Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.03.2013, 20:38   #1
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Hallo,

ich habe folgendes Problem:

Ich habe auf einer Straming-Seite das Plugin "hdpugin_firefox.exe" herutergeladen und installiert. Das war nicht sehr schlau, das weiß ich jetzt auch. Folgendes ist passiert:

- Zunächst haben sich alle laufenden Programme geschlossen, der Rechner hat angefangen richtig zu arbeiten und der Desktop ist eingefroren. Nach einem forced shutdown durch drücken des Netzschalters habe ich versucht im abgesicherten Modus hochzufahren, aber auch hier ist der Desktop nach dem Hochfahren eingefroren.
- 2 Tage später habe ich den Rechner erneut - diesmal normal - hochgefahren und zunächst sah alles gut aus. Habe einen Virenscan mit avast durchgeführt und der hat 46 Viren gefunden, die alle in etwa so aussehen:


Nach ein weinig Recherche habe ich festgestellt, dass das auch oft Falschmeldungen sind.
Deshalb habe ich noch einen Scan mit " Malwarebytes Anti-Malware " gemacht, der diesmal nichts gefunden hat.

Folgende Probleme treten auf

- Alle Officeprodukte geben wenn ich sie im Startmenü öffnen möchte die Meldung "Der Vorgang ist nur für Produkte zulässig, die zurzeit installiert sind". Der Ordner in dem Office intalliert war ist so gut wie leer

- In der Systemsteuerung werden nur noch ca 15 von eigentlich ca 100 programmen angezeigt, aber auch die Programme die nicht mehr angezeigt werden kann ich (mit ausnahme der Officeprodukte)noch öffnen und benutzen

Scan Ergebnisse
Ich habe Defogger ausgeführt (benutze Daemon Tool) und habe jetzt noch die Scans von OTL und GMER ausgeführt, hier die Ergebnisse:

#OTL
hxxp://www.xup.in/dl,10807976/OTL.Txt/
#Extras
hxxp://www.xup.in/dl,17640144/Extras.Txt/
#GMER
hxxp://www.xup.in/dl,19782411/GMER_17_03_13.log/

Ich konnte die Inhalte nicht so in den Text einfügen, weil er sonst zu lang gewesen wäre, ich hoffe es ist ok wenn ich sie verlinke. Wenn nicht, sagt bitte wie ich sie sonst hochladen soll.

Wie ihr vielleicht seht benutze ich aufgrund meiner Arbeit sehr viele Programme und auch Netzwerkverbindungen, was eine Neuinstallation des Systems SEHR aufwendig machen würde.



Hier noch meine Systeminformationen:
Fujitsu Lifebook A Series
Windows 7 64-Bit
intel Core i5 2,67GhZ


Noch etwas: Ich kann nicht 100% ausschliessen das ein Crack oder Keygen auf dem Rechner ist, wenn das so ist, dann sind die Dateien mindestens 4 Jahre alt und haben deshalb wohl kaum etwas mit dem bestehenden Problem zu tun. Falls irgendwo etwas auftaucht kann ich die Dateien natürlich sofort löschen.


So und nun vielen Dank erstmal fürs Lesen, wäre wirklich sehr dankbar wenn mir jemand helfen kann.

Noodlz

Alt 18.03.2013, 12:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Hallo,

wenn die Logs zu groß sind bitte alle Logs zusammen in eine einzige ZIP Datei packen und hier in den Anhang posten, siehe http://www.trojaner-board.de/69886-a...tml#post566999
__________________

__________________

Alt 18.03.2013, 13:27   #3
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Alles klar, hier die Logs als .zip
Logs.zip
__________________

Alt 18.03.2013, 13:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 19:09   #5
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Nein, wie gesagt, Malwarebites hat nichts gefunden und den von Avast habe ich oben ja gepostet. Würde auch den vollständigen posten, aber des geht nur über Screenshots, kann da keine txt exportieren oder so..

Habe jetzt festgestellt, dass es sich anscheinend (wahrscheinlich unter anderen) um den coupondropdown-Virus handelt. Das sieht dann ungefähr so aus: (bei Mouseover über "enthalten" in der ersten Zeile)




Alt 18.03.2013, 23:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?

Alt 19.03.2013, 13:35   #7
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Noodlz :: NOODLZ-PC [administrator]

19.03.2013 01:41:55
mbar-log-2013-03-19 (01-41-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29934
Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 02:44:12
-----------------------------
02:44:12.467    OS Version: Windows x64 6.1.7601 Service Pack 1
02:44:12.468    Number of processors: 4 586 0x2505
02:44:12.469    ComputerName: NOODLZ-PC  UserName: Noodlz
02:44:12.986    Initialize success
02:44:13.043    AVAST engine defs: 13031800
02:45:50.293    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:45:50.298    Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3
02:45:50.433    Disk 0 MBR read successfully
02:45:50.437    Disk 0 MBR scan
02:45:50.442    Disk 0 Windows 7 default MBR code
02:45:50.447    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        82020 MB offset 2048
02:45:50.523    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       871848 MB offset 167979008
02:45:50.556    Disk 0 scanning C:\Windows\system32\drivers
02:46:01.811    Service scanning
02:46:21.792    Modules scanning
02:46:21.804    Disk 0 trace - called modules:
02:46:21.839    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys 
02:46:21.846    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b83790]
02:46:22.179    3 CLASSPNP.SYS[fffff88001a3943f] -> nt!IofCallDriver -> [0xfffffa8004a5f950]
02:46:22.184    5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b86050]
02:46:22.617    AVAST engine scan C:\Windows
02:46:24.359    AVAST engine scan C:\Windows\system32
02:49:01.649    AVAST engine scan C:\Windows\system32\drivers
02:49:15.296    AVAST engine scan C:\Users\Noodlz
02:54:52.399    AVAST engine scan C:\ProgramData
02:56:11.358    Scan finished successfully
08:31:25.524    Disk 0 MBR has been saved successfully to "C:\Users\Noodlz\Desktop\Virenbekämpfung\MBR.dat"
08:31:25.532    The log file has been saved successfully to "C:\Users\Noodlz\Desktop\Virenbekämpfung\aswMBR.txt"
         

