit for Windows Vista Update Compilers (6000.16384.10)
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5783F2D7-A000-0407-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0407-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - Deutsch
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5C741A01-05D6-4306-BA6A-DC8401285AE8}" = Debugging Tools for Windows
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.30, 2013.01.21
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6C72788B-E203-4585-A5E6-E086D10439A6}" = Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846D9AAD-EA7D-4126-9177-F874FD389BE4}" = Microsoft FxCop 1.35
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{849B70E0-55C8-4BDD-9EC5-84502B7AF594}" = Microsoft Windows Software Development Kit for Windows Vista Update Common Utilities (6000.16384.10)
"{85C6CE1E-2A22-4C5A-A8A1-9DBFBEA81DE1}" = Razer
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A52A73-B0B7-4BDA-BAED-83D054F63FAE}" = pgAdmin III 1.8
"{B4D8FC32-3728-4BCB-88BE-C762412E1B19}" = Microsoft Windows Software Development Kit for Windows Vista Update .NET Documentation (6000.16384.10)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFA81765-AC83-48A0-96ED-0188C503D255}" = Microsoft Windows Software Development Kit for Windows Vista Update Utilities for Win32 Development (6000.16384.10)
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E08EC542-BC5F-4F26-BBB9-E426BA007A31}" = OneTouch USB Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = OneTouch-Software
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"3309-7404-0599-8908" = yEd Graph Editor 3.9.2
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.3.8
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"AudioBurst" = AudioBurst FX Engine
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bridge Builder" = Bridge Builder
"CloneCD" = CloneCD
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2011" = DWG TrueView 2011
"ENTERPRISE" = Microsoft Office Enterprise 2007
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.14.627
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.3.815
"FugroViewer" = FugroViewer (Remove Only)
"Git_is1" = Git version 1.7.11-preview20120710
"Hamachi" = Hamachi 1.0.3.0
"Hardcopy(P__Programme_Hardcopy)" = Hardcopy (P:\Programme\Hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"IDA Pro_is1" = IDA Pro Advanced v5.2 with WinCE v5.0 debugger
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1910DA3B-AC76-4902-8C5C-A4F75EB0961F}" = ACCU-CHEK 360°
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"libxml2-python-py2.6" = Python 2.6 libxml2-python-2.7.7
"lxml-py2.6" = Python 2.6 lxml-2.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Maple 14" = Maple 14
"Maple Toolbox" = Maple Toolbox
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MISEC" = Monkey Island™ Special Edition Collection
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PowerTools Lite EX 2013" = PowerTools Lite EX 2013
"PSPad editor_is1" = PSPad editor
"pywin32-py2.6" = Python 2.6 pywin32-217
"SDKSetup_6.1.6000.16384" = Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"streamWriter_is1" = streamWriter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.1 beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"68c6678448324991" = GitHub
"TabComponentsDemo" = TabComponentsDemo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect VPN Client Events ]
Error - 01.03.2013 06:15:57 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 241 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1261 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1262 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 828 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1657 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 01.03.2013 06:42:16 | Computer Name = Basti-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 01.03.2013 06:42:16 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::GetActiveSessionId File: .\WTS.cpp Line: 155 Invoked 
Function: CWTS::GetActiveSessionId Return Code: -30605303 (0xFE2D0009) Description:
 WTS_ERROR_UNEXPECTED Active user session not found
 
Error - 01.03.2013 06:42:19 | Computer Name = Basti-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ OSession Events ]
Error - 30.04.2010 06:14:47 | Computer Name = Basti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.03.2013 07:24:15 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 18.03.2013 07:24:15 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 18.03.2013 12:26:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,25% Memory free
6,19 Gb Paging File | 5,37 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,47 Gb Total Space | 48,43 Gb Free Space | 25,29% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 8,59 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Git\git-cheetah\git_shell_ext.dll ()
MOD - P:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- P:\Programme\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (MSSQL$ACCUCHEK360) -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SentinelProtectionServer) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found
DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found
DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found
DRV - (SysCom1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.836\Ghost Killer\SoRa.sys File not found
DRV - (spd3ssl) -- P:\Program Files\Spyware Process Detector\spd317.sys File not found
DRV - (ROCKSTAR) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.966\ksysdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (KIKIDRIVER) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.355\Kiki Engine 1.41\kiki.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (injectDLL) -- P:\Downloads\ProInjector\injectDLL.sys File not found
DRV - (GGSAFERDriver) -- P:\Programme\Garena\safedrv.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (BeSk81) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.000\Let's Engine 3.0\BeSk8.sys File not found
DRV - (ampro) -- P:\Program Files\ArtMoney\artmoney.sys File not found
DRV - (AhnRptTfFRegFNT) -- C:\Users\Basti\AppData\Local\Temp\nsb585F.tmp\TfFRegNt.sys File not found
DRV - (ahaaha1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.647\ahaaha.sys File not found
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (d3d9) -- C:\Windows\System32\d3d9.dll (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Programme\HP\QuickPlay\000.fcl (Cyberlink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (mirrorv3) -- C:\Windows\System32\drivers\rminiv3.sys (Famatech International Corp.)
DRV - (Sentinel) -- C:\Windows\System32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D9A80BB3-B0E4-4B4D-93DF-67B60F57DAC5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{DE9FEAA3-5CD2-4DC3-A08D-D2562FDD252F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://www.google.de/#hl=de&tbo=d&sclient=psy-ab&q="
FF - prefs.js..network.proxy.backup.ftp: "210.48.147.94"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "71.59.14.27"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "210.48.147.94"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "210.48.147.94"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "64.34.197.103"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "194.152.42.153"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "64.79.72.50"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.34.197.103"
FF - prefs.js..network.proxy.socks_port: 8118
FF - prefs.js..network.proxy.ssl: "64.34.197.103"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.13 21:33:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:19:20 | 000,000,000 | ---D | M]
 
[2008.11.01 01:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\aukokvmq.default\extensions
[2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\skcfyyzb.Basti\extensions
[2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㐰䄭䍂䕄䙆䑅䉃絁
[2013.03.08 12:19:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.06.17 19:29:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 11:48:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 19:29:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 19:29:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 19:29:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 19:29:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: SaveByclick = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijppfghbmeajainbpmmkjfmhehilndgf\1\
 