TDSSKiller
Code:
ATTFilter
12:16:41.0602 5012  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:16:41.0686 5012  ============================================================
12:16:41.0687 5012  Current date / time: 2013/03/19 12:16:41.0686
12:16:41.0687 5012  SystemInfo:
12:16:41.0687 5012  
12:16:41.0687 5012  OS Version: 6.1.7601 ServicePack: 1.0
12:16:41.0687 5012  Product type: Workstation
12:16:41.0687 5012  ComputerName: NOODLZ-PC
12:16:41.0687 5012  UserName: Noodlz
12:16:41.0687 5012  Windows directory: C:\Windows
12:16:41.0687 5012  System windows directory: C:\Windows
12:16:41.0687 5012  Running under WOW64
12:16:41.0687 5012  Processor architecture: Intel x64
12:16:41.0687 5012  Number of processors: 4
12:16:41.0687 5012  Page size: 0x1000
12:16:41.0687 5012  Boot type: Normal boot
12:16:41.0687 5012  ============================================================
12:16:42.0051 5012  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:16:42.0054 5012  ============================================================
12:16:42.0054 5012  \Device\Harddisk0\DR0:
12:16:42.0054 5012  MBR partitions:
12:16:42.0054 5012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA032000
12:16:42.0054 5012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA032800, BlocksNum 0x6A6D4000
12:16:42.0054 5012  ============================================================
12:16:42.0081 5012  C: <-> \Device\Harddisk0\DR0\Partition1
12:16:42.0119 5012  D: <-> \Device\Harddisk0\DR0\Partition2
12:16:42.0119 5012  ============================================================
12:16:42.0119 5012  Initialize success
12:16:42.0119 5012  ============================================================
12:17:34.0352 3260  ============================================================
12:17:34.0352 3260  Scan started
12:17:34.0352 3260  Mode: Manual; SigCheck; TDLFS; 
12:17:34.0352 3260  ============================================================
12:17:34.0630 3260  ================ Scan system memory ========================
12:17:34.0630 3260  System memory - ok
12:17:34.0631 3260  ================ Scan services =============================
12:17:34.0856 3260  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:17:34.0988 3260  1394ohci - ok
12:17:35.0026 3260  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:17:35.0045 3260  ACPI - ok
12:17:35.0081 3260  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:17:35.0190 3260  AcpiPmi - ok
12:17:35.0250 3260  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
12:17:35.0293 3260  adfs - ok
12:17:35.0465 3260  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:17:35.0487 3260  AdobeARMservice - ok
12:17:35.0635 3260  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:35.0663 3260  AdobeFlashPlayerUpdateSvc - ok
12:17:35.0723 3260  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:17:35.0759 3260  adp94xx - ok
12:17:35.0801 3260  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:17:35.0834 3260  adpahci - ok
12:17:35.0855 3260  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:17:35.0870 3260  adpu320 - ok
12:17:35.0900 3260  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:17:36.0028 3260  AeLookupSvc - ok
12:17:36.0069 3260  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:17:36.0125 3260  AFD - ok
12:17:36.0164 3260  [ 2DF431EBDB3BA7A493B3016F72B2270B ] AFSLibrary      C:\Windows\system32\DRIVERS\AFSRedirLib.sys
12:17:36.0190 3260  AFSLibrary - ok
12:17:36.0209 3260  [ F987CA9B1F9D670A94053B95FFFD8CBE ] AFSRedirector   C:\Windows\system32\DRIVERS\AFSRedir.sys
12:17:36.0224 3260  AFSRedirector - ok
12:17:36.0257 3260  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:17:36.0271 3260  agp440 - ok
12:17:36.0291 3260  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:17:36.0333 3260  ALG - ok
12:17:36.0365 3260  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:17:36.0380 3260  aliide - ok
12:17:36.0422 3260  [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:17:36.0463 3260  AMD External Events Utility - ok
12:17:36.0499 3260  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:17:36.0510 3260  amdide - ok
12:17:36.0575 3260  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:17:36.0642 3260  AmdK8 - ok
12:17:36.0888 3260  [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:37.0161 3260  amdkmdag - ok
12:17:37.0192 3260  [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:17:37.0217 3260  amdkmdap - ok
12:17:37.0243 3260  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:17:37.0288 3260  AmdPPM - ok
12:17:37.0348 3260  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:17:37.0370 3260  amdsata - ok
12:17:37.0397 3260  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:17:37.0413 3260  amdsbs - ok
12:17:37.0428 3260  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:17:37.0439 3260  amdxata - ok
12:17:37.0468 3260  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
12:17:37.0493 3260  androidusb - ok
12:17:37.0533 3260  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:17:37.0645 3260  AppID - ok
12:17:37.0671 3260  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:17:37.0735 3260  AppIDSvc - ok
12:17:37.0784 3260  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:17:37.0874 3260  Appinfo - ok
12:17:37.0915 3260  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:17:37.0930 3260  arc - ok
12:17:37.0950 3260  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:17:37.0965 3260  arcsas - ok
12:17:38.0106 3260  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:17:38.0127 3260  aspnet_state - ok
12:17:38.0190 3260  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
12:17:38.0208 3260  aswFsBlk - ok
12:17:38.0228 3260  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:17:38.0241 3260  aswMonFlt - ok
12:17:38.0253 3260  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
12:17:38.0266 3260  aswRdr - ok
12:17:38.0340 3260  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:17:38.0380 3260  aswSnx - ok
12:17:38.0424 3260  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:17:38.0440 3260  aswSP - ok
12:17:38.0504 3260  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
12:17:38.0514 3260  aswTdi - ok
12:17:38.0539 3260  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:38.0588 3260  AsyncMac - ok
12:17:38.0609 3260  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:17:38.0622 3260  atapi - ok
12:17:38.0677 3260  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:17:38.0719 3260  athr - ok
12:17:38.0748 3260  [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:17:38.0758 3260  AtiHDAudioService - ok
12:17:38.0802 3260  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
12:17:38.0810 3260  AtiPcie - ok
12:17:38.0874 3260  [ 4AEF9EC86818375495FB78CA58DF4E18 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
12:17:38.0903 3260  atksgt ( UnsignedFile.Multi.Generic ) - warning
12:17:38.0903 3260  atksgt - detected UnsignedFile.Multi.Generic (1)
12:17:38.0961 3260  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:17:39.0030 3260  AudioEndpointBuilder - ok
12:17:39.0039 3260  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:17:39.0076 3260  AudioSrv - ok
12:17:39.0166 3260  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:17:39.0188 3260  avast! Antivirus - ok
12:17:39.0232 3260  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:17:39.0285 3260  AxInstSV - ok
12:17:39.0325 3260  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:17:39.0352 3260  b06bdrv - ok
12:17:39.0385 3260  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:17:39.0448 3260  b57nd60a - ok
12:17:39.0488 3260  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:17:39.0516 3260  BDESVC - ok
12:17:39.0539 3260  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:17:39.0604 3260  Beep - ok
12:17:39.0661 3260  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:17:39.0728 3260  BFE - ok
12:17:39.0750 3260  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:17:39.0809 3260  BITS - ok
12:17:39.0834 3260  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:17:39.0853 3260  blbdrive - ok
12:17:39.0890 3260  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:17:39.0922 3260  bowser - ok
12:17:39.0950 3260  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:17:39.0991 3260  BrFiltLo - ok
12:17:40.0003 3260  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:17:40.0026 3260  BrFiltUp - ok
12:17:40.0062 3260  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:17:40.0087 3260  Browser - ok
12:17:40.0120 3260  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:17:40.0160 3260  Brserid - ok
12:17:40.0184 3260  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:17:40.0226 3260  BrSerWdm - ok
12:17:40.0263 3260  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:17:40.0313 3260  BrUsbMdm - ok
12:17:40.0324 3260  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:17:40.0339 3260  BrUsbSer - ok
12:17:40.0373 3260  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:17:40.0400 3260  BthEnum - ok
12:17:40.0423 3260  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:17:40.0468 3260  BTHMODEM - ok
12:17:40.0495 3260  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:17:40.0522 3260  BthPan - ok
12:17:40.0552 3260  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:17:40.0600 3260  BTHPORT - ok
12:17:40.0630 3260  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:17:40.0685 3260  bthserv - ok
12:17:40.0698 3260  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:17:40.0724 3260  BTHUSB - ok
12:17:40.0744 3260  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:17:40.0817 3260  cdfs - ok
12:17:40.0861 3260  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:17:40.0905 3260  cdrom - ok
12:17:40.0953 3260  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:17:41.0029 3260  CertPropSvc - ok
12:17:41.0053 3260  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:17:41.0093 3260  circlass - ok
12:17:41.0120 3260  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:17:41.0140 3260  CLFS - ok
12:17:41.0189 3260  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:41.0210 3260  clr_optimization_v2.0.50727_32 - ok
12:17:41.0249 3260  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:17:41.0271 3260  clr_optimization_v2.0.50727_64 - ok
12:17:41.0361 3260  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:41.0380 3260  clr_optimization_v4.0.30319_32 - ok
12:17:41.0410 3260  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:17:41.0429 3260  clr_optimization_v4.0.30319_64 - ok
12:17:41.0455 3260  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:41.0476 3260  CmBatt - ok
12:17:41.0501 3260  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:17:41.0515 3260  cmdide - ok
12:17:41.0547 3260  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:17:41.0578 3260  CNG - ok
12:17:41.0609 3260  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:17:41.0623 3260  Compbatt - ok
12:17:41.0656 3260  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:17:41.0720 3260  CompositeBus - ok
12:17:41.0734 3260  COMSysApp - ok
12:17:41.0866 3260  [ AB82A8885AB9687D82AA51A4B4F62E2D ] CoordinatorServiceHost D:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
12:17:41.0886 3260  CoordinatorServiceHost - ok
12:17:41.0918 3260  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:17:41.0938 3260  crcdisk - ok
12:17:41.0970 3260  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:17:42.0019 3260  CryptSvc - ok
12:17:42.0091 3260  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:17:42.0175 3260  DcomLaunch - ok
12:17:42.0205 3260  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:17:42.0265 3260  defragsvc - ok
12:17:42.0302 3260  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:17:42.0372 3260  DfsC - ok
12:17:42.0410 3260  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:17:42.0423 3260  dg_ssudbus - ok
12:17:42.0473 3260  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:17:42.0555 3260  Dhcp - ok
12:17:42.0584 3260  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:17:42.0638 3260  discache - ok
12:17:42.0699 3260  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:17:42.0723 3260  Disk - ok
12:17:42.0768 3260  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:17:42.0830 3260  Dnscache - ok
12:17:42.0868 3260  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:17:42.0949 3260  dot3svc - ok
12:17:42.0977 3260  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:17:43.0033 3260  DPS - ok
12:17:43.0068 3260  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:17:43.0093 3260  drmkaud - ok
12:17:43.0147 3260  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:17:43.0163 3260  dtsoftbus01 - ok
12:17:43.0205 3260  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:17:43.0243 3260  DXGKrnl - ok
12:17:43.0279 3260  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:17:43.0334 3260  EapHost - ok
12:17:43.0602 3260  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:17:43.0697 3260  ebdrv - ok
12:17:43.0719 3260  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:17:43.0757 3260  EFS - ok
12:17:43.0831 3260  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:17:43.0891 3260  ehRecvr - ok
12:17:43.0930 3260  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:17:43.0959 3260  ehSched - ok
12:17:44.0006 3260  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:17:44.0041 3260  elxstor - ok
12:17:44.0067 3260  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:17:44.0102 3260  ErrDev - ok
12:17:44.0135 3260  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:17:44.0196 3260  EventSystem - ok
12:17:44.0227 3260  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:17:44.0290 3260  exfat - ok
12:17:44.0321 3260  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:17:44.0406 3260  fastfat - ok
12:17:44.0451 3260  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:17:44.0494 3260  Fax - ok
12:17:44.0523 3260  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:17:44.0546 3260  fdc - ok
12:17:44.0580 3260  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:17:44.0623 3260  fdPHost - ok
12:17:44.0634 3260  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:17:44.0677 3260  FDResPub - ok
12:17:44.0696 3260  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:17:44.0707 3260  FileInfo - ok
12:17:44.0727 3260  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:17:44.0802 3260  Filetrace - ok
12:17:44.0879 3260  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:17:44.0914 3260  FLEXnet Licensing Service - ok
12:17:44.0974 3260  [ F1A9C61436E12A637A647870DD6D9EEF ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:17:45.0017 3260  FLEXnet Licensing Service 64 - ok
12:17:45.0040 3260  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:17:45.0059 3260  flpydisk - ok
12:17:45.0103 3260  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:17:45.0134 3260  FltMgr - ok
12:17:45.0179 3260  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
12:17:45.0227 3260  FontCache - ok
12:17:45.0278 3260  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:17:45.0296 3260  FontCache3.0.0.0 - ok
12:17:45.0314 3260  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:17:45.0330 3260  FsDepends - ok
12:17:45.0363 3260  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:17:45.0377 3260  Fs_Rec - ok
12:17:45.0400 3260  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
12:17:45.0428 3260  FUJ02B1 - ok
12:17:45.0434 3260  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
12:17:45.0466 3260  FUJ02E3 - ok
12:17:45.0502 3260  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:17:45.0531 3260  fvevol - ok
12:17:45.0552 3260  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:17:45.0565 3260  gagp30kx - ok
12:17:45.0594 3260  [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
12:17:45.0606 3260  ggflt - ok
12:17:45.0625 3260  [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
12:17:45.0638 3260  ggsemc - ok
12:17:45.0699 3260  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:17:45.0760 3260  gpsvc - ok
12:17:45.0841 3260  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:45.0862 3260  gupdate - ok
12:17:45.0887 3260  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:45.0904 3260  gupdatem - ok
12:17:45.0971 3260  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:17:45.0995 3260  gusvc - ok
12:17:46.0014 3260  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:17:46.0040 3260  hcw85cir - ok
12:17:46.0081 3260  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:46.0129 3260  HdAudAddService - ok
12:17:46.0151 3260  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:17:46.0182 3260  HDAudBus - ok
12:17:46.0219 3260  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
12:17:46.0233 3260  HECIx64 - ok
12:17:46.0264 3260  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:17:46.0282 3260  HidBatt - ok
12:17:46.0296 3260  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:17:46.0318 3260  HidBth - ok
12:17:46.0334 3260  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:17:46.0359 3260  HidIr - ok
12:17:46.0385 3260  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:17:46.0443 3260  hidserv - ok
12:17:46.0484 3260  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:17:46.0497 3260  HidUsb - ok
12:17:46.0535 3260  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:17:46.0608 3260  hkmsvc - ok
12:17:46.0641 3260  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:17:46.0705 3260  HomeGroupListener - ok
12:17:46.0735 3260  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:17:46.0763 3260  HomeGroupProvider - ok
12:17:46.0789 3260  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:17:46.0803 3260  HpSAMD - ok
12:17:46.0840 3260  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:17:46.0862 3260  HTCAND64 - ok
12:17:46.0895 3260  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
12:17:46.0909 3260  htcnprot - ok
12:17:46.0948 3260  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:17:47.0043 3260  HTTP - ok
12:17:47.0065 3260  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:17:47.0075 3260  hwpolicy - ok
12:17:47.0110 3260  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:17:47.0124 3260  i8042prt - ok
12:17:47.0150 3260  [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:17:47.0167 3260  iaStor - ok
12:17:47.0199 3260  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:17:47.0217 3260  iaStorV - ok
12:17:47.0283 3260  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:17:47.0320 3260  idsvc - ok
12:17:47.0457 3260  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:17:47.0619 3260  igfx - ok
12:17:47.0645 3260  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:17:47.0656 3260  iirsp - ok
12:17:47.0689 3260  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:17:47.0762 3260  IKEEXT - ok
12:17:47.0792 3260  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
12:17:47.0839 3260  Impcd - ok
12:17:47.0929 3260  [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:17:47.0974 3260  IntcAzAudAddService - ok
12:17:47.0992 3260  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:17:48.0003 3260  intelide - ok
12:17:48.0038 3260  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:17:48.0077 3260  intelppm - ok
12:17:48.0117 3260  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:17:48.0193 3260  IPBusEnum - ok
12:17:48.0212 3260  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:48.0271 3260  IpFilterDriver - ok
12:17:48.0303 3260  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:17:48.0349 3260  iphlpsvc - ok
12:17:48.0377 3260  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:17:48.0409 3260  IPMIDRV - ok
12:17:48.0437 3260  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:17:48.0494 3260  IPNAT - ok
12:17:48.0524 3260  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:17:48.0548 3260  IRENUM - ok
12:17:48.0571 3260  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:17:48.0587 3260  isapnp - ok
12:17:48.0602 3260  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:17:48.0623 3260  iScsiPrt - ok
12:17:48.0654 3260  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:48.0676 3260  kbdclass - ok
12:17:48.0702 3260  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:17:48.0725 3260  kbdhid - ok
12:17:48.0744 3260  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:17:48.0761 3260  KeyIso - ok
12:17:48.0787 3260  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:17:48.0803 3260  KSecDD - ok
12:17:48.0820 3260  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:17:48.0837 3260  KSecPkg - ok
12:17:48.0856 3260  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:17:48.0910 3260  ksthunk - ok
12:17:48.0941 3260  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:17:48.0990 3260  KtmRm - ok
12:17:49.0032 3260  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:17:49.0088 3260  LanmanServer - ok
12:17:49.0126 3260  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:17:49.0185 3260  LanmanWorkstation - ok
12:17:49.0216 3260  [ B658B7076B1ACAA5876524595630F183 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
12:17:49.0237 3260  lirsgt ( UnsignedFile.Multi.Generic ) - warning
12:17:49.0237 3260  lirsgt - detected UnsignedFile.Multi.Generic (1)
12:17:49.0368 3260  [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
12:17:49.0408 3260  LkCitadelServer - ok
12:17:49.0437 3260  [ 777E031B6C740148E935066F37B49AF8 ] lkClassAds      C:\Windows\SysWOW64\lkads.exe
12:17:49.0449 3260  lkClassAds - ok
12:17:49.0486 3260  [ 23A07F37756F44ED738BCD931EBFFCED ] lkTimeSync      C:\Windows\SysWOW64\lktsrv.exe
12:17:49.0498 3260  lkTimeSync - ok
12:17:49.0533 3260  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:17:49.0590 3260  lltdio - ok
12:17:49.0626 3260  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:17:49.0737 3260  lltdsvc - ok
12:17:49.0754 3260  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:17:49.0801 3260  lmhosts - ok
12:17:49.0870 3260  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:17:49.0892 3260  LMS ( UnsignedFile.Multi.Generic ) - warning
12:17:49.0892 3260  LMS - detected UnsignedFile.Multi.Generic (1)
12:17:49.0936 3260  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:17:49.0957 3260  LSI_FC - ok
12:17:49.0971 3260  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:17:49.0991 3260  LSI_SAS - ok
12:17:50.0027 3260  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:17:50.0041 3260  LSI_SAS2 - ok
12:17:50.0065 3260  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:17:50.0080 3260  LSI_SCSI - ok
12:17:50.0111 3260  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:17:50.0164 3260  luafv - ok
12:17:50.0216 3260  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\Windows\system32\drivers\massfilter.sys
12:17:50.0247 3260  massfilter - ok
12:17:50.0281 3260  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:17:50.0307 3260  Mcx2Svc - ok
12:17:50.0334 3260  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:17:50.0354 3260  megasas - ok
12:17:50.0373 3260  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:17:50.0401 3260  MegaSR - ok
12:17:50.0438 3260  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:17:50.0555 3260  MMCSS - ok
12:17:50.0581 3260  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:17:50.0631 3260  Modem - ok
12:17:50.0686 3260  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:17:50.0716 3260  monitor - ok
12:17:50.0753 3260  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:17:50.0774 3260  mouclass - ok
12:17:50.0806 3260  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:17:50.0838 3260  mouhid - ok
12:17:50.0890 3260  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:17:50.0907 3260  mountmgr - ok
12:17:50.0936 3260  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:17:50.0954 3260  mpio - ok
12:17:50.0970 3260  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:17:51.0030 3260  mpsdrv - ok
12:17:51.0064 3260  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:17:51.0130 3260  MpsSvc - ok
12:17:51.0158 3260  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:17:51.0207 3260  MRxDAV - ok
12:17:51.0234 3260  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:51.0263 3260  mrxsmb - ok
12:17:51.0283 3260  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:51.0303 3260  mrxsmb10 - ok
12:17:51.0311 3260  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:51.0339 3260  mrxsmb20 - ok
12:17:51.0354 3260  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:17:51.0369 3260  msahci - ok
12:17:51.0384 3260  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:17:51.0400 3260  msdsm - ok
12:17:51.0413 3260  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:17:51.0430 3260  MSDTC - ok
12:17:51.0467 3260  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:17:51.0541 3260  Msfs - ok
12:17:51.0558 3260  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:17:51.0610 3260  mshidkmdf - ok
12:17:51.0623 3260  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:17:51.0635 3260  msisadrv - ok
12:17:51.0670 3260  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:17:51.0726 3260  MSiSCSI - ok
12:17:51.0729 3260  msiserver - ok
12:17:51.0754 3260  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:17:51.0801 3260  MSKSSRV - ok
12:17:51.0817 3260  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:51.0868 3260  MSPCLOCK - ok
12:17:51.0886 3260  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:17:51.0930 3260  MSPQM - ok
12:17:51.0961 3260  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:17:51.0978 3260  MsRPC - ok
12:17:52.0005 3260  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:17:52.0016 3260  mssmbios - ok
12:17:52.0096 3260  MSSQL$SQLEXPRESS - ok
12:17:52.0126 3260  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:17:52.0142 3260  MSSQLServerADHelper - ok
12:17:52.0172 3260  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:17:52.0235 3260  MSTEE - ok
12:17:52.0245 3260  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:17:52.0265 3260  MTConfig - ok
12:17:52.0280 3260  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:17:52.0290 3260  Mup - ok
12:17:52.0423 3260  [ 68C5321CBC7BE2FA7278809A2D6544D0 ] mxssvr          D:\Programme\LabVIEW\MAX\nimxs.exe
12:17:52.0442 3260  mxssvr - ok
12:17:52.0475 3260  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:17:52.0560 3260  napagent - ok
12:17:52.0593 3260  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:17:52.0614 3260  NativeWifiP - ok
12:17:52.0667 3260  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:17:52.0697 3260  NDIS - ok
12:17:52.0729 3260  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:17:52.0773 3260  NdisCap - ok
12:17:52.0801 3260  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:52.0850 3260  NdisTapi - ok
12:17:52.0883 3260  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:52.0940 3260  Ndisuio - ok
12:17:52.0974 3260  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:53.0047 3260  NdisWan - ok
12:17:53.0082 3260  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:17:53.0142 3260  NDProxy - ok
12:17:53.0174 3260  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:17:53.0228 3260  NetBIOS - ok
12:17:53.0264 3260  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:17:53.0312 3260  NetBT - ok
12:17:53.0336 3260  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:17:53.0350 3260  Netlogon - ok
12:17:53.0372 3260  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:17:53.0432 3260  Netman - ok
12:17:53.0489 3260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0511 3260  NetMsmqActivator - ok
12:17:53.0517 3260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0529 3260  NetPipeActivator - ok
12:17:53.0548 3260  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:17:53.0612 3260  netprofm - ok
12:17:53.0633 3260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0644 3260  NetTcpActivator - ok
12:17:53.0647 3260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0657 3260  NetTcpPortSharing - ok
12:17:53.0696 3260  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:17:53.0720 3260  nfrd960 - ok
12:17:53.0842 3260  [ 2FADAD2DED79972C0B25570394AA519C ] NIApplicationWebServer D:\Programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe
12:17:53.0860 3260  NIApplicationWebServer - ok
12:17:53.0950 3260  [ B441512CE5E25B4DFF66AC5014F31EDF ] NIApplicationWebServer64 C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
12:17:53.0970 3260  NIApplicationWebServer64 - ok
12:17:54.0048 3260  [ 62E7B5EF6BEC714BC200C661BA940F54 ] NIDomainService D:\Programme\LabVIEW\Shared\Security\nidmsrv.exe
12:17:54.0075 3260  NIDomainService - ok
12:17:54.0199 3260  [ AA8896BCD689851665EFC02DC41181AC ] NILM License Manager D:\Programme\LabVIEW\Shared\License Manager\Bin\lmgrd.exe
12:17:54.0254 3260  NILM License Manager - ok
12:17:54.0331 3260  [ 902A9B8EC25EAC8C8DD5594F5866F80C ] nimDNSResponder D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe
12:17:54.0356 3260  nimDNSResponder - ok
12:17:54.0419 3260  [ DF0AB139C5C5ADEF39A88D7FE51F0CB4 ] NINetworkDiscovery D:\Programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe
12:17:54.0442 3260  NINetworkDiscovery - ok
12:17:54.0475 3260  [ D66D5FCC4911646347F9F5CD8C3F0000 ] niSvcLoc        D:\Programme\LabVIEW\Shared\NI WebServer\SystemWebServer.exe
12:17:54.0494 3260  niSvcLoc - ok
12:17:54.0564 3260  [ 30B05E4E963E663E2A7D110048FD1A02 ] NITaggerService D:\Programme\LabVIEW\Shared\Tagger\tagsrv.exe
12:17:54.0597 3260  NITaggerService - ok
12:17:54.0636 3260  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:17:54.0678 3260  NlaSvc - ok
12:17:54.0728 3260  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:17:54.0766 3260  Npfs - ok
12:17:54.0790 3260  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:17:54.0836 3260  nsi - ok
12:17:54.0846 3260  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:17:54.0896 3260  nsiproxy - ok
12:17:54.0951 3260  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:17:54.0995 3260  Ntfs - ok
12:17:55.0006 3260  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:17:55.0055 3260  Null - ok
12:17:55.0087 3260  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:17:55.0100 3260  nvraid - ok
12:17:55.0112 3260  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:17:55.0126 3260  nvstor - ok
12:17:55.0164 3260  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:17:55.0189 3260  nv_agp - ok
12:17:55.0256 3260  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:17:55.0289 3260  odserv - ok
12:17:55.0324 3260  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:17:55.0361 3260  ohci1394 - ok
12:17:55.0451 3260  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service D:\Programme\Sony Ericsson PC Suite\SupServ.exe
12:17:55.0476 3260  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
12:17:55.0476 3260  OMSI download service - detected UnsignedFile.Multi.Generic (1)
12:17:55.0533 3260  [ 4B46978A6C6793312E39E0A41496E75E ] OpcEnum         C:\Windows\SysWOW64\Opcenum.exe
12:17:55.0557 3260  OpcEnum - ok
12:17:55.0591 3260  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:55.0606 3260  ose - ok
12:17:55.0701 3260  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:17:55.0749 3260  p2pimsvc - ok
12:17:55.0792 3260  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:17:55.0840 3260  p2psvc - ok
12:17:55.0876 3260  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:17:55.0913 3260  Parport - ok
12:17:55.0942 3260  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:17:55.0962 3260  partmgr - ok
12:17:56.0007 3260  [ 8F873BD8188ED208922CAE9B79DD6A35 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:17:56.0016 3260  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
12:17:56.0016 3260  PassThru Service - detected UnsignedFile.Multi.Generic (1)
12:17:56.0031 3260  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:17:56.0086 3260  PcaSvc - ok
12:17:56.0108 3260  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:17:56.0122 3260  pci - ok
12:17:56.0152 3260  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:17:56.0165 3260  pciide - ok
12:17:56.0188 3260  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:17:56.0204 3260  pcmcia - ok
12:17:56.0220 3260  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:17:56.0232 3260  pcw - ok
12:17:56.0258 3260  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:17:56.0320 3260  PEAUTH - ok
12:17:56.0342 3260  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:17:56.0367 3260  PerfHost - ok
12:17:56.0422 3260  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:17:56.0494 3260  pla - ok
12:17:56.0527 3260  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:17:56.0564 3260  PlugPlay - ok
12:17:56.0578 3260  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:17:56.0601 3260  PNRPAutoReg - ok
12:17:56.0621 3260  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:17:56.0640 3260  PNRPsvc - ok
12:17:56.0686 3260  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:17:56.0751 3260  PolicyAgent - ok
12:17:56.0777 3260  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:17:56.0834 3260  Power - ok
12:17:56.0890 3260  [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
12:17:56.0908 3260  PowerSavingUtilityService - ok
12:17:56.0940 3260  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:17:57.0001 3260  PptpMiniport - ok
12:17:57.0023 3260  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:17:57.0065 3260  Processor - ok
12:17:57.0092 3260  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:17:57.0137 3260  ProfSvc - ok
12:17:57.0152 3260  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:17:57.0168 3260  ProtectedStorage - ok
12:17:57.0210 3260  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:17:57.0279 3260  Psched - ok
12:17:57.0353 3260  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:17:57.0409 3260  ql2300 - ok
12:17:57.0433 3260  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:17:57.0446 3260  ql40xx - ok
12:17:57.0476 3260  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:17:57.0506 3260  QWAVE - ok
12:17:57.0533 3260  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:17:57.0567 3260  QWAVEdrv - ok
12:17:57.0581 3260  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:17:57.0616 3260  RasAcd - ok
12:17:57.0633 3260  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:17:57.0674 3260  RasAgileVpn - ok
12:17:57.0686 3260  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:17:57.0723 3260  RasAuto - ok
12:17:57.0750 3260  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:57.0790 3260  Rasl2tp - ok
12:17:57.0838 3260  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:17:57.0899 3260  RasMan - ok
12:17:57.0922 3260  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:57.0959 3260  RasPppoe - ok
12:17:57.0970 3260  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:17:58.0023 3260  RasSstp - ok
12:17:58.0056 3260  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:17:58.0100 3260  rdbss - ok
12:17:58.0118 3260  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:17:58.0133 3260  rdpbus - ok
12:17:58.0150 3260  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:58.0212 3260  RDPCDD - ok
12:17:58.0241 3260  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:17:58.0285 3260  RDPENCDD - ok
12:17:58.0290 3260  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:17:58.0333 3260  RDPREFMP - ok
12:17:58.0369 3260  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:17:58.0396 3260  RDPWD - ok
12:17:58.0443 3260  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:17:58.0457 3260  rdyboost - ok
12:17:58.0482 3260  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:17:58.0533 3260  RemoteAccess - ok
12:17:58.0565 3260  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:17:58.0603 3260  RemoteRegistry - ok
12:17:58.0625 3260  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:17:58.0660 3260  RFCOMM - ok
12:17:58.0676 3260  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:17:58.0727 3260  RpcEptMapper - ok
12:17:58.0741 3260  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:17:58.0766 3260  RpcLocator - ok
12:17:58.0796 3260  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:17:58.0840 3260  RpcSs - ok
12:17:58.0880 3260  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:17:58.0916 3260  rspndr - ok
12:17:58.0943 3260  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:17:58.0969 3260  RSUSBSTOR - ok
12:17:58.0982 3260  RTCore64 - ok
12:17:59.0025 3260  [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:17:59.0042 3260  RTL8167 - ok
12:17:59.0046 3260  RtsUIR - ok
12:17:59.0086 3260  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
12:17:59.0101 3260  s0016bus - ok
12:17:59.0136 3260  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
12:17:59.0149 3260  s0016mdfl - ok
12:17:59.0171 3260  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
12:17:59.0187 3260  s0016mdm - ok
12:17:59.0214 3260  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
12:17:59.0230 3260  s0016mgmt - ok
12:17:59.0247 3260  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
12:17:59.0259 3260  s0016nd5 - ok
12:17:59.0289 3260  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
12:17:59.0302 3260  s0016obex - ok
12:17:59.0327 3260  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
12:17:59.0341 3260  s0016unic - ok
12:17:59.0375 3260  [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
12:17:59.0390 3260  s0017bus - ok
12:17:59.0417 3260  [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
12:17:59.0430 3260  s0017mdfl - ok
12:17:59.0443 3260  [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
12:17:59.0460 3260  s0017mdm - ok
12:17:59.0479 3260  [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