O1 HOSTS File: ([2013.03.18 10:37:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razertra] P:\Programme\Razer\razertra.exe (Razer Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7AA3E2-2931-41EE-9555-06444FCB7085}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.18 12:24:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.03.18 10:48:25 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\temp
[2013.03.18 10:45:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.18 10:19:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.18 10:19:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.18 10:19:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.18 10:18:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.18 10:17:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.18 10:17:14 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe
[2013.03.17 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{DD9C975A-53C4-43C4-A7C9-6DFC245F4FA2}
[2013.03.17 21:03:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe
[2013.03.17 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\mbar
[2013.03.16 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{421DB4F4-5DAE-4457-84D7-23E7CC61A15B}
[2013.03.15 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E345532B-4F57-4277-AAFB-A22DEE6A824C}
[2013.03.15 16:15:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe
[2013.03.15 13:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.15 13:02:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.15 13:02:01 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe
[2013.03.15 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FC0E752-D7AE-4B65-A00F-06664B5E792C}
[2013.03.14 16:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 16:02:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.14 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.13 21:55:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 21:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 21:55:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 21:55:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 21:55:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 21:55:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 21:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 21:55:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\LavasoftStatistics
[2013.03.13 21:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.03.13 21:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.03.13 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.03.13 21:36:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.13 21:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.03.13 21:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.03.13 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.03.13 21:31:41 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.03.13 21:31:41 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.03.13 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Ad-Aware Antivirus
[2013.03.13 20:22:47 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2013.03.13 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FA42786-F677-4876-B5AD-11EC60DF76E7}
[2013.03.12 22:55:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E43E1612-E4CD-43DD-AC2C-9FBAD0747AF5}
[2013.03.12 22:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.11 21:47:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7DF7DEB3-3D6F-49B4-B968-98422EC87FFC}
[2013.03.11 11:17:42 | 000,000,000 | ---D | C] -- C:\RegioprojektCheck
[2013.03.11 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{ADF33BC3-4BDC-44FF-B583-257CD9A98642}
[2013.03.10 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AAE422AF-8E02-4D3D-A0A8-12B8D4439A33}
[2013.03.09 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D26412A9-50B9-4C1E-A5C0-498A5C9B2619}
[2013.03.08 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{9084219C-2EDC-4666-A26F-00892C771905}
[2013.03.08 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.08 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A8E23A8A-89F5-49CA-B4AE-DB8E8006EA12}
[2013.03.07 13:32:40 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{73DB2423-C761-40C5-BD8F-26E80671D141}
[2013.03.06 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{35935447-B316-4B04-8A41-76BEF822B7FD}
[2013.03.05 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7329F463-C1FA-447B-9280-2B23D0D6C5D4}
[2013.03.04 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Oma_silber
[2013.03.04 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D93B6735-3620-43B4-89AB-3F12E2FC1928}
[2013.03.03 14:29:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A72CF85F-7944-4894-82F6-1FE9C5024F7A}
[2013.03.02 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Easy2Convert
[2013.03.02 18:12:50 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{92A724D6-3210-43B1-9F54-999535D6B387}
[2013.03.01 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AD0E481F-870B-4465-9CF3-017141BD09A0}
[2013.02.28 13:22:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\DropBox_Hcu
[2013.02.28 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A04E3D91-FE3D-4CED-BDEA-27EA4B434216}
[2013.02.27 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Bachelorarbeit
[2013.02.27 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5ABAC6BF-2999-4760-B0DB-F1BCCDCE9185}
[2013.02.26 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7513401B-6D46-4288-A92A-2A79F716A526}
[2013.02.25 13:21:24 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{CF5882A0-FEF5-4088-8A75-240D789259BF}
[2013.02.24 20:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.24 20:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.24 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Krankenkasse
[2013.02.24 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AFA46DB8-4CBB-4DAA-A05D-36CA098B6C97}
[2013.02.23 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{72C21F51-23E0-4141-BAC1-58B132102A7E}
[2013.02.22 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5FCC6DBA-9A65-4B39-AF1C-A2B07F2DE6BF}
[2013.02.21 16:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.21 16:14:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.21 16:14:38 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.21 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7BB84EFE-2E55-43D3-8B58-535A82B5608C}
[2013.02.20 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{102FF5FB-5AD6-4670-A61C-855B5FCB2AC9}
[2013.02.18 09:22:18 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.02.18 09:22:18 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.02.18 09:22:18 | 000,067,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2013.02.18 09:22:18 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.02.16 16:50:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{939C9AB4-81F2-44A4-A676-5059540594BD}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.18 12:25:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.18 12:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.03.18 12:22:11 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.18 12:22:10 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.18 12:21:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 12:21:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 12:21:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.18 12:21:15 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.18 12:19:20 | 000,609,993 | ---- | M] () -- C:\Users\Basti\Desktop\adwcleaner.exe