12:17:59.0496 3260  s0017mgmt - ok
12:17:59.0513 3260  [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
12:17:59.0526 3260  s0017nd5 - ok
12:17:59.0539 3260  [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
12:17:59.0555 3260  s0017obex - ok
12:17:59.0571 3260  [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
12:17:59.0588 3260  s0017unic - ok
12:17:59.0604 3260  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:17:59.0622 3260  SamSs - ok
12:17:59.0645 3260  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:17:59.0657 3260  sbp2port - ok
12:17:59.0684 3260  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:17:59.0723 3260  SCardSvr - ok
12:17:59.0747 3260  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:17:59.0815 3260  scfilter - ok
12:17:59.0858 3260  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:17:59.0929 3260  Schedule - ok
12:17:59.0967 3260  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:18:00.0015 3260  SCPolicySvc - ok
12:18:00.0040 3260  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:18:00.0062 3260  SDRSVC - ok
12:18:00.0094 3260  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:18:00.0148 3260  secdrv - ok
12:18:00.0173 3260  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:18:00.0219 3260  seclogon - ok
12:18:00.0258 3260  [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
12:18:00.0272 3260  seehcri - ok
12:18:00.0297 3260  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:18:00.0348 3260  SENS - ok
12:18:00.0362 3260  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:18:00.0375 3260  SensrSvc - ok
12:18:00.0397 3260  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:18:00.0416 3260  Serenum - ok
12:18:00.0439 3260  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:18:00.0467 3260  Serial - ok
12:18:00.0501 3260  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:18:00.0531 3260  sermouse - ok
12:18:00.0569 3260  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:18:00.0652 3260  SessionEnv - ok
12:18:00.0673 3260  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:18:00.0708 3260  sffdisk - ok
12:18:00.0718 3260  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:18:00.0738 3260  sffp_mmc - ok
12:18:00.0746 3260  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:18:00.0774 3260  sffp_sd - ok
12:18:00.0788 3260  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:18:00.0801 3260  sfloppy - ok
12:18:00.0839 3260  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:18:00.0908 3260  SharedAccess - ok
12:18:00.0945 3260  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:18:00.0988 3260  ShellHWDetection - ok
12:18:01.0014 3260  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:18:01.0025 3260  SiSRaid2 - ok
12:18:01.0053 3260  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:18:01.0066 3260  SiSRaid4 - ok
12:18:01.0135 3260  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:18:01.0160 3260  SkypeUpdate - ok
12:18:01.0195 3260  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:18:01.0252 3260  Smb - ok
12:18:01.0290 3260  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:18:01.0326 3260  SNMPTRAP - ok
12:18:01.0375 3260  [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:18:01.0384 3260  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:18:01.0384 3260  SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:18:01.0444 3260  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
12:18:01.0460 3260  Sony PC Companion - ok
12:18:01.0497 3260  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
12:18:01.0523 3260  speedfan - ok
12:18:01.0540 3260  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:18:01.0555 3260  spldr - ok
12:18:01.0586 3260  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
12:18:01.0637 3260  Spooler - ok
12:18:01.0722 3260  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:18:01.0831 3260  sppsvc - ok
12:18:01.0853 3260  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:18:01.0896 3260  sppuinotify - ok
12:18:02.0015 3260  [ 791227582A5070BD78B7E05285D13446 ] SProtection     C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
12:18:02.0079 3260  SProtection - ok
12:18:02.0135 3260  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:18:02.0160 3260  SQLBrowser - ok
12:18:02.0213 3260  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:18:02.0231 3260  SQLWriter - ok
12:18:02.0265 3260  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:18:02.0292 3260  srv - ok
12:18:02.0320 3260  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:18:02.0346 3260  srv2 - ok
12:18:02.0356 3260  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:18:02.0384 3260  srvnet - ok
12:18:02.0427 3260  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
12:18:02.0457 3260  ssadbus - ok
12:18:02.0479 3260  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:18:02.0497 3260  ssadmdfl - ok
12:18:02.0522 3260  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
12:18:02.0549 3260  ssadmdm - ok
12:18:02.0591 3260  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
12:18:02.0624 3260  ssadserd - ok
12:18:02.0650 3260  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:18:02.0717 3260  SSDPSRV - ok
12:18:02.0737 3260  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:18:02.0775 3260  SstpSvc - ok
12:18:02.0813 3260  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:18:02.0838 3260  ssudmdm - ok
12:18:02.0855 3260  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:18:02.0877 3260  stexstor - ok
12:18:02.0926 3260  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:18:02.0987 3260  stisvc - ok
12:18:03.0010 3260  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:18:03.0020 3260  swenum - ok
12:18:03.0041 3260  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:18:03.0084 3260  swprv - ok
12:18:03.0120 3260  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:18:03.0148 3260  SynTP - ok
12:18:03.0193 3260  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:18:03.0262 3260  SysMain - ok
12:18:03.0292 3260  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:18:03.0329 3260  TabletInputService - ok
12:18:03.0341 3260  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:18:03.0393 3260  TapiSrv - ok
12:18:03.0423 3260  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:18:03.0467 3260  TBS - ok
12:18:03.0523 3260  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:18:03.0580 3260  Tcpip - ok
12:18:03.0613 3260  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:18:03.0649 3260  TCPIP6 - ok
12:18:03.0680 3260  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:18:03.0745 3260  tcpipreg - ok
12:18:03.0763 3260  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:18:03.0776 3260  TDPIPE - ok
12:18:03.0796 3260  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:18:03.0808 3260  TDTCP - ok
12:18:03.0828 3260  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:18:03.0864 3260  tdx - ok
12:18:03.0961 3260  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
12:18:04.0022 3260  TeamViewer8 - ok
12:18:04.0053 3260  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:18:04.0064 3260  TermDD - ok
12:18:04.0098 3260  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:18:04.0150 3260  TermService - ok
12:18:04.0233 3260  [ CBA4FA2089AA7A5A52EEF55B8376F144 ] TestHandler     C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
12:18:04.0262 3260  TestHandler - ok
12:18:04.0287 3260  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:18:04.0338 3260  Themes - ok
12:18:04.0360 3260  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:18:04.0397 3260  THREADORDER - ok
12:18:04.0442 3260  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
12:18:04.0455 3260  TPM - ok
12:18:04.0567 3260  [ EDF8133C6B0E413C494BDD8CFFA39B6A ] TransarcAFSDaemon D:\Programme\OpenAFS\Client\Program\afsd_service.exe
12:18:04.0598 3260  TransarcAFSDaemon - ok
12:18:04.0624 3260  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:18:04.0689 3260  TrkWks - ok
12:18:04.0747 3260  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:18:04.0834 3260  TrustedInstaller - ok
12:18:04.0864 3260  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:04.0938 3260  tssecsrv - ok
12:18:04.0963 3260  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:18:04.0997 3260  TsUsbFlt - ok
12:18:05.0041 3260  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:18:05.0120 3260  tunnel - ok
12:18:05.0148 3260  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:18:05.0164 3260  uagp35 - ok
12:18:05.0199 3260  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:18:05.0251 3260  udfs - ok
12:18:05.0321 3260  [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service D:\Programme\Join Air\AssistantServices.exe
12:18:05.0342 3260  UI Assistant Service - ok
12:18:05.0368 3260  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:18:05.0392 3260  UI0Detect - ok
12:18:05.0428 3260  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:18:05.0452 3260  uliagpkx - ok
12:18:05.0480 3260  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:18:05.0502 3260  umbus - ok
12:18:05.0535 3260  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:18:05.0564 3260  UmPass - ok
12:18:05.0671 3260  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:18:05.0730 3260  UNS ( UnsignedFile.Multi.Generic ) - warning
12:18:05.0730 3260  UNS - detected UnsignedFile.Multi.Generic (1)
12:18:05.0762 3260  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:18:05.0804 3260  upnphost - ok
12:18:05.0830 3260  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:05.0843 3260  usbccgp - ok
12:18:05.0846 3260  USBCCID - ok
12:18:05.0881 3260  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:18:05.0898 3260  usbcir - ok
12:18:05.0922 3260  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:18:05.0955 3260  usbehci - ok
12:18:05.0978 3260  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:18:06.0011 3260  usbhub - ok
12:18:06.0022 3260  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:18:06.0051 3260  usbohci - ok
12:18:06.0089 3260  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:18:06.0132 3260  usbprint - ok
12:18:06.0158 3260  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:18:06.0197 3260  usbscan - ok
12:18:06.0225 3260  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:06.0275 3260  USBSTOR - ok
12:18:06.0288 3260  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:18:06.0320 3260  usbuhci - ok
12:18:06.0349 3260  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:18:06.0392 3260  usbvideo - ok
12:18:06.0418 3260  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:18:06.0490 3260  UxSms - ok
12:18:06.0505 3260  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:18:06.0517 3260  VaultSvc - ok
12:18:06.0545 3260  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:18:06.0555 3260  vdrvroot - ok
12:18:06.0600 3260  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:18:06.0655 3260  vds - ok
12:18:06.0692 3260  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:06.0720 3260  vga - ok
12:18:06.0733 3260  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:18:06.0781 3260  VgaSave - ok
12:18:06.0817 3260  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:18:06.0830 3260  vhdmp - ok
12:18:06.0861 3260  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:18:06.0872 3260  viaide - ok
12:18:06.0891 3260  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:18:06.0903 3260  volmgr - ok
12:18:06.0935 3260  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:18:06.0954 3260  volmgrx - ok
12:18:06.0966 3260  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:18:06.0983 3260  volsnap - ok
12:18:07.0016 3260  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:18:07.0044 3260  vsmraid - ok
12:18:07.0094 3260  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:18:07.0181 3260  VSS - ok
12:18:07.0211 3260  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:18:07.0255 3260  vwifibus - ok
12:18:07.0283 3260  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:18:07.0313 3260  vwififlt - ok
12:18:07.0340 3260  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:18:07.0362 3260  vwifimp - ok
12:18:07.0397 3260  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:18:07.0448 3260  W32Time - ok
12:18:07.0469 3260  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:18:07.0494 3260  WacomPen - ok
12:18:07.0546 3260  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:18:07.0613 3260  WANARP - ok
12:18:07.0619 3260  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:18:07.0660 3260  Wanarpv6 - ok
12:18:07.0716 3260  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:18:07.0767 3260  wbengine - ok
12:18:07.0791 3260  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:18:07.0819 3260  WbioSrvc - ok
12:18:07.0857 3260  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:18:07.0911 3260  wcncsvc - ok
12:18:07.0926 3260  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:18:07.0941 3260  WcsPlugInService - ok
12:18:07.0963 3260  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:18:07.0974 3260  Wd - ok
12:18:08.0011 3260  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:18:08.0049 3260  Wdf01000 - ok
12:18:08.0059 3260  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:18:08.0089 3260  WdiServiceHost - ok
12:18:08.0092 3260  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:18:08.0112 3260  WdiSystemHost - ok
12:18:08.0142 3260  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:18:08.0165 3260  WebClient - ok
12:18:08.0181 3260  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:18:08.0226 3260  Wecsvc - ok
12:18:08.0243 3260  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:18:08.0296 3260  wercplsupport - ok
12:18:08.0323 3260  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:18:08.0362 3260  WerSvc - ok
12:18:08.0384 3260  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:18:08.0419 3260  WfpLwf - ok
12:18:08.0436 3260  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:18:08.0446 3260  WIMMount - ok
12:18:08.0471 3260  WinDefend - ok
12:18:08.0477 3260  WinHttpAutoProxySvc - ok
12:18:08.0525 3260  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:18:08.0590 3260  Winmgmt - ok
12:18:08.0648 3260  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:18:08.0728 3260  WinRM - ok
12:18:08.0784 3260  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:18:08.0820 3260  WinUsb - ok
12:18:08.0873 3260  [ C2208229A0761B05E874E10FFB341A64 ] WirelessSelectorService C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
12:18:08.0884 3260  WirelessSelectorService - ok
12:18:08.0923 3260  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:18:08.0964 3260  Wlansvc - ok
12:18:08.0991 3260  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:18:09.0004 3260  WmiAcpi - ok
12:18:09.0027 3260  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:18:09.0052 3260  wmiApSrv - ok
12:18:09.0084 3260  WMPNetworkSvc - ok
12:18:09.0111 3260  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:18:09.0136 3260  WPCSvc - ok
12:18:09.0164 3260  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:18:09.0183 3260  WPDBusEnum - ok
12:18:09.0200 3260  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:18:09.0241 3260  ws2ifsl - ok
12:18:09.0269 3260  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:18:09.0302 3260  wscsvc - ok
12:18:09.0306 3260  WSearch - ok
12:18:09.0379 3260  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:18:09.0457 3260  wuauserv - ok
12:18:09.0485 3260  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:18:09.0553 3260  WudfPf - ok
12:18:09.0584 3260  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:09.0635 3260  WUDFRd - ok
12:18:09.0658 3260  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:18:09.0694 3260  wudfsvc - ok
12:18:09.0715 3260  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:18:09.0750 3260  WwanSvc - ok
12:18:09.0828 3260  [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
12:18:09.0848 3260  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
12:18:09.0848 3260  Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
12:18:09.0885 3260  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:18:09.0910 3260  ZTEusbmdm6k - ok
12:18:09.0946 3260  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:18:09.0967 3260  ZTEusbnmea - ok
12:18:09.0984 3260  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:18:10.0004 3260  ZTEusbser6k - ok
12:18:10.0037 3260  ================ Scan global ===============================
12:18:10.0063 3260  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:18:10.0096 3260  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:18:10.0108 3260  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:18:10.0137 3260  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:18:10.0171 3260  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:18:10.0179 3260  [Global] - ok
12:18:10.0180 3260  ================ Scan MBR ==================================
12:18:10.0189 3260  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:18:10.0436 3260  \Device\Harddisk0\DR0 - ok
12:18:10.0437 3260  ================ Scan VBR ==================================
12:18:10.0441 3260  [ 2E6A0CF6C3EF7050EB55662B35FFB390 ] \Device\Harddisk0\DR0\Partition1
12:18:10.0443 3260  \Device\Harddisk0\DR0\Partition1 - ok
12:18:10.0478 3260  [ 4EFDCEF5A45C745E35B633F1EDEA4DD6 ] \Device\Harddisk0\DR0\Partition2
12:18:10.0480 3260  \Device\Harddisk0\DR0\Partition2 - ok
12:18:10.0481 3260  ============================================================
12:18:10.0481 3260  Scan finished
12:18:10.0481 3260  ============================================================
12:18:10.0496 3396  Detected object count: 8
12:18:10.0496 3396  Actual detected object count: 8
12:18:35.0876 3396  atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0876 3396  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0878 3396  lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0878 3396  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0880 3396  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0880 3396  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0881 3396  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0881 3396  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0884 3396  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0884 3396  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0886 3396  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0886 3396  SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0888 3396  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0888 3396  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:35.0889 3396  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0890 3396  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:38.0222 5976  Deinitialize success
         
Vielen Dank, dass du dir die Mühe machst!

Alt 19.03.2013, 13:57   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 15:58   #9
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Log von Combofix

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-19.01 - Noodlz 19.03.2013  15:27:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2036 [GMT 1:00]
ausgeführt von:: c:\users\Noodlz\Desktop\Virenbekõmpfung\Programme\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\hpe736A.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-19 bis 2013-03-19  ))))))))))))))))))))))))))))))
.
.
2013-03-19 14:37 . 2013-03-19 14:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-18 20:46 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD4EB2CD-886F-4B46-9DC8-0E98E4633AD8}\mpengine.dll
2013-03-17 16:13 . 2013-03-17 16:13	--------	d-----w-	c:\users\Noodlz\AppData\Roaming\Malwarebytes
2013-03-17 16:13 . 2013-03-17 16:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-17 16:13 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-16 11:33 . 2013-02-02 07:31	17815040	----a-w-	c:\windows\system32\mshtml.dll
2013-03-16 11:33 . 2013-02-02 06:58	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-03-14 01:11 . 2013-03-14 01:11	--------	d-----w-	c:\programdata\Iminent
2013-03-14 01:11 . 2013-03-14 01:11	--------	d-----w-	c:\program files (x86)\Common Files\Umbrella
2013-03-14 01:11 . 2013-03-14 01:11	--------	d-----w-	c:\program files (x86)\Iminent
2013-03-14 01:10 . 2013-03-19 14:17	--------	d-----w-	c:\users\Noodlz\AppData\Roaming\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\program files (x86)\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\programdata\Tarma Installer
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\program files (x86)\Movie2KDownloader.com
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\program files (x86)\hdvidcodec.com
2013-03-13 03:12 . 2013-03-13 03:12	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-05 10:38 . 2013-03-05 10:37	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 21:40 . 1999-12-17 07:13	86016	----a-w-	c:\windows\unvise32.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 11:35 . 2011-04-17 20:50	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 03:12 . 2012-04-10 07:54	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 03:12 . 2011-05-26 14:33	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 10:37 . 2012-09-07 07:39	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-05 10:37 . 2011-05-11 11:23	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2011-04-07 09:37	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 06:42	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 06:42	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 06:42	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 06:42	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 06:42	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 06:42	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 06:42	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 06:42	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 06:42	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 06:42	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 06:42	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 06:42	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 06:42	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37	252832	----a-w-	c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-03-13 21:26	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="d:\programme\LabVIEW\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"Yontoo Desktop"="c:\users\Noodlz\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-13 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="d:\treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"UIExec"="d:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PDFPrint"="d:\programme\PDF24\pdf24.exe" [2012-12-12 163000]
"NI Update Service"="d:\programme\LabVIEW\Shared\Update Service\NIUpdateService.exe" [2012-06-08 851592]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-01-25 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Identity Manager.lnk - c:\program files (x86)\MIT\Kerberos\bin\netidmgr.exe [2007-10-22 442368]
NI Error Reporting.lnk - d:\programme\LabVIEW\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-10-22 08:32	23040	----a-w-	c:\windows\SysWOW64\kfwlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\programme\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-23 1315592]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-06 13352]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RTCore64;RTCore64;d:\programme)\RMClock\RTCore64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 76488]
S1 AFSRedirector;AFSRedirector;c:\windows\system32\DRIVERS\AFSRedir.sys [2012-03-14 92560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-09 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 NIApplicationWebServer;NI Application Web Server;d:\programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 53960]
S2 nimDNSResponder;NI mDNS Responder Service;d:\programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe [2012-05-31 258776]
S2 NINetworkDiscovery;NI Network Discovery;d:\programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe [2012-06-05 169192]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-01-25 2663976]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UI Assistant Service;UI Assistant Service;d:\programme\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-03-13 23552]
S3 AFSLibrary;AFSLibrary;c:\windows\system32\DRIVERS\AFSRedirLib.sys [2012-03-14 258448]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-06-06 34032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:12]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37	296352	----a-w-	c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB5}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB6}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=28F204A6-F339-461D-B54D-312F6C1F3C1D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://d:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\programme\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\programme\Free Download Manager\dlfvideo.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\programme\ICQ\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 130.149.7.7
FF - ProfilePath - c:\users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 33d6fe87-e621-45d5-b2bf-ff6b08aa1c35
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19  15:52:53
ComboFix-quarantined-files.txt  2013-03-19 14:52
.
Vor Suchlauf: 16 Verzeichnis(se), 30.032.510.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 31.210.180.608 Bytes frei
.
- - End Of File - - C536B9C9F9502B28273674A053A0D93F
         