[2013.03.18 10:37:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.18 10:14:31 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe
[2013.03.17 21:30:49 | 000,000,512 | ---- | M] () -- C:\Users\Basti\Desktop\MBR.dat
[2013.03.17 21:03:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe
[2013.03.17 16:43:35 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe
[2013.03.15 21:12:30 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013.03.15 16:17:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe
[2013.03.15 13:02:01 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe
[2013.03.14 16:17:17 | 000,613,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.14 16:02:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 15:48:27 | 000,012,585 | ---- | M] () -- C:\Users\Basti\Desktop\Desktop.7z
[2013.03.14 14:40:05 | 405,404,546 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.14 13:49:58 | 000,000,020 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2013.03.14 11:07:22 | 000,778,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.14 11:07:22 | 000,728,700 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.14 11:07:22 | 000,187,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.14 11:07:22 | 000,155,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.13 21:48:26 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.03.13 21:31:41 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.03.13 21:31:41 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.03.12 19:25:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 19:25:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.24 20:24:52 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 17:38:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013.02.22 17:38:14 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013.02.21 16:14:26 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.21 16:14:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.21 16:14:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.21 16:14:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.20 00:17:49 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.18 09:22:18 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.02.18 09:22:18 | 000,067,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2013.02.18 09:22:18 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.02.16 16:03:26 | 000,446,065 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215437.backup
[2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215716.backup
[2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215525.backup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.18 12:19:18 | 000,609,993 | ---- | C] () -- C:\Users\Basti\Desktop\adwcleaner.exe
[2013.03.18 10:19:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.18 10:19:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.18 10:19:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.18 10:19:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.18 10:19:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.17 21:30:49 | 000,000,512 | ---- | C] () -- C:\Users\Basti\Desktop\MBR.dat
[2013.03.17 19:50:28 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.17 16:43:34 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe
[2013.03.14 16:02:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 15:48:27 | 000,012,585 | ---- | C] () -- C:\Users\Basti\Desktop\Desktop.7z
[2013.03.14 13:49:42 | 000,000,020 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2013.03.13 21:36:49 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.02.24 20:24:52 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.30 11:44:24 | 000,000,020 | -HS- | C] () -- C:\Users\Basti\AppData\Roaming\App4870.ConfCollection.bin
[2012.10.19 22:45:31 | 000,000,888 | ---- | C] () -- C:\Users\Basti\recStudio.ini
[2012.10.19 22:40:48 | 000,000,263 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012.09.17 15:32:31 | 000,000,130 | ---- | C] () -- C:\Users\Basti\.bash_history
[2012.09.17 14:30:44 | 000,000,094 | ---- | C] () -- C:\Users\Basti\.gitconfig
[2012.06.29 12:04:08 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2012.06.29 12:04:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ZDTRLib.DLL
[2012.06.29 12:04:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ZD12APP.dll
[2012.06.29 12:04:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\PassAPP.dll
[2012.06.29 12:04:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\INSAPP.dll
[2012.06.29 12:04:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2012.03.25 19:37:24 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2012.03.25 19:37:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader26.dll
[2012.03.25 19:37:23 | 000,358,912 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2012.02.21 23:49:42 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled13_MAS.bak
[2012.02.21 23:49:33 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled12_MAS.bak
[2012.02.18 16:11:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.12.10 13:05:43 | 000,000,000 | ---- | C] () -- C:\Users\Basti\Programme
[2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.08.30 12:54:49 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.05 17:16:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.05 17:16:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.03.22 11:27:59 | 000,041,890 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\room.dat
[2009.07.31 17:54:45 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Local\PUTTY.RND
[2009.03.26 22:24:34 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\winscp.rnd
[2009.02.15 01:31:22 | 000,022,328 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys
[2008.12.28 18:44:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.11.16 20:52:34 | 000,000,142 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\wklnhst.dat
[2008.11.11 09:52:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.04 11:32:49 | 000,024,206 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\UserTile.png
[2008.11.02 21:13:01 | 000,000,680 | ---- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[2008.11.01 19:11:10 | 000,010,240 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:EA09D10B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F589C83D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CDEC4D21
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5678F84F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AE8A440
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F