--- --- ---


Combofix.txt

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-19.01 - Noodlz 19.03.2013  15:27:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2036 [GMT 1:00]
ausgeführt von:: c:\users\Noodlz\Desktop\Virenbekõmpfung\Programme\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\hpe736A.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-19 bis 2013-03-19  ))))))))))))))))))))))))))))))
.
.
2013-03-19 14:37 . 2013-03-19 14:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-18 20:46 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD4EB2CD-886F-4B46-9DC8-0E98E4633AD8}\mpengine.dll
2013-03-17 16:13 . 2013-03-17 16:13	--------	d-----w-	c:\users\Noodlz\AppData\Roaming\Malwarebytes
2013-03-17 16:13 . 2013-03-17 16:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-17 16:13 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-16 11:33 . 2013-02-02 07:31	17815040	----a-w-	c:\windows\system32\mshtml.dll
2013-03-16 11:33 . 2013-02-02 06:58	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-03-14 01:11 . 2013-03-14 01:11	--------	d-----w-	c:\programdata\Iminent
2013-03-14 01:11 . 2013-03-14 01:11	--------	d-----w-	c:\program files (x86)\Common Files\Umbrella
2013-03-14 01:11 . 2013-03-14 01:11	--------	d-----w-	c:\program files (x86)\Iminent
2013-03-14 01:10 . 2013-03-19 14:17	--------	d-----w-	c:\users\Noodlz\AppData\Roaming\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\program files (x86)\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\programdata\Tarma Installer
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\program files (x86)\Movie2KDownloader.com
2013-03-14 01:10 . 2013-03-14 01:10	--------	d-----w-	c:\program files (x86)\hdvidcodec.com
2013-03-13 03:12 . 2013-03-13 03:12	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-05 10:38 . 2013-03-05 10:37	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 21:40 . 1999-12-17 07:13	86016	----a-w-	c:\windows\unvise32.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 11:35 . 2011-04-17 20:50	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 03:12 . 2012-04-10 07:54	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 03:12 . 2011-05-26 14:33	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 10:37 . 2012-09-07 07:39	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-05 10:37 . 2011-05-11 11:23	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2011-04-07 09:37	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 06:42	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 06:42	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 06:42	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 06:42	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 06:42	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 06:42	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 06:42	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 06:42	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 06:42	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 06:42	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 06:42	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 06:42	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 06:42	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37	252832	----a-w-	c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-03-13 21:26	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="d:\programme\LabVIEW\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"Yontoo Desktop"="c:\users\Noodlz\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-13 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="d:\treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"UIExec"="d:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PDFPrint"="d:\programme\PDF24\pdf24.exe" [2012-12-12 163000]
"NI Update Service"="d:\programme\LabVIEW\Shared\Update Service\NIUpdateService.exe" [2012-06-08 851592]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-01-25 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Identity Manager.lnk - c:\program files (x86)\MIT\Kerberos\bin\netidmgr.exe [2007-10-22 442368]
NI Error Reporting.lnk - d:\programme\LabVIEW\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-10-22 08:32	23040	----a-w-	c:\windows\SysWOW64\kfwlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\programme\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-23 1315592]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-06 13352]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RTCore64;RTCore64;d:\programme)\RMClock\RTCore64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 76488]
S1 AFSRedirector;AFSRedirector;c:\windows\system32\DRIVERS\AFSRedir.sys [2012-03-14 92560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-09 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 NIApplicationWebServer;NI Application Web Server;d:\programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 53960]
S2 nimDNSResponder;NI mDNS Responder Service;d:\programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe [2012-05-31 258776]
S2 NINetworkDiscovery;NI Network Discovery;d:\programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe [2012-06-05 169192]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-01-25 2663976]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UI Assistant Service;UI Assistant Service;d:\programme\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-03-13 23552]
S3 AFSLibrary;AFSLibrary;c:\windows\system32\DRIVERS\AFSRedirLib.sys [2012-03-14 258448]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-06-06 34032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:12]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37	296352	----a-w-	c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB5}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB6}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=28F204A6-F339-461D-B54D-312F6C1F3C1D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://d:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\programme\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\programme\Free Download Manager\dlfvideo.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\programme\ICQ\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 130.149.7.7
FF - ProfilePath - c:\users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 33d6fe87-e621-45d5-b2bf-ff6b08aa1c35
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19  15:52:53
ComboFix-quarantined-files.txt  2013-03-19 14:52
.
Vor Suchlauf: 16 Verzeichnis(se), 30.032.510.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 31.210.180.608 Bytes frei
.
- - End Of File - - C536B9C9F9502B28273674A053A0D93F
         
--- --- ---

Alt 19.03.2013, 16:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 20:00   #11
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Noodlz on 19.03.2013 at 18:54:15,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] sprotection 
Successfully deleted: [Service] sprotection 



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminent
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminentmessenger
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2390501894-3314027886-3818468573-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2390501894-3314027886-3818468573-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{bffed5ca-8bdf-47cc-aed0-23f4e6d77732}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{bffed5ca-8bdf-47cc-aed0-23f4e6d77732}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Noodlz\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Noodlz\AppData\Roaming\pdfforge"
Failed to delete: [Folder] "C:\Users\Noodlz\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Noodlz\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Noodlz\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Failed to delete: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\umbrella"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 19:02:39,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Adwcleaner
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 19/03/2013 um 19:11:17 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Noodlz - NOODLZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Noodlz\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\searchplugins\daemon-search.xml
Ordner Gelöscht : C:\Program Files (x86)\hdvidcodec.com
Ordner Gelöscht : C:\Program Files (x86)\Mein Gutscheincode Finder
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Noodlz\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\jetpack
Ordner Gelöscht : C:\Users\Noodlz\AppData\Roaming\Yontoo

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Umbrella
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v11.0 (de)

Datei : C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\prefs.js

C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\user.js ... Gelöscht !

Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "33d6fe87-e621-45d5-b2bf-ff6b08aa1c35");

*************************

AdwCleaner[S1].txt - [5528 octets] - [19/03/2013 19:11:17]

########## EOF - C:\AdwCleaner[S1].txt - [5588 octets] ##########
         
OTL
Code:
ATTFilter
OTL logfile created on: 3/19/2013 7:24:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.55% Memory free
9.86 Gb Paging File | 8.20 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.10 Gb Total Space | 28.95 Gb Free Space | 36.14% Space Free | Partition Type: NTFS
Drive D: | 851.41 Gb Total Space | 378.00 Gb Free Space | 44.40% Space Free | Partition Type: NTFS
 
Computer Name: NOODLZ-PC | User Name: Noodlz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - D:\Programme\LabVIEW\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\MAX\nimxs.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - D:\Programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - D:\Programme\Join Air\UIExec.exe ()
PRC - D:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - D:\Programme\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\MIT\Kerberos\bin\netidmgr.exe (Massachusetts Institute of Technology)
PRC - C:\Program Files (x86)\MIT\Kerberos\bin\krbcc32s.exe (Massachusetts Institute of Technology)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Programme\LabVIEW\Shared\NI Error Reporting\niwsrp.dll ()
MOD - D:\Programme\LabVIEW\Shared\License Manager\Bin\xerces-depdom_2_6.dll ()
MOD - D:\Programme\Join Air\UIExec.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (NIApplicationWebServer64) -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV:64bit: - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (NITaggerService) -- D:\Programme\LabVIEW\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- D:\Programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (NIDomainService) -- D:\Programme\LabVIEW\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (mxssvr) -- D:\Programme\LabVIEW\MAX\nimxs.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- D:\Programme\LabVIEW\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- D:\Programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (OpcEnum) -- C:\Windows\SysWOW64\Opcenum.exe (OPC Foundation)
SRV - (TransarcAFSDaemon) -- D:\Programme\OpenAFS\Client\Program\afsd_service.exe (OpenAFS Project)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions)
SRV - (NILM License Manager) -- D:\Programme\LabVIEW\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (UI Assistant Service) -- D:\Programme\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CoordinatorServiceHost) -- D:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- D:\Programme\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (AFSLibrary) -- C:\Windows\SysNative\drivers\AFSRedirLib.sys (OpenAFS Project)
DRV:64bit: - (AFSRedirector) -- C:\Windows\SysNative\drivers\AFSRedir.sys (OpenAFS Project)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{F1DC9CAE-EFB0-4DDF-934A-9A3B4D3C1A5A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{AB5303EB-EDA0-4405-A6C2-348CFC6FFAE6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: D:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: D:\Programme\SE Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 13:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/04 22:15:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013/03/08 16:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013/03/18 22:52:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013/03/08 16:13:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013/03/18 22:52:57 | 000,000,000 | ---D | M]
 