< End of report >
         

Alt 18.03.2013, 13:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found
DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found
DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found
DRV - (SysCom1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.836\Ghost Killer\SoRa.sys File not found
DRV - (spd3ssl) -- P:\Program Files\Spyware Process Detector\spd317.sys File not found
DRV - (ROCKSTAR) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.966\ksysdrv.sys File not found
DRV - (KIKIDRIVER) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.355\Kiki Engine 1.41\kiki.sys File not found
DRV - (BeSk81) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.000\Let's Engine 3.0\BeSk8.sys File not found
DRV - (ampro) -- P:\Program Files\ArtMoney\artmoney.sys File not found
DRV - (AhnRptTfFRegFNT) -- C:\Users\Basti\AppData\Local\Temp\nsb585F.tmp\TfFRegNt.sys File not found
DRV - (ahaaha1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.647\ahaaha.sys File not found
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:EA09D10B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F589C83D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CDEC4D21
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5678F84F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AE8A440
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 13:07   #13
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Hat geklappt alles - jedoch beim Ok klicken zur Bestätigung des Neustarts ist im selben Moment mein AntiVir auf gegangen und sagte irgendetwas Blockiert Zugriff oder so - konnte es nicht schnell genug lesen

Hier die log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
File  C:\Windows\system32\XDva349.sys File not found not found.
Service XDva347 stopped successfully!
Service XDva347 deleted successfully!
File  C:\Windows\system32\XDva347.sys File not found not found.
Service XDva346 stopped successfully!
Service XDva346 deleted successfully!
File  C:\Windows\system32\XDva346.sys File not found not found.
Service SysCom1 stopped successfully!
Service SysCom1 deleted successfully!
File  C:\Users\Basti\AppData\Local\Temp\Rar$EX00.836\Ghost Killer\SoRa.sys File not found not found.
Service spd3ssl stopped successfully!
Service spd3ssl deleted successfully!
File  P:\Program Files\Spyware Process Detector\spd317.sys File not found not found.
Service ROCKSTAR stopped successfully!
Service ROCKSTAR deleted successfully!
File  C:\Users\Basti\AppData\Local\Temp\Rar$EX00.966\ksysdrv.sys File not found not found.
Service KIKIDRIVER stopped successfully!
Service KIKIDRIVER deleted successfully!
File  C:\Users\Basti\AppData\Local\Temp\Rar$EX01.355\Kiki Engine 1.41\kiki.sys File not found not found.
Service BeSk81 stopped successfully!
Service BeSk81 deleted successfully!
File  C:\Users\Basti\AppData\Local\Temp\Rar$EX01.000\Let's Engine 3.0\BeSk8.sys File not found not found.
Service ampro stopped successfully!
Service ampro deleted successfully!
File  P:\Program Files\ArtMoney\artmoney.sys File not found not found.
Service AhnRptTfFRegFNT stopped successfully!
Service AhnRptTfFRegFNT deleted successfully!
File  C:\Users\Basti\AppData\Local\Temp\nsb585F.tmp\TfFRegNt.sys File not found not found.
Service ahaaha1 stopped successfully!
Service ahaaha1 deleted successfully!
File  C:\Users\Basti\AppData\Local\Temp\Rar$EX00.647\ahaaha.sys File not found not found.
ADS C:\ProgramData\TEMP:EA09D10B deleted successfully.
ADS C:\ProgramData\TEMP:F589C83D deleted successfully.
ADS C:\ProgramData\TEMP:CDEC4D21 deleted successfully.
ADS C:\ProgramData\TEMP:5678F84F deleted successfully.
ADS C:\ProgramData\TEMP:7AE8A440 deleted successfully.
ADS C:\ProgramData\TEMP:CE2C623F deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Basti\Desktop\cmd.bat deleted successfully.
C:\Users\Basti\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 33816 bytes
->Temporary Internet Files folder emptied: 195254414 bytes
->Java cache emptied: 6478 bytes
->FireFox cache emptied: 75495216 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4049 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6090 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 258,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03182013_130343

Files\Folders moved on Reboot...
C:\Windows\temp\spserv.dat moved successfully.
C:\Windows\System32\drivers\etc\Hosts moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 18.03.2013, 13:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 13:33   #15
BoBoB
 
WLan Unterbrechung bei "hervorragenden" Empfang - Standard

WLan Unterbrechung bei "hervorragenden" Empfang



Ich war eben schon ein wenig paranoid und musste 2 mal Scannen weil jedes mal die Einstellungen verstellt wurden....
Dies mal habe ich es aber beobachtet und er ist automatisch kurz vor Ende bei Standard-Registrierung von Benutze SafeList auf Alles umgesprungen

Code:
ATTFilter
OTL logfile created on: 18.03.2013 13:27:14 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,49% Memory free
6,19 Gb Paging File | 5,32 Gb Available in Paging File | 85,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,47 Gb Total Space | 48,70 Gb Free Space | 25,44% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 8,59 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- P:\Programme\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (MSSQL$ACCUCHEK360) -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SentinelProtectionServer) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (injectDLL) -- P:\Downloads\ProInjector\injectDLL.sys File not found
DRV - (GGSAFERDriver) -- P:\Programme\Garena\safedrv.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (d3d9) -- C:\Windows\System32\d3d9.dll (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Programme\HP\QuickPlay\000.fcl (Cyberlink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (mirrorv3) -- C:\Windows\System32\drivers\rminiv3.sys (Famatech International Corp.)
DRV - (Sentinel) -- C:\Windows\System32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D9A80BB3-B0E4-4B4D-93DF-67B60F57DAC5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{DE9FEAA3-5CD2-4DC3-A08D-D2562FDD252F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://www.google.de/#hl=de&tbo=d&sclient=psy-ab&q="
FF - prefs.js..network.proxy.backup.ftp: "210.48.147.94"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "71.59.14.27"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "210.48.147.94"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "210.48.147.94"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "64.34.197.103"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "194.152.42.153"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "64.79.72.50"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.34.197.103"
FF - prefs.js..network.proxy.socks_port: 8118
FF - prefs.js..network.proxy.ssl: "64.34.197.103"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.13 21:33:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:19:20 | 000,000,000 | ---D | M]
 
[2008.11.01 01:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\aukokvmq.default\extensions
[2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\skcfyyzb.Basti\extensions
[2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㐰䄭䍂䕄䙆䑅䉃絁
[2013.03.08 12:19:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.06.17 19:29:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 11:48:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 19:29:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 19:29:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 19:29:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 19:29:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: SaveByclick = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijppfghbmeajainbpmmkjfmhehilndgf\1\
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razertra] P:\Programme\Razer\razertra.exe (Razer Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7AA3E2-2931-41EE-9555-06444FCB7085}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.18 13:03:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.18 12:24:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.03.18 10:48:25 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\temp
[2013.03.18 10:45:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.18 10:19:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.18 10:19:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.18 10:19:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.18 10:18:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.18 10:17:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.18 10:17:14 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe
[2013.03.17 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{DD9C975A-53C4-43C4-A7C9-6DFC245F4FA2}
[2013.03.17 21:03:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe
[2013.03.17 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\mbar
[2013.03.16 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{421DB4F4-5DAE-4457-84D7-23E7CC61A15B}
[2013.03.15 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E345532B-4F57-4277-AAFB-A22DEE6A824C}
[2013.03.15 16:15:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe
[2013.03.15 13:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.15 13:02:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.15 13:02:01 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe
[2013.03.15 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FC0E752-D7AE-4B65-A00F-06664B5E792C}
[2013.03.14 16:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 16:02:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.14 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.13 21:55:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 21:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 21:55:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 21:55:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 21:55:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 21:55:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 21:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 21:55:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\LavasoftStatistics
[2013.03.13 21:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.03.13 21:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.03.13 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.03.13 21:36:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.13 21:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.03.13 21:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.03.13 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.03.13 21:31:41 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.03.13 21:31:41 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.03.13 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Ad-Aware Antivirus
[2013.03.13 20:22:47 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2013.03.13 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FA42786-F677-4876-B5AD-11EC60DF76E7}
[2013.03.12 22:55:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E43E1612-E4CD-43DD-AC2C-9FBAD0747AF5}
[2013.03.12 22:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.11 21:47:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7DF7DEB3-3D6F-49B4-B968-98422EC87FFC}
[2013.03.11 11:17:42 | 000,000,000 | ---D | C] -- C:\RegioprojektCheck
[2013.03.11 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{ADF33BC3-4BDC-44FF-B583-257CD9A98642}
[2013.03.10 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AAE422AF-8E02-4D3D-A0A8-12B8D4439A33}
[2013.03.09 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D26412A9-50B9-4C1E-A5C0-498A5C9B2619}
[2013.03.08 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{9084219C-2EDC-4666-A26F-00892C771905}
[2013.03.08 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.08 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A8E23A8A-89F5-49CA-B4AE-DB8E8006EA12}
[2013.03.07 13:32:40 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{73DB2423-C761-40C5-BD8F-26E80671D141}
[2013.03.06 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{35935447-B316-4B04-8A41-76BEF822B7FD}
[2013.03.05 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7329F463-C1FA-447B-9280-2B23D0D6C5D4}
[2013.03.04 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Oma_silber
[2013.03.04 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D93B6735-3620-43B4-89AB-3F12E2FC1928}
[2013.03.03 14:29:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A72CF85F-7944-4894-82F6-1FE9C5024F7A}
[2013.03.02 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Easy2Convert
[2013.03.02 18:12:50 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{92A724D6-3210-43B1-9F54-999535D6B387}
[2013.03.01 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AD0E481F-870B-4465-9CF3-017141BD09A0}
[2013.02.28 13:22:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\DropBox_Hcu
[2013.02.28 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A04E3D91-FE3D-4CED-BDEA-27EA4B434216}
[2013.02.27 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Bachelorarbeit
[2013.02.27 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5ABAC6BF-2999-4760-B0DB-F1BCCDCE9185}
[2013.02.26 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7513401B-6D46-4288-A92A-2A79F716A526}
[2013.02.25 13:21:24 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{CF5882A0-FEF5-4088-8A75-240D789259BF}
[2013.02.24 20:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.24 20:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.24 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Krankenkasse
[2013.02.24 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AFA46DB8-4CBB-4DAA-A05D-36CA098B6C97}
[2013.02.23 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{72C21F51-23E0-4141-BAC1-58B132102A7E}
[2013.02.22 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5FCC6DBA-9A65-4B39-AF1C-A2B07F2DE6BF}
[2013.02.21 16:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.21 16:14:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.21 16:14:38 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.21 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7BB84EFE-2E55-43D3-8B58-535A82B5608C}
[2013.02.20 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{102FF5FB-5AD6-4670-A61C-855B5FCB2AC9}
[2013.02.18 09:22:18 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.02.18 09:22:18 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.02.18 09:22:18 | 000,067,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2013.02.18 09:22:18 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.02.16 16:50:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{939C9AB4-81F2-44A4-A676-5059540594BD}
[1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.18 13:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.18 13:05:19 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.18 13:05:12 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.18 13:05:06 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 13:05:06 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 13:05:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.18 13:04:56 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.18 12:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.03.18 12:19:20 | 000,609,993 | ---- | M] () -- C:\Users\Basti\Desktop\adwcleaner.exe
[2013.03.18 10:14:31 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe
[2013.03.17 21:30:49 | 000,000,512 | ---- | M] () -- C:\Users\Basti\Desktop\MBR.dat