[2011/04/08 18:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\Extensions
[2013/03/18 22:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\Firefox\Profiles\dtocvpuv.default\extensions
[2012/12/13 11:28:03 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Noodlz\AppData\Roaming\mozilla\Firefox\Profiles\dtocvpuv.default\extensions\fdm_ffext@freedownloadmanager.org
[2012/12/13 11:28:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\firefox\profiles\dtocvpuv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/02/14 17:55:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\firefox\profiles\dtocvpuv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2013/03/19 15:37:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Eraser] D:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [NI Update Service] D:\Programme\LabVIEW\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [PDFPrint] D:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] D:\Treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] D:\Programme\Join Air\UIExec.exe ()
O4 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001..\Run: [NIRegistrationWizard] D:\Programme\LabVIEW\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001..\Run: [Yontoo Desktop] "C:\Users\Noodlz\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - D:\Programme\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - D:\Programme\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - D:\Programme\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - D:\Programme\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - D:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - D:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - D:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - D:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30EF018C-6A46-47DF-86E6-89DC5E0FF9CA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38A3942C-CF91-4B56-9245-75B92101B25D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86C74059-2028-4152-909B-36601BA6C82B}: DhcpNameServer = 130.149.7.7 193.174.75.142
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AfsLogon: DllName - (D:\Programme\OpenAFS\Client\Program\afslogon.dll) - D:\Programme\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project)
O20 - Winlogon\Notify\MIT_KFW: DllName - (C:\Windows\SysWOW64\kfwlogon.dll) - C:\Windows\SysWOW64\kfwlogon.dll (Massachusetts Institute of Technology.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/19 18:54:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/19 18:53:51 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/19 16:22:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/19 16:16:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/19 15:25:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/19 15:25:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/19 15:25:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/19 15:24:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/19 15:24:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/17 18:22:00 | 000,000,000 | ---D | C] -- C:\Users\Noodlz\Desktop\Virenbekämpfung
[2013/03/17 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Noodlz\AppData\Roaming\Malwarebytes
[2013/03/17 17:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2013/03/17 17:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/17 17:13:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 12:34:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/16 12:34:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/16 12:34:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/16 12:34:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/16 12:34:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/16 12:34:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/16 12:34:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/16 12:34:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/16 12:34:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/16 12:34:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/16 12:34:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/16 12:34:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/16 12:34:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/16 12:34:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/16 12:34:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/13 04:12:11 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/03/05 11:38:16 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/05 11:38:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/05 11:38:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/05 11:38:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/24 22:40:57 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2013/02/24 22:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/19 19:22:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 19:22:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 19:15:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 19:15:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 19:15:06 | 3111,567,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 19:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/19 19:09:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 19:08:55 | 000,034,959 | ---- | M] () -- C:\Users\Noodlz\Desktop\Unbenannt.png
[2013/03/19 15:37:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/19 08:55:20 | 003,077,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/19 02:43:53 | 000,000,000 | ---- | M] () -- C:\Users\Noodlz\defogger_reenable
[2013/03/14 02:11:25 | 000,000,274 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/03/13 12:43:18 | 001,753,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/13 12:43:18 | 000,747,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/13 12:43:18 | 000,701,972 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/13 12:43:18 | 000,166,998 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/13 12:43:18 | 000,139,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/13 04:12:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 04:12:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/13 04:12:11 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/03/06 13:32:42 | 000,001,435 | ---- | M] () -- C:\Users\Noodlz\AppData\Local\recently-used.xbel
[2013/03/05 11:37:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/05 11:37:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/05 11:37:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/05 11:37:55 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/05 11:37:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/03/05 11:37:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/02 14:51:58 | 000,000,966 | ---- | M] () -- C:\Users\Noodlz\Documents\Mappe1.csv
[2013/02/26 21:39:24 | 000,001,094 | ---- | M] () -- C:\Users\Noodlz\Documents\Luftdruck_Tempelhof.csv
[2013/02/22 12:00:19 | 000,000,896 | ---- | M] () -- C:\Users\Noodlz\Desktop\Auswertung Tools - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2013/03/19 19:07:32 | 000,034,959 | ---- | C] () -- C:\Users\Noodlz\Desktop\Unbenannt.png
[2013/03/19 15:25:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/19 15:25:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/19 15:25:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/19 15:25:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/19 15:25:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/19 02:43:53 | 000,000,000 | ---- | C] () -- C:\Users\Noodlz\defogger_reenable
[2013/03/14 02:11:22 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/03/06 13:32:42 | 000,001,435 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\recently-used.xbel
[2013/03/02 14:51:56 | 000,000,966 | ---- | C] () -- C:\Users\Noodlz\Documents\Mappe1.csv
[2013/02/26 21:39:21 | 000,001,094 | ---- | C] () -- C:\Users\Noodlz\Documents\Luftdruck_Tempelhof.csv
[2013/02/22 12:00:19 | 000,000,896 | ---- | C] () -- C:\Users\Noodlz\Desktop\Auswertung Tools - Verknüpfung.lnk
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/07/08 18:11:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012/06/25 17:09:46 | 000,010,641 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\Temp_table.xml
[2012/06/25 17:04:46 | 000,000,000 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\Temptable.xml
[2012/06/23 11:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/05/23 14:50:42 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2012/03/26 21:44:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/26 21:44:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/26 21:44:11 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/04 20:30:13 | 000,017,408 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\WebpageIcons.db
[2011/12/08 22:51:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/12/08 22:51:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/12/08 22:51:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/12/08 22:34:26 | 000,031,009 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/10/26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/05 18:38:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/19 16:13:06 | 001,731,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/13 00:20:49 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/03 21:47:41 | 000,006,656 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 23:08:23 | 000,007,606 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\Resmon.ResmonCfg
[2011/04/08 18:33:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/07 18:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:58DD92AC

< End of report >
         
Extra

Code:
ATTFilter
OTL Extras logfile created on: 3/19/2013 7:24:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.55% Memory free
9.86 Gb Paging File | 8.20 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.10 Gb Total Space | 28.95 Gb Free Space | 36.14% Space Free | Partition Type: NTFS
Drive D: | 851.41 Gb Total Space | 378.00 Gb Free Space | 44.40% Space Free | Partition Type: NTFS
 
Computer Name: NOODLZ-PC | User Name: Noodlz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB5762A-FDCB-41D4-A26B-0106BCD43DE7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1156ECB8-6259-4993-9684-2A5B1034C1BE}" = lport=7001 | protocol=17 | dir=in | app=d:\programme\openafs\client\program\afsd_service.exe | 
"{159D57C0-8E33-4796-B61B-9E9402134F3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17CAC721-D987-41B9-BB5F-A5AB0F787391}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1EF0335D-8DE9-4903-86DA-3810B46FF70C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FB2FF5B-F167-4FA5-A4C8-E017924E3C0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31CEBBB2-BA17-4ABE-B8BE-5EC10695B48C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{3F2853F1-01BC-4899-A789-24033BC8F8D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53D6AF4D-350C-45A4-9C35-ABC41733325F}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\microsoft office\office12\outlook.exe | 
"{567A325B-06D2-4709-9727-036653324336}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F3C6AFA-5F7B-4D3F-8EE4-6D6CA2386AFF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{611388FF-7152-4A62-9323-F2E107B9899B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6314ED6B-3FAB-43C5-AB01-8BCA3A9F05E4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6D125C54-5205-4038-BD05-6D0E2F126E3E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{76473D15-B757-4790-A6BA-C6929360E3C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F50B811-8C1D-46A5-8BA5-10DC926829F5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8E58382C-466C-40B8-94D7-4CE5BE0A40BE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A8B3D5B9-C2BC-4B55-BA6E-2FDBA2779013}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B461703E-EA9C-46EC-8BD0-8E090CAABBF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BB1BC277-E2F3-42FA-A4AA-1CAD302040B0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C48B4686-C703-4DA9-9F38-F4FD58642EA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAF91BA7-A314-48A8-B94D-21FE3AFA33DE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CC8E4986-E9F7-41A1-878A-B838B22D4713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3580-3581 | protocol=17 | dir=in | app=d:\programme\labview\shared\ni webserver\systemwebserver.exe | 
"{D75D2866-9F4C-4082-8432-3544324CF93E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DCB85339-FE0B-4C7C-964B-D549B2D218F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DE8A77A6-9CEE-4309-BFAC-0F3F2744A867}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3580-3581 | protocol=6 | dir=in | app=d:\programme\labview\shared\ni webserver\systemwebserver.exe | 
"{F48A5F5C-D4E6-4E01-8444-86174B882B6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8662B4D-55E0-4603-B8B2-D4C46961A1F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FAC5D362-4385-4FAA-BFA5-BDBD57009465}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC422EE9-A8DC-4A1B-8E18-26239B7234AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D814BA-8A02-4484-B074-F15A447EAE81}" = protocol=6 | dir=in | app=d:\programme\sony ericsson update service\update service.exe | 
"{0CBC8E92-397B-4A2F-8D66-07C29FD2D30E}" = protocol=17 | dir=in | app=d:\programme\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{0E683E00-2BFA-46B1-8D9A-717F0538EAC2}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe | 
"{1CE95789-91E1-4A07-A25E-ED1A3E07A2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{208081D6-E56A-48E0-8D75-B071FEF237D1}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe | 
"{21EF876A-D77F-4B50-84C6-101500E5AE91}" = protocol=6 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=d:\programme\labview\shared\ni webserver\applicationwebserver.exe | 
"{23EBF342-9CB7-45DC-B3F8-718B6236E0B4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{308F3486-093F-40EE-BC00-79753E73051B}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.7\icq.exe | 
"{3176C4FC-3372-48D0-B20C-675675BD1465}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe | 
"{32BD7673-4D5E-402C-B134-C612F68004A7}" = protocol=17 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{337AECB9-454B-4AD2-ADBC-7959688EC33E}" = protocol=6 | dir=in | app=d:\programme\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{33D7F06A-C3B7-4662-B95C-892B7F8A04FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3474C44E-D378-4F68-9A81-6268DFEB7C69}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{35D54F1D-B967-4F98-8A0A-C8E4F3CB9637}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe | 
"{3AAB3734-B1EF-4C6E-A813-3F7ACCAB2343}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=d:\programme\labview\shared\ni webserver\applicationwebserver.exe | 
"{3C6EAD07-1556-4EE5-A099-9670C0AF8DFA}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe | 
"{3D060E5C-F72F-41AA-8B70-7CD7EC338B1D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4010AA37-9F85-4FDA-8098-9393AF303F90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40F4C3A7-2A57-4E81-94CC-06A5C8EA5797}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{433802C4-3077-4E86-BE0C-0D864864BED8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{45A0DA5A-6522-47C0-9B11-5C2CE0D615EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D9CB16E-BDC2-4625-A36C-DE1DF2B134F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{517CE38F-010B-46BC-949F-2F81D5F228F6}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{56508F3E-8EB2-4C5B-AA8E-66E6D0AC48F4}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe | 
"{56E9BC69-2F4F-4A2F-A5A7-296A9AC8E254}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{585AEF4B-E14A-4C31-97CC-3BE0D2E42CBA}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.7\icq.exe | 
"{58ACFE06-E01E-4688-A719-CDAFF1803030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5F5525D2-406D-47D0-906F-AC50659202B2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5FA51233-9ED3-4F1A-BC84-BC66FD84E6E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{62268856-9647-461F-ABCB-C8264920B25D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64049C9C-7810-486F-AC9D-36C9E4C05244}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{652C238E-A3F0-4269-BE50-29FE764DF57F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{77793A58-9819-4645-B67B-8705AE95FE71}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe | 
"{797783B0-8051-4990-89B6-1CA028612AEA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{7BA34FE5-7689-4B1F-A376-D59A151AB77E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F888A8D-F118-4F9F-954F-FDF8E9869AEC}" = protocol=6 | dir=out | app=system | 
"{862E284E-8ADF-4F29-8091-AA7ECAD9CFF6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8862AA0E-CF7B-4FCD-BF7D-C191311E5A4A}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{91162102-7BD6-4E93-A4CF-664AD6246D50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96B9AD31-F4B5-4355-B21C-FACEFE8473F6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{983130B9-CDE1-4D1D-8BC1-A4F49D0873C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A307C18B-2960-4E18-9DA2-0AB7BBF0DA10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4D0B0C0-9006-4726-AC16-E42DA9989900}" = protocol=17 | dir=in | app=d:\programme\sony ericsson update service\update service.exe | 
"{A7398895-FFD3-4162-8DB8-8F86B2B7C888}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe | 
"{AE7CCD60-2EE5-489A-B45F-A89F823DFCBC}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe | 
"{AE9A8844-582B-463A-875A-FB6927FD0E31}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe | 
"{B199AD24-9F77-4F8F-8915-6F393042DF2D}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.7\icq.exe | 
"{B56033FD-F1B6-438D-9463-170B4D427C01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B638E6A7-07EC-4C65-A0B6-7CD5027E9C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6C7DF3F-F2FB-4E40-B2F3-9D90003D05E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BF580D28-494D-4B25-820C-678AFF3516B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0B86426-D62C-47DA-A3D2-C006C497D09F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{C2330E40-556F-428D-B588-8993B2007E8C}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.7\icq.exe | 
"{C7F405F9-DB13-4C56-8CF2-CD5325529DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{D4026AF0-DA74-443A-B807-27394A9B3EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{D48AC922-D8F6-48DA-A6E4-1A08446169C5}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe | 
"{D6679AED-ED88-43E5-A29D-D81545F2D38F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{D921B6B6-69F6-4CE6-83B3-D785BCB1B83A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E16AA0ED-9EFD-40A9-B50B-3DE46B6430DF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F1B153E4-E0DD-4C67-A3B4-3CAF2CDEAEF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F499F5F2-2F3E-4F8E-9E3E-55E94F229645}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{F5C13C43-6F56-40A7-AACA-271CD3E57678}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F73A183A-545A-4182-ABE7-AA1D1F67D0C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F911AFBF-E474-46C2-A8B3-371292AB2363}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe | 
"{FC2E0057-A337-4701-9B39-EBA2ED8BE756}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"TCP Query User{13C0712B-55E0-4F6D-89B5-160938AD4AEF}C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CEDCD6B5-3CA5-4BC6-BA48-98243CDCF846}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{E2920E67-445B-4A5B-935A-1805055AE99C}C:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4AF6A6C8-010A-47B0-9EF4-FAE06A7F2041}C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{A80BE48B-1332-4619-A6C4-D4580F24D967}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{EDD0FBEE-272E-4659-940B-486D07BEC9F0}C:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000A570E-F926-4808-956C-A57EE91B75F6}" = NI TDM Streaming 2.4 (64 Bit)
"{00606A59-716C-484A-AE64-5F7E3F23B3BD}" = NI GMP Windows 64-bit Installer 12.0.0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}" = NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
"{0EA4894B-C99B-48E4-976A-94B55CB89239}" = NI MXS 5.3.0 for 64 Bit Windows
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{176468CE-41AB-4A9A-AC38-45A146D39688}" = NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
"{197B80EB-D791-4DA4-9398-B5F029738E22}" = NI System State Publisher (64-bit)
"{1E0A5B20-9D36-4861-BEF8-9B9B4C278218}" = NI TDM Excel Add-In 3.4 64-bit
"{20971CBE-1866-404E-BAA7-62A8FB62CB22}" = OpenAFS for Windows (64-bit)
"{20F3F8E0-7CCF-4A4E-A23C-58B188E87F4F}" = NI System Configuration Runtime 5.3.0 for Windows 64-bit
"{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
"{28324488-BF50-488F-BE40-6ED3CFA40C26}" = NI Variable Engine (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0 x64 Edition
"{32C65538-80DA-41C9-B990-EED4D260B50F}" = NI System API Windows 64-bit 5.3.0
"{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}" = NI Web Application Server 12.0 (64 Bit)
"{41B541B6-3518-4343-8A67-46FF9A4AA1A3}" = NI USI 2.0.0 64-Bit
"{443A416C-BD21-9746-78C4-8139DFAA18B7}" = AMD Media Foundation Decoders
"{45A790D5-C7EB-4BE0-B71A-10C550844AF6}" = NI Portable Configuration for 64 Bit Windows 5.3.0
"{46EF0477-FBC0-47D4-B9B6-81DB345C18E9}" = NI Network Discovery 5.3 for Windows 64-bit
"{49DADDE6-41A1-5A2B-C518-0EBE12261352}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DD08E99-6FC1-4188-9A2E-0AF968279E41}" = NI mDNS Responder 2.1 for Windows 64-bit
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{58A9B4F6-2E67-464A-9F71-95F6D7159702}" = NI Math Kernel Libraries (64-bit)
"{5A59ABAE-5F06-4241-B607-6376C29F9F31}" = NI Logos64 XT Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{774510C7-E6AC-4ECB-ACEF-D5284FED4D0A}" = NI-RPC 4.3.0f0 for 64 Bit Windows
"{79253283-47EB-4A67-9014-0CBEC8AE4D0C}" = NI VC2010MSMs x64
"{7E9984FD-DF5D-D0D9-E552-7872964F00CC}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824088E6-2B7A-4CD3-9835-D2AE8BB55EBF}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}" = NI-ActiveX-Container (64-bit)
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}" = NI Logos 5.4 (64 Bit)
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C10623C-BF56-4D66-8F1F-B2D667E44986}" = NI System Web Server Base 12.0.0 (64-bit)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A7DE0CB6-DE87-4065-9596-5A1E9FED3297}" = NI Assistant Framework 64-bit
"{ACA45A9D-5C68-429F-AE87-0F2917136FCC}" = Unterstützung für NI SSL (64 Bit)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AFE7987B-E282-42CE-AD5A-E333BE31E204}" = NI Curl 12.0.0 (64-bit)
"{B618335B-11D2-4780-B5CE-AA2D111DB693}" = NI Authentication 12.0.0 (64-bit)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{B9293F41-3CB1-4E86-9523-010F8ACB782D}" = NI Xalan Delay Load 1.10.2 64-bit
"{BD432073-6A5D-4F0F-8952-43B3C21A31C3}" = NI Trace Engine (64-bit)
"{BE2DC247-C185-4EC2-840F-484B46AA1B0E}" = NI MAX Remote Configuration 64-bit Installer 5.3
"{C3D647DC-7317-41F3-A8DB-CC6B98239C6E}" = NI MAX Support for 64 Bit Windows
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D754C95D-A80F-471C-819B-EEEDD07C9B0A}" = NI-Mesa
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DABB1D70-482A-4B92-8B24-052AD650A2B0}" = NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
"{DCEF4AB3-3E07-4517-9A92-9599C903E32B}" = NI DataSocket 5.0 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}" = NI VC2005MSMs x64
"{E3EB4126-0930-4926-B135-1F85452E7975}" = Math-Kernel-Bibliotheken (64 Bit)
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP0
"{EA8B28A2-D84F-447E-B588-9C255F1EDC0A}" = Solid Edge ST3
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 7/3/2012 9:50:44 AM | Computer Name = Noodlz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 146
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 8/23/2012 4:59:24 AM | Computer Name = Noodlz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54183
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 3/19/2013 2:04:08 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1058
 