[2013.03.17 21:03:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe
[2013.03.17 16:43:35 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe
[2013.03.15 21:12:30 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013.03.15 16:17:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe
[2013.03.15 13:02:01 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe
[2013.03.14 16:17:17 | 000,613,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.14 16:02:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 15:48:27 | 000,012,585 | ---- | M] () -- C:\Users\Basti\Desktop\Desktop.7z
[2013.03.14 14:40:05 | 405,404,546 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.14 13:49:58 | 000,000,020 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2013.03.14 11:07:22 | 000,778,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.14 11:07:22 | 000,728,700 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.14 11:07:22 | 000,187,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.14 11:07:22 | 000,155,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.13 21:48:26 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.03.13 21:31:41 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.03.13 21:31:41 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.03.12 19:25:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 19:25:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.24 20:24:52 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 17:38:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013.02.22 17:38:14 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013.02.21 16:14:26 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.21 16:14:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.21 16:14:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.21 16:14:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.20 00:17:49 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.18 09:22:18 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.02.18 09:22:18 | 000,067,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2013.02.18 09:22:18 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.02.16 16:03:26 | 000,446,065 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215437.backup
[2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215716.backup
[2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215525.backup
[1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.18 12:19:18 | 000,609,993 | ---- | C] () -- C:\Users\Basti\Desktop\adwcleaner.exe
[2013.03.18 10:19:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.18 10:19:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.18 10:19:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.18 10:19:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.18 10:19:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.17 21:30:49 | 000,000,512 | ---- | C] () -- C:\Users\Basti\Desktop\MBR.dat
[2013.03.17 19:50:28 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.17 16:43:34 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe
[2013.03.14 16:02:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 15:48:27 | 000,012,585 | ---- | C] () -- C:\Users\Basti\Desktop\Desktop.7z
[2013.03.14 13:49:42 | 000,000,020 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2013.03.13 21:36:49 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.02.24 20:24:52 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.30 11:44:24 | 000,000,020 | -HS- | C] () -- C:\Users\Basti\AppData\Roaming\App4870.ConfCollection.bin
[2012.10.19 22:45:31 | 000,000,888 | ---- | C] () -- C:\Users\Basti\recStudio.ini
[2012.10.19 22:40:48 | 000,000,263 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012.09.17 15:32:31 | 000,000,130 | ---- | C] () -- C:\Users\Basti\.bash_history
[2012.09.17 14:30:44 | 000,000,094 | ---- | C] () -- C:\Users\Basti\.gitconfig
[2012.06.29 12:04:08 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2012.06.29 12:04:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ZDTRLib.DLL
[2012.06.29 12:04:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ZD12APP.dll
[2012.06.29 12:04:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\PassAPP.dll
[2012.06.29 12:04:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\INSAPP.dll
[2012.06.29 12:04:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2012.03.25 19:37:24 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2012.03.25 19:37:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader26.dll
[2012.03.25 19:37:23 | 000,358,912 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2012.02.21 23:49:42 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled13_MAS.bak
[2012.02.21 23:49:33 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled12_MAS.bak
[2012.02.18 16:11:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.12.10 13:05:43 | 000,000,000 | ---- | C] () -- C:\Users\Basti\Programme
[2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.08.30 12:54:49 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.05 17:16:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.05 17:16:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.03.22 11:27:59 | 000,041,890 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\room.dat
[2009.07.31 17:54:45 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Local\PUTTY.RND
[2009.03.26 22:24:34 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\winscp.rnd
[2009.02.15 01:31:22 | 000,022,328 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys
[2008.12.28 18:44:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.11.16 20:52:34 | 000,000,142 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\wklnhst.dat
[2008.11.11 09:52:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.04 11:32:49 | 000,024,206 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\UserTile.png
[2008.11.02 21:13:01 | 000,000,680 | ---- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[2008.11.01 19:11:10 | 000,010,240 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.14 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft
[2013.03.14 00:01:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ad-Aware Antivirus
[2012.05.20 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\AnvSoft
[2013.02.02 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Autodesk
[2010.11.28 11:02:58 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\avidemux
[2009.04.21 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\concept design
[2008.12.03 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\cPicture
[2008.11.14 23:18:57 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools
[2009.02.20 19:46:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Datarescue
[2008.10.31 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DigitalPersona
[2012.07.01 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft
[2013.03.02 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Easy2Convert
[2012.10.04 21:28:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ESRI
[2013.02.24 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GitHub
[2012.01.23 16:51:07 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICAClient
[2013.01.26 21:55:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2013.01.27 21:40:43 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\JavaEditor
[2012.06.28 11:25:43 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\LucasArts
[2012.11.24 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Mael
[2008.11.03 08:26:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Magic Academy
[2009.01.15 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\MuPAD
[2010.11.28 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org
[2011.11.09 10:54:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\postgresql
[2009.01.02 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Red Alert 3
[2009.04.10 20:23:07 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Resource Tuner
[2013.03.08 09:30:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer
[2009.12.18 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Template
[2013.01.13 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TS3Client
[2008.12.03 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Tunebite
[2009.07.10 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2011.08.08 21:36:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WindSolutions
[2012.07.28 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\yWorks
 