Error - 3/19/2013 2:04:33 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 3/19/2013 2:04:33 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 3/19/2013 2:15:13 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1058
 
Error - 3/19/2013 2:15:34 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 3/19/2013 2:15:34 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
 
< End of report >
         

Alt 20.03.2013, 12:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2013, 19:20   #13
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Malwarebites
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Noodlz :: NOODLZ-PC [Administrator]

20.03.2013 13:17:02
mbam-log-2013-03-20 (13-17-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 260602
Laufzeit: 3 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Hab den Log von Eset leider mit dem Ordner zusammen gelöscht..
Hat aber nichts gefunden.

Falls es das jetzt war erstmal vielen Dank! Ich weiß nicht was ich ohne deine Hilfe gamacht hätte!

Hab nur noch ein paar kleine Fragen:

- Wie siehts aus mit meinen Passwörtern? Sollte ich die ändern?

- Was war das für ein Virus? Kann man das sagen?

- In meiner Systemsteuerung sind immer noch fast keine Programme, ist das egal, also soll ich dann einfach gegebenenfalls über die Setup-Dateien deinstallieren und das sonst ignorieren, oder gibt es da noch Probleme mit?

Vielen Dank nochmal!

Alt 20.03.2013, 23:04   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Zitat:
- Wie siehts aus mit meinen Passwörtern? Sollte ich die ändern?
Dazu später mehr

Zitat:
- Was war das für ein Virus? Kann man das sagen?
Steht in den Logs genau, wir haben eiges an Müll entfernt

Zitat:
- In meiner Systemsteuerung sind immer noch fast keine Programme, ist das egal, also soll ich dann einfach gegebenenfalls über die Setup-Dateien deinstallieren und das sonst ignorieren, oder gibt es da noch Probleme mit?
Kann ich so nichts mit anfangen, ich versteh nicht genau was für ein direktes Problem sich aus deiner Sicht daraus ergeben soll

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 13:14   #15
Noodlz
 
Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Standard

Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?



Ich hab mir mal das zu den Hosts files durchgelesen, und so wie ich das verstanden habe muss ich dazu DNS Client Service deaktivieren, ich benutze aber viele Netzwerkverbindungen und benutze meinen Rechner auch auf der Arbeit im Netzwerk, deshalb traue ich mich nicht da was umzustellen (was ich nicht ganz versteh).
Aber wenn alle cookies beim beenden des Browsers zu löschen den gleichen Effekt bringt, würde ich wahrscheinlich dazu tendieren.

Wegen den Programmen im "Programme und Funktionen" Menü der Systemsteuerung habe ich eigentlich nur Fragen wollen ob es vielleicht auch ein Zeichen für ein ernsthaftes Problem ist wenn da nichts angezeigt wird, wollte es dir nur sagen weil es eben nicht normal ist.

Außerdem habe ich festgestellt, dass einige Ordneroptionen "von alleine" verstellt wurden, also "Endungen bekannter Dateien ausblenden" und "versteckte Dateien und Ordner ausblenden" wurde angehakt, obwohl ich es abgehakt hatte.

Sonst konnte ich nichts feststellen, habe Office wieder installiert und das läuft auch.

Vielen Dank nochmal!

Antwort

Themen zu Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?
100%, anti-malware, avast, dateien, desktop, down, festgestellt, folge, gelöscht, gmer, installation, keygen, malwarebytes, netzwerkverbindungen, nicht mehr, office, ordner, problem, probleme, programme, rechner, scan, shutdown, systemsteuerung, virus



Ähnliche Themen: Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?


  1. AdwCleaner erkennt Probleme, andere Programme hingegen nicht | Adware eingefangen "Ads by SASA"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2015 (3)
  2. Malware und Adware Befall nach Installation von "StreamTransport"
    Log-Analyse und Auswertung - 16.12.2014 (28)
  3. nach Installation von adobe reader Probleme mit öffnen andere Programme
    Log-Analyse und Auswertung - 22.10.2014 (3)
  4. Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update"
    Log-Analyse und Auswertung - 07.09.2014 (5)
  5. OTL Analyse "Problem: search conduit" nach codec installation
    Log-Analyse und Auswertung - 03.02.2014 (2)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. dosearches.com nach installation von "free m4a to mp3 converter"
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (11)
  8. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  9. "AppsHat", "DeltaToolbar" und div. andere Software nach Download von mcpatcher
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (23)
  10. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  11. DownlaodNSave und andere kleine"Programme"
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (2)
  12. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  13. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  14. G Data Virenfund "printuie.dll" nach Redirect Virus -kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (4)
  15. Auch bei mir Dateien aus "Program Files (x86)" nach dem Hochfahren gelöscht...
    Log-Analyse und Auswertung - 23.08.2011 (19)
  16. Nach dem "Windows diagnostic" virus- alle programme wird nicht angezeigt+ skype funzt. nicht
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (6)
  17. Programme reagieren nicht mehr, nach dem ich Virus "entfernt" habe.
    Log-Analyse und Auswertung - 08.01.2009 (0)

Zum Thema Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? - Hallo, ich habe folgendes Problem: Ich habe auf einer Straming-Seite das Plugin "hdpugin_firefox.exe" herutergeladen und installiert. Das war nicht sehr schlau, das weiß ich jetzt auch. Folgendes ist passiert: - - Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?...
Archiv
Du betrachtest: Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.