========== Purity Check ==========
 
 

< End of report >
         

Antwort

Themen zu WLan Unterbrechung bei "hervorragenden" Empfang
aufsetzen, blue screen, funktioniert, gmer, hintergrund, home, kaspersky, laptop, log, lösung, namen, nervig, neu, neu aufsetzen, nicht mehr, probleme, rootkit, rootkit scanner, screen, spybot, surfen, tdss, verbindung, vista, wlan, wlan verbindung



Ähnliche Themen: WLan Unterbrechung bei "hervorragenden" Empfang


  1. FritBox wlan lansgsam trotz gutem Empfang !
    Plagegeister aller Art und deren Bekämpfung - 28.08.2015 (15)
  2. PC stuerzt ab, Wlan Empfang geht an und aus
    Plagegeister aller Art und deren Bekämpfung - 24.02.2015 (5)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Firefox und Thunderbird brauchen 2 Minuten zum starten, keine Internetverbindung trotz WLAN-Empfang
    Log-Analyse und Auswertung - 28.08.2014 (3)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Kein WLAN - Fehlermeldung "Keine Drahtlosnetzwerkadapter installiert und konfiguriert"
    Alles rund um Windows - 19.08.2013 (2)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. Kein Internetzugang trotz WLAN Empfang
    Alles rund um Windows - 31.05.2012 (12)
  10. PC Befall: scheinbar "noch" alles OK.Wie bleibt es so ??? (Viren/Wlan/Ports)
    Überwachung, Datenschutz und Spam - 29.08.2011 (5)
  11. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  12. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  13. Probleme beim Surfen im Netz (langsamer Seitenaufbau, WLan Unterbrechung)
    Log-Analyse und Auswertung - 21.10.2009 (2)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  16. Trojaner hat Treiber fuer WLAN "gefressen" ...
    Plagegeister aller Art und deren Bekämpfung - 11.11.2006 (1)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema WLan Unterbrechung bei "hervorragenden" Empfang - Hallo liebe Community mich hat es wohl auch mal erwischt Eigentlich hatte ich nie Probleme mit meiner WLan Verbindung doch nun plötzlich.... Verbinden und surfen funktioniert wunderbar doch in einem - WLan Unterbrechung bei "hervorragenden" Empfang...
Archiv
Du betrachtest: WLan Unterbrechung bei "hervorragenden" Empfang auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